Malware Analysis Report

2024-12-07 14:31

Sample ID 241014-vbg2qsyhpr
Target http://skibidi.com
Tags
defense_evasion discovery execution exploit persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://skibidi.com was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery execution exploit persistence spyware stealer

Boot or Logon Autostart Execution: Active Setup

Drops file in Drivers directory

Creates new service(s)

Downloads MZ/PE file

Possible privilege escalation attempt

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Reads user/profile data of web browsers

Unexpected DNS network traffic destination

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Launches sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Runs net.exe

Suspicious use of SetWindowsHookEx

NTFS ADS

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Checks processor information in registry

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Script User-Agent

Modifies registry class

Suspicious behavior: LoadsDriver

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-14 16:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-14 16:48

Reported

2024-10-14 17:13

Platform

win10-20240611-en

Max time kernel

1209s

Max time network

1403s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "http://skibidi.com"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File opened for modification C:\Windows\system32\drivers\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1_extract\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2352826547\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Program Files\HitmanPro\hmpsched.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\hitmanpro37 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 185.228.168.9 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET7138.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET7138.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\Temp2352826547\wa-common.css C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\eula-ja-JP.txt C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\eula-sv-SE.txt C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-fr-CA.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-shared-zh-TW.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j001.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\wa_install_icon.png C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\balloon_safe_annotation.png C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\icon_failed.png C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\mfw-mwb.cab C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-da-DK.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Apps.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\msvcrt.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-hr-HR.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\servicehost.cab C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-tr-TR.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-zh-CN.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-shared-hu-HU.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\eula-pl-PL.txt C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File created C:\Program Files\McAfee\Temp2352826547\wa-utils.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-el-GR.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-es-MX.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-ja-JP.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\uihost.cab C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\eula-hr-HR.txt C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\emsmtp.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-install-it-IT.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\poppins-regular.ttf C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\eula-fr-FR.txt C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2352826547\jslang\wa-res-shared-ru-RU.js C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\msagent\SET69E0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET69E1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6A56.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET6A57.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET7137.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Windows\msagent\SET6A35.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6A88.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\SET7117.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET6A13.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET69E0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A24.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A56.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET6A57.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET6A68.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET7104.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\help\SET7116.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\SET69F1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6A02.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A23.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET6A46.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\INF\SET7137.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET69F1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A35.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET6A46.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET7115.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET7104.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\msagent\SET6A24.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET6A68.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET7115.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\fonts\SET7117.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\SET7116.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A88.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET69E1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6A02.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\HitmanPro_x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1_extract\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB787-2D9B-11D3-9DD0-C423E6542E10}\ = "ISkinSource" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\VERSION\ = "1.1" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8671A8B-E5DD-11CD-836C-0000C0C14E92}\1.0\ = "Sheridan Month/Year/DateCombo" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}\ProxyStubClsid32 C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{643F1353-1D07-11CE-9E52-0000C0554C0A}\1.0\ = "Sheridan Day Control" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 20b41718591edb01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinScrollBar\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinEvent.1 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE5-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriod\Clsid C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{972DE6C1-8B09-11D2-B652-A1FD6CC34260}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsDownloadManager\Clsid C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6549F504-C43A-43F3-B8CD-D077AF0427C8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\ = "ComProcTextures Class" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}\TypeLib\Version = "1.1" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6549F504-C43A-43F3-B8CD-D077AF0427C8}\TypeLib C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 ~ 0009 aa 000a a 000b oh 000c ax 000d b 000e d 000f eh 0010 ey 0011 f 0012 g 0013 hy 0014 uy 0015 iy 0016 k 0017 l 0018 m 0019 n 001a ng 001b nj 001c oe 001d eu 001e ow 001f p 0020 r 0021 s 0022 sh 0023 t 0024 uw 0025 v 0026 w 0027 y 0028 z 0029 zh 002a" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\TypeLib\Version = "1.4" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSButtonBase" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF} C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObject" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6} C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\ = "BonziBUDDY.clsBBPlayer" C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ProxyStubClsid32 C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\fortnite-free-skins-download.apk:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup.exe.trctspi.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe.mhek87e.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A
File created C:\Users\Admin\Downloads\HitmanPro_x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5104 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 5964 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1248 wrote to memory of 4932 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1060 wrote to memory of 1556 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1060 wrote to memory of 1556 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1060 wrote to memory of 1556 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "http://skibidi.com"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.0.5936842\1482037113" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d1090b-72fe-4059-bb11-5251a3329e9d} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 1796 1c4f00ea158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.1.838098341\1193523241" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {980f0cdd-a1fb-4828-aa1c-d2cbaee6285e} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2152 1c4e5070158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.2.223668422\434854397" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8be760d6-d8da-4cde-a6bb-a89a26431995} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2892 1c4f43afa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.3.1976877907\2107286803" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7103238-4b47-4b3c-8b57-3857baf3f695} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3588 1c4e5069958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.4.1111173994\1830578304" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3720 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b435f241-5bda-449c-b0a0-a16cb2ce87d3} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3812 1c4f56ecb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.5.826076449\1487568208" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a91d84-8244-404b-a648-840d63589d69} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 5036 1c4f3a24258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.6.473071150\947250868" -childID 5 -isForBrowser -prefsHandle 4824 -prefMapHandle 4884 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b138b0d-4b4c-428f-858f-cc83033c4d20} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 5176 1c4f3a26f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.7.1108303373\713819358" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0168b2b5-33cf-4a90-b763-fe301bc909c7} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 5216 1c4f71f2f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.8.2081678526\814574727" -childID 7 -isForBrowser -prefsHandle 5140 -prefMapHandle 2652 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86540792-f401-4061-815d-efda052e1740} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 5736 1c4f28cce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.9.1374452804\962951391" -childID 8 -isForBrowser -prefsHandle 5652 -prefMapHandle 5936 -prefsLen 26635 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aecc13f3-d919-4c53-9d88-d9cae13f7ed0} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 5528 1c4e5062e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.10.1490505721\1240861849" -childID 9 -isForBrowser -prefsHandle 9680 -prefMapHandle 9684 -prefsLen 26635 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2472b8cd-67dd-43d2-a268-116e2547693e} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 9672 1c4f2955d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.11.367735825\1979594938" -childID 10 -isForBrowser -prefsHandle 9528 -prefMapHandle 9524 -prefsLen 26635 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ac2239-c084-493a-9ea5-85154692e034} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 9552 1c4f2956058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.12.858032963\1300883542" -childID 11 -isForBrowser -prefsHandle 9252 -prefMapHandle 9256 -prefsLen 26635 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca88163c-4ce8-4eb5-a85b-91ac76df9bd9} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 9240 1c4f2956c58 tab

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b8

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.13.2019465438\1531213602" -childID 12 -isForBrowser -prefsHandle 4028 -prefMapHandle 4580 -prefsLen 27785 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7858ef6c-9b77-46b4-8e70-191e09a9495e} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4528 1c4f4499b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.14.555299203\1095212686" -childID 13 -isForBrowser -prefsHandle 8592 -prefMapHandle 8596 -prefsLen 27785 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a137822d-3b77-4e8c-beb0-33733f72790b} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 8616 1c4f8019c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.15.1850742144\1184892648" -parentBuildID 20221007134813 -prefsHandle 8464 -prefMapHandle 8460 -prefsLen 27785 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3bcbff-af22-448d-a712-bfb6c00b43aa} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 8472 1c4f87ac458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.16.866794467\896160890" -childID 14 -isForBrowser -prefsHandle 7980 -prefMapHandle 7976 -prefsLen 27785 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6555919e-4ad8-4c76-a58e-e17576c629d9} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 8648 1c4f8dcc358 tab

C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe

"C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe"

C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E058H.tmp\fortnite-free-skins-download_P-btZt1.tmp" /SL5="$5047A,1583588,832512,C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.exe"

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1_extract\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b --server-tracking-blob=NGNmNzBlYjNiZjQ0NDFlNDlkYzEyNjE4MGYyNzI5NzU0OGJjNjg4MmFkYWQ3YjYzMDVkMmZmMGI5MDM2MmU3Mzp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInRpbWVzdGFtcCI6IjE3MjgzODUyMTIuMjcxNiIsInVzZXJhZ2VudCI6InB5dGhvbi1yZXF1ZXN0cy8yLjMyLjMiLCJ1dG0iOnt9LCJ1dWlkIjoiOTM2ODdhYTEtN2Q1MS00YTAzLWIxN2UtZTRkYzI1OGI3YjM1In0=

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.86 --initial-client-data=0x308,0x30c,0x310,0x304,0x314,0x707bda24,0x707bda30,0x707bda3c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3720 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241014170317" --session-guid=d57446b6-3cf1-4e47-abd4-9f45e4be6e26 --server-tracking-blob="MTUyMGNhZDEwMmQ1MDg1MzYyOTc3MjYwNDVjZjgyY2VmNDkxY2FmM2EzMjRkOGQwNmFiNDMxZGMyMDY0ZWE1YTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyODM4NTIxMi4yNzE2IiwidXNlcmFnZW50IjoicHl0aG9uLXJlcXVlc3RzLzIuMzIuMyIsInV0bSI6eyJjYW1wYWlnbiI6Im9wZXJhX25ld19iIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiYWlzIn0sInV1aWQiOiI5MzY4N2FhMS03ZDUxLTRhMDMtYjE3ZS1lNGRjMjU4YjdiMzUifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F404000000000000

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS85C716A4\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.86 --initial-client-data=0x304,0x314,0x318,0x2e0,0x31c,0x6fc7da24,0x6fc7da30,0x6fc7da3c

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 872

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2352826547\installer.exe

"C:\Program Files\McAfee\Temp2352826547\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 1288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x12917a0,0x12917ac,0x12917b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe --server-tracking-blob=OTc0MWZlM2RjMWI1YmJiYzU3MjE3ZWU1OWFkYzcwZjRhNjlmYzZmOWRjM2VkNWM4MjhmOTJjMGFmNTQzY2ZkMDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0IiwidGltZXN0YW1wIjoiMTcyODkyNTQ3OC44NDA0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUyLjAuMjc0My4xMTYgU2FmYXJpLzUzNy4zNiBFZGdlLzE1LjE1MDYzIiwidXRtIjp7ImNhbXBhaWduIjoiZGl0IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiaW5ub3ZhIn0sInV1aWQiOiJjNzFjNzEyMi05YTFjLTQ2NWYtYjIxZS1kYmVlMDk3NWZhNTcifQ==

C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0DC98666\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.94 --initial-client-data=0x304,0x308,0x30c,0x2cc,0x310,0x71ef1a74,0x71ef1a80,0x71ef1a8c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x230,0x234,0x238,0xac,0x23c,0xb517a0,0xb517ac,0xb517b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\LDPlayer9_ens_com.dts.freefireth_25567197_ld.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.17.756356338\480942263" -childID 15 -isForBrowser -prefsHandle 4076 -prefMapHandle 8080 -prefsLen 27852 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a6e581-de96-49b6-997a-75cb9d7c3b30} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 8240 1c4f9dd2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.18.872740609\1433461065" -childID 16 -isForBrowser -prefsHandle 8296 -prefMapHandle 8764 -prefsLen 27852 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54b1f8a3-e758-4957-b1b4-7ab22b078c47} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 8932 1c4f9ff4958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.19.903266028\1378264939" -childID 17 -isForBrowser -prefsHandle 8084 -prefMapHandle 8176 -prefsLen 27908 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db3699d-2787-42e1-b7ca-aa42613731ea} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 7988 1c4f9ff9e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.20.944300311\424763410" -childID 18 -isForBrowser -prefsHandle 7600 -prefMapHandle 4240 -prefsLen 27908 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05b79ee1-1c1b-4b5c-9053-103c044d8dd1} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 7524 1c4fbd6ce58 tab

C:\Users\Admin\Downloads\HitmanPro_x64.exe

"C:\Users\Admin\Downloads\HitmanPro_x64.exe"

C:\Program Files\HitmanPro\hmpsched.exe

"C:\Program Files\HitmanPro\hmpsched.exe"

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=67260

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\dnplayer.exe" downloadpackage=com.dts.freefireth|package=com.dts.freefireth

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 skibidi.com udp
US 99.83.138.213:80 skibidi.com tcp
US 99.83.138.213:80 skibidi.com tcp
US 99.83.138.213:443 skibidi.com tcp
US 8.8.8.8:53 213.138.83.99.in-addr.arpa udp
US 8.8.8.8:53 cdn0.dan.com udp
US 8.8.8.8:53 cdn3.dan.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 cdn2.dan.com udp
NL 18.238.243.71:443 cdn2.dan.com tcp
NL 18.238.243.71:443 cdn2.dan.com tcp
NL 108.156.60.41:443 widget.trustpilot.com tcp
NL 108.156.60.41:443 widget.trustpilot.com tcp
NL 18.238.243.20:443 cdn2.dan.com tcp
NL 18.238.243.20:443 cdn2.dan.com tcp
US 8.8.8.8:53 cdn1.dan.com udp
NL 18.238.243.71:443 cdn1.dan.com tcp
NL 18.238.243.71:443 cdn1.dan.com tcp
NL 18.238.243.9:443 cdn1.dan.com tcp
NL 18.238.243.9:443 cdn1.dan.com tcp
NL 18.238.243.20:443 cdn1.dan.com tcp
NL 18.238.243.71:443 cdn1.dan.com tcp
NL 18.238.243.20:443 cdn1.dan.com tcp
NL 18.238.243.9:443 cdn1.dan.com tcp
NL 18.238.243.71:443 cdn1.dan.com tcp
NL 18.238.243.71:443 cdn1.dan.com tcp
US 8.8.8.8:53 71.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 41.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 20.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 9.243.238.18.in-addr.arpa udp
NL 18.238.243.71:443 cdn1.dan.com tcp
NL 18.238.243.71:443 cdn1.dan.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.22.249.225:443 assets.msn.com tcp
GB 2.22.249.225:443 assets.msn.com tcp
GB 2.22.249.225:443 assets.msn.com tcp
GB 2.22.249.225:443 assets.msn.com tcp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
GB 92.123.128.144:443 www.bing.com tcp
US 20.42.73.27:443 browser.events.data.msn.com tcp
US 20.42.73.27:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 225.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.173:443 r.bing.com tcp
GB 92.123.128.173:443 r.bing.com tcp
US 8.8.8.8:53 173.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
US 8.8.8.8:53 158.128.123.92.in-addr.arpa udp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 bonzibuddy.org udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 31.29.187.198.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 167.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 198.187.29.31:80 bonzibuddy.org tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.229.138.52.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
GB 2.22.249.225:443 assets.msn.com tcp
US 20.42.73.27:443 browser.events.data.msn.com tcp
US 20.42.73.27:443 browser.events.data.msn.com tcp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
N/A 127.0.0.1:51988 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:51994 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 43.49.25.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.180.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 17.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
GB 216.58.201.110:443 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 bonzi.link udp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link udp
US 8.8.8.8:53 82.4.106.151.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 d36ee2fcip1434.cloudfront.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 www3.l.google.com udp
GB 172.217.169.78:443 www3.l.google.com udp
GB 172.217.169.78:443 www3.l.google.com tcp
GB 172.217.169.78:443 www3.l.google.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
DE 23.55.161.211:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6nsd.gvt1.com udp
GB 74.125.105.41:443 r4---sn-aigl6nsd.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6nsd.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6nsd.gvt1.com udp
US 8.8.8.8:53 211.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 74.125.105.41:443 r4.sn-aigl6nsd.gvt1.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 172.67.138.185:443 bonzibuddy.tk tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 185.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 142.250.178.3:80 o.pki.goog tcp
US 172.67.138.185:443 bonzibuddy.tk tcp
US 172.67.138.185:443 bonzibuddy.tk tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
GB 142.250.187.227:80 c.pki.goog tcp
US 54.183.3.125:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 8.8.8.8:53 125.3.183.54.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
FI 64.233.162.94:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com tcp
FI 64.233.162.94:443 id.google.com tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 94.162.233.64.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
FI 64.233.162.94:443 id.google.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
GB 142.250.200.38:443 static.doubleclick.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 fortnite-free-skins-download.en.download.it udp
US 172.67.26.92:443 fortnite-free-skins-download.en.download.it tcp
US 8.8.8.8:53 fortnite-free-skins-download.en.download.it udp
US 8.8.8.8:53 fortnite-free-skins-download.en.download.it udp
US 172.67.26.92:443 fortnite-free-skins-download.en.download.it udp
US 8.8.8.8:53 92.26.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.download.it udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 104.22.57.224:443 cdn.download.it tcp
US 8.8.8.8:53 cdn.download.it udp
US 8.8.8.8:53 cdn.download.it udp
US 8.8.8.8:53 www.statcounter.com udp
US 104.20.95.138:443 www.statcounter.com tcp
NL 18.239.83.22:443 cmp.quantcast.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.22.57.224:443 cdn.download.it udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 104.20.95.138:443 www.statcounter.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
NL 18.239.36.97:443 d23sp3kzv1t6m5.cloudfront.net tcp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 224.57.22.104.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 22.83.239.18.in-addr.arpa udp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
NL 18.239.36.97:443 d23sp3kzv1t6m5.cloudfront.net tcp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.95.138:443 c.statcounter.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
BE 74.125.206.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.180.3:443 www.google.co.uk tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 74.125.206.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 97.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.3:443 www.google.co.uk udp
US 8.8.8.8:53 download.it udp
US 172.67.26.92:443 download.it tcp
US 8.8.8.8:53 download.it udp
US 8.8.8.8:53 download.it udp
US 172.67.26.92:443 download.it udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 54.93.131.77:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 77.131.93.54.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 eu.net.opera.com udp
US 8.8.8.8:53 eu.net.opera.com udp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 d2wjbs82sgy8i4.cloudfront.net udp
NL 18.239.63.180:443 d2wjbs82sgy8i4.cloudfront.net tcp
US 8.8.8.8:53 d2wjbs82sgy8i4.cloudfront.net udp
US 8.8.8.8:53 d2wjbs82sgy8i4.cloudfront.net udp
NL 18.239.63.180:443 d2wjbs82sgy8i4.cloudfront.net tcp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 180.63.239.18.in-addr.arpa udp
US 8.8.8.8:53 dl.download.it udp
NL 95.168.168.24:443 dl.download.it tcp
US 8.8.8.8:53 dl.download.it udp
US 8.8.8.8:53 dl.download.it udp
US 8.8.8.8:53 24.168.168.95.in-addr.arpa udp
US 8.8.8.8:53 d1e9165hyidvf5.cloudfront.net udp
GB 3.162.19.32:443 d1e9165hyidvf5.cloudfront.net tcp
US 8.8.8.8:53 32.19.162.3.in-addr.arpa udp
US 104.22.57.224:443 download.it tcp
GB 3.162.19.32:443 d1e9165hyidvf5.cloudfront.net tcp
US 8.8.8.8:53 apk.innodl.com udp
US 104.26.5.251:80 apk.innodl.com tcp
US 8.8.8.8:53 251.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 54.68.233.165:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 165.233.68.54.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.19.117.95:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 95.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 en.download.it udp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 82.145.216.16:443 features.opera-api2.com tcp
US 8.8.8.8:53 117.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 16.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 8.8.8.8:53 cmp.quantcast.com udp
NL 18.239.83.89:443 cmp.quantcast.com tcp
NL 18.239.83.89:443 cmp.quantcast.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.178.3:80 www.gstatic.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 89.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 cmp.inmobi.com udp
NL 18.239.36.97:443 cmp.inmobi.com tcp
NL 18.239.36.97:443 cmp.inmobi.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 104.22.57.224:443 en.download.it tcp
US 104.22.57.224:443 en.download.it tcp
US 8.8.8.8:53 157.117.19.2.in-addr.arpa udp
US 172.67.26.92:443 en.download.it tcp
US 172.67.26.92:443 en.download.it tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 54.93.131.77:443 api.cmp.inmobi.com tcp
DE 54.93.131.77:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 free-fire-gameloop.en.download.it udp
US 104.22.56.224:443 free-fire-gameloop.en.download.it tcp
US 104.22.56.224:443 free-fire-gameloop.en.download.it tcp
US 8.8.8.8:53 224.56.22.104.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.1:443 ep2.adtrafficquality.google tcp
GB 142.250.200.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.46.249:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 54.67.46.249:80 www.bonzi.com tcp
US 54.67.46.249:80 www.bonzi.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 download3.operacdn.com udp
GB 2.22.249.213:443 download3.operacdn.com tcp
US 8.8.8.8:53 249.46.67.54.in-addr.arpa udp
US 8.8.8.8:53 213.249.22.2.in-addr.arpa udp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 autoupdate.opera.com udp
NL 82.145.216.19:443 autoupdate.opera.com tcp
NL 82.145.216.20:443 autoupdate.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.117:443 download.opera.com tcp
NL 185.26.182.118:443 features.opera-api2.com tcp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 118.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 leap.ldplayer.gg udp
GB 163.181.154.239:443 leap.ldplayer.gg tcp
GB 163.181.154.239:443 leap.ldplayer.gg tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.154.237:443 www.ldplayer.net tcp
GB 163.181.154.237:443 www.ldplayer.net tcp
US 8.8.8.8:53 237.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
GB 142.250.179.246:443 play-lh.googleusercontent.com tcp
GB 142.250.179.246:443 play-lh.googleusercontent.com tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 142.250.179.246:443 play-lh.googleusercontent.com tcp
GB 142.250.179.246:443 play-lh.googleusercontent.com tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 8.8.8.8:53 stpd.cloud udp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 104.18.31.49:443 stpd.cloud tcp
US 104.18.31.49:443 stpd.cloud tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 6.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 243.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 49.31.18.104.in-addr.arpa udp
US 8.8.8.8:53 186.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.187.226:443 www.googletagservices.com tcp
GB 142.250.187.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 79.133.176.185:443 apien.ldmnq.com tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 8.8.8.8:53 185.176.133.79.in-addr.arpa udp
GB 163.181.154.243:443 www.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 104.20.95.138:443 c.statcounter.com udp
US 8.8.8.8:53 url.totaladblock.com udp
US 35.224.74.90:443 url.totaladblock.com tcp
US 8.8.8.8:53 url.fortifi.zone udp
US 8.8.8.8:53 url.fortifi.zone udp
US 172.67.26.92:443 free-fire-gameloop.en.download.it udp
US 8.8.8.8:53 90.74.224.35.in-addr.arpa udp
US 8.8.8.8:53 www.totaladblock.com udp
US 34.160.40.40:443 www.totaladblock.com tcp
US 8.8.8.8:53 www.totaladblock.com udp
US 8.8.8.8:53 www.totaladblock.com udp
US 34.160.40.40:443 www.totaladblock.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
NL 108.156.60.63:443 widget.trustpilot.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 40.40.160.34.in-addr.arpa udp
US 8.8.8.8:53 63.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.3:443 id.google.com udp
GB 142.250.180.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 www.hitmanpro.com udp
GB 2.18.63.51:443 www.hitmanpro.com tcp
US 8.8.8.8:53 e131187.b.akamaiedge.net udp
US 8.8.8.8:53 e131187.b.akamaiedge.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 51.63.18.2.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 104.18.32.137:443 sophos-privacy.my.onetrust.com tcp
US 104.18.32.137:443 sophos-privacy.my.onetrust.com tcp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 download.sophos.com udp
US 8.8.8.8:53 e13687.d.akamaiedge.net udp
GB 2.23.221.234:443 e13687.d.akamaiedge.net tcp
US 8.8.8.8:53 234.221.23.2.in-addr.arpa udp
US 8.8.8.8:53 files.surfright.nl udp
US 8.8.8.8:53 scan.hitmanpro.com udp
NL 185.105.204.28:443 files.surfright.nl tcp
NL 52.174.35.5:80 scan.hitmanpro.com tcp
US 8.8.8.8:53 28.204.105.185.in-addr.arpa udp
US 8.8.8.8:53 5.35.174.52.in-addr.arpa udp
US 8.8.8.8:53 remnants.hitmanpro.com udp
NL 23.97.160.56:443 remnants.hitmanpro.com tcp
US 185.228.168.9:53 8.8.8.8.zen.spamhaus.org udp
US 8.8.8.8:53 56.160.97.23.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.2.0.0.0.0.0.0.0.0.9.0.8.a.4.e.9.b.ip6.arpa udp
US 8.8.8.8:53 9.168.228.185.in-addr.arpa udp
US 8.8.8.8:53 hash.hitmanpro.com udp
NL 23.97.160.56:443 hash.hitmanpro.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 79.133.176.185:443 apien.ldmnq.com tcp
US 8.8.8.8:53 scan.hitmanpro.com udp
NL 52.174.35.5:443 scan.hitmanpro.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
NL 23.97.160.56:443 hash.hitmanpro.com tcp
US 8.8.8.8:53 scan.hitmanpro.com udp
NL 52.174.35.5:443 scan.hitmanpro.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 ad.ldplayer.net udp
GB 79.133.176.192:443 ad.ldplayer.net tcp
US 8.8.8.8:53 apien.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 res.ldrescdn.com udp
GB 79.133.176.174:443 apien.ldplayer.net tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 192.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 174.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 79.133.176.192:443 ad.ldplayer.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 res.ldplayer.net udp
GB 79.133.176.235:443 res.ldplayer.net tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 alliance.ldplayer.net udp
GB 79.133.176.181:443 alliance.ldplayer.net tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 163.181.154.239:443 res.ldrescdn.com tcp
GB 79.133.176.185:80 apien.ldmnq.com tcp
GB 79.133.176.185:443 apien.ldmnq.com tcp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 181.176.133.79.in-addr.arpa udp
GB 79.133.176.185:443 apien.ldmnq.com tcp
US 8.8.8.8:53 www.hitmanpro.com udp
GB 2.18.63.58:443 www.hitmanpro.com tcp
GB 2.18.63.58:443 www.hitmanpro.com tcp
US 8.8.8.8:53 58.63.18.2.in-addr.arpa udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
GB 2.18.63.58:443 www.hitmanpro.com tcp
GB 2.18.63.58:443 www.hitmanpro.com tcp
US 8.8.8.8:53 pricingapi.cleverbridge.com udp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 104.16.243.229:443 pricingapi.cleverbridge.com tcp
US 104.16.243.229:443 pricingapi.cleverbridge.com tcp
US 8.8.8.8:53 229.243.16.104.in-addr.arpa udp
GB 2.18.63.58:443 www.hitmanpro.com tcp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 104.16.243.229:443 pricingapi.cleverbridge.com tcp
US 104.16.243.229:443 pricingapi.cleverbridge.com tcp

Files

memory/5056-17-0x000001A3F1B30000-0x000001A3F1B40000-memory.dmp

memory/5056-0-0x000001A3F1A20000-0x000001A3F1A30000-memory.dmp

memory/5056-35-0x000001A3EEEC0000-0x000001A3EEEC2000-memory.dmp

memory/1100-45-0x0000029A74F00000-0x0000029A75000000-memory.dmp

memory/5104-57-0x00000278918C0000-0x00000278918C2000-memory.dmp

memory/5104-59-0x00000278918E0000-0x00000278918E2000-memory.dmp

memory/5104-54-0x0000027891890000-0x0000027891892000-memory.dmp

memory/5104-63-0x0000027892100000-0x0000027892200000-memory.dmp

memory/5104-119-0x0000027892100000-0x0000027892200000-memory.dmp

memory/5104-135-0x00000278A3970000-0x00000278A3A70000-memory.dmp

memory/5104-137-0x00000278A3120000-0x00000278A3140000-memory.dmp

memory/5104-144-0x00000278A3C30000-0x00000278A3C50000-memory.dmp

memory/5104-170-0x00000278A3C50000-0x00000278A3C70000-memory.dmp

memory/5104-205-0x00000278A3560000-0x00000278A3562000-memory.dmp

memory/5104-207-0x00000278A36D0000-0x00000278A36D2000-memory.dmp

memory/5104-209-0x00000278A36E0000-0x00000278A36E2000-memory.dmp

memory/5104-211-0x00000278A3710000-0x00000278A3712000-memory.dmp

memory/5104-215-0x00000278A3AF0000-0x00000278A3AF2000-memory.dmp

memory/5104-213-0x00000278A3720000-0x00000278A3722000-memory.dmp

memory/5104-221-0x00000278A6CD0000-0x00000278A6CD2000-memory.dmp

memory/5104-219-0x00000278A3FF0000-0x00000278A3FF2000-memory.dmp

memory/5104-223-0x00000278A6CF0000-0x00000278A6CF2000-memory.dmp

memory/5056-285-0x000001A3F8640000-0x000001A3F8641000-memory.dmp

memory/5056-284-0x000001A3F8630000-0x000001A3F8631000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SRU97PSA\favicon-8f8be32076803305bd39913d14e9f28567adc474d60a95af6e0d21282302ce6a[1].ico

MD5 91b5b75e4f52df43982200873c1feef6
SHA1 8a01193959229d10a361d4965e305490544c428c
SHA256 17cae8213bf0fbeae27b644f0616b74981f348af943f27b73abf8e7b3a557b8f
SHA512 8561f92fe9ee36c7576a150e11bf4ae2cf97fd99d8e9ebad1b1d537dfb884444fc40e0161f2f53f250f2d96da628ae04af2c75483e48696e62557f35eca72e76

memory/5104-302-0x0000027891900000-0x0000027891902000-memory.dmp

memory/5104-300-0x00000278917E0000-0x00000278917E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/4660-330-0x0000024C39C00000-0x0000024C39D00000-memory.dmp

memory/4660-344-0x0000024C5ABD0000-0x0000024C5ACD0000-memory.dmp

memory/4660-353-0x0000024C4A060000-0x0000024C4A080000-memory.dmp

memory/4660-364-0x0000024C5AE90000-0x0000024C5AF90000-memory.dmp

memory/4660-375-0x0000024C4B010000-0x0000024C4B030000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\9TCDQSPR\www.msn[1].xml

MD5 57b0864a510cd72be6df5e5b413299e6
SHA1 78ae11d9d61eb3d5fd88b3d53b9be6a47ae046fd
SHA256 800e656a296b71577c3f68e3973028ffcd7840d8b6c25cc9ba6345f289d244e7
SHA512 4e0e511acad46cef0290a2f73183aae20da048a3d2cf484d6eac2e6403205e5dc4b17150195176ce3efdf4b36a9eda44d15a669998c7875e4f32f2d82e029c2b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P3AXIIPE\www.bing[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js

MD5 dc221228e109f89b8b10c48f2678fb46
SHA1 1bfc85cba5c424136941ac1dfd779a563b5beed4
SHA256 f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419
SHA512 46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

MD5 9085e17b6172d9fc7b7373762c3d6e74
SHA1 dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512 b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CRYO0VTZ\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R8OGHIFB\favicon-trans-bg-000-mg[1].ico

MD5 5879b2763fc53367a29f1e64721976db
SHA1 edee687feb0438fbb4fdf6e0b9bc941f2a0c464d
SHA256 b5f794efdee46f6e8759441cfb2bdc36640f50e47cad9f11cea18bed48e6c43b
SHA512 6b04809dad6d927b7c9fe0d674b8e14c9bb374ea069558e53468e33da76be44c8de6221f90f719462bcea90bec1a90ece58a706e440229ec78d81ba9063ad0f1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\oocd_GLJp7OiNEvIPidegylCzYE.br[1].js

MD5 d81d52a7a2de9189891eeb3753aac042
SHA1 057b7068214f3af00ecf73677798979175192062
SHA256 5d59969951587d02ccf8e5b8b08b16f8b8b3110e26dd195cfdbaaaae99674230
SHA512 62a5c49989be283cc69609bedeba3e1a6f5d3a02edfdfda9baaaae7d55edef2fa80fecb22e9f5545b858c308cfa83b21a25768ea3ec93e4d6bc5d74c968bf2a2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\Ti0kaOD9xRltUyrW1UKvcEi37W4.br[1].js

MD5 3944ecfe8cc8046cf832427feb3b9fba
SHA1 ec037c8cb888ea2034bcb3e37bf7ab496b812081
SHA256 d2ec68389884aaf1bf3a9bb2130e898ac0c53d71ecf0d8302270840b9f658472
SHA512 3ffe91b03f1d1f276471f5d85014c66b75416fef27e68cc68edf0c89d7cfa2c56df07b187a8650fa159665ece5f417d909bd56df961ab2d9116f391a07ce59aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\j7QTvC_hnIspQX0jVufvDFJYNV0.br[1].js

MD5 2447b53e9405cd7ab255d826e74a979c
SHA1 7f5ea6a26a0fe6a3d82f6de20aa3dff6200e8e93
SHA256 c8bb6f5a4f3aa74fa0fa502959dfc83aa0cc4f33576b324e51da2bc31f7ed0ba
SHA512 c76df8b537e381cff81c19ab947d0b077a55f841fa64e633f995da66811f944566cf11f4bffe7bb97af015d782672bbbe776f98492b836ebd234c67027787173

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\pULrRpvNB_IVlF00-EcgY1amxmk.br[1].js

MD5 8db6af34e15752fcc8dd1db27883888b
SHA1 22dae88b4aa6e1943a7f4142264ee7c1b60e41fc
SHA256 3207d4044fa2485477eb984fa69e16b67753146bcc319043530c25dc60b9c6ca
SHA512 7d4fe0bcd7fabe09f94ed708ace4548cfb0b9aea33bf33016808a8855a77be39c133b4b4a1a320771c789cfd0b073fff5bcdd37982f26c878bd71bf1024f5709

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

MD5 d6741608ba48e400a406aca7f3464765
SHA1 8961ca85ad82bb701436ffc64642833cfbaff303
SHA256 b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
SHA512 e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

MD5 0c2672dc05a52fbfb8e3bc70271619c2
SHA1 9ede9ad59479db4badb0ba19992620c3174e3e02
SHA256 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39
SHA512 dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\awRIKLY04rWw5wNlVL186SolQSo.br[1].js

MD5 e4fb9b839186660b1f729b8df8c994b4
SHA1 931792cd70ced4ad586f6329c30c294ebea1548e
SHA256 6838611c8ab6539005e11c84ca308158f89a51db57a62caf21faab48bf576177
SHA512 625436bb52cbd7df7ed03be05fea52c5d54b6cc15037d70c268d9598e648a22246db902b9c6f097ba8b18bd924f6ab17120736285d54dce13773237f1669853a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\8LIV7VPMYjV_ya4Ggnu8LBWQIQQ.br[1].js

MD5 d81844c2ebcf5f3260a692e3e89dde7f
SHA1 5a3874fb9f597e42fdd94e5bc5da0a709b70d57a
SHA256 9905f086f3f40ac4b8ec2c9f0752a157ed637b2ffc2c87971e8306d6cb12fe9f
SHA512 8005f3ebd5bc8dc903917df581563595ea3e427f31992260aa4e6ed8bc30095442174ad153a83c378575ffb2de878338b0e87d8cdd57dfdc49e646ca9e4ada77

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

MD5 8898a2f705976d9be01f35a493f9a98f
SHA1 bc69bec33a98575d55fefae8883c8bb636061007
SHA256 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108
SHA512 c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\iY8PAEydb3lbGfuJiuA9ICzXgY8.br[1].js

MD5 341fc0acd15df6d8a064e4c3a896f65d
SHA1 1258fd48a874d80cb635be454f9e4023a0df7c49
SHA256 4bc6635d4d95f9c05a91904b19370a40cc6e4c2ab43661c00615eddadefcf9eb
SHA512 6b552d786e782c36f17bee1a6ae204f1e8c9f85be5eb9adac1793d60b537cad13228cb2d4299949f051e6bc364c2e5a4105de9bbf2885f492edb425cb14ce982

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

MD5 16050baaf39976a33ac9f854d5efdb32
SHA1 94725020efa7d3ee8faed2b7dffc5a4106363b5e
SHA256 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55
SHA512 cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\TA5w4JZB_Bofmi4E2NA9kDEyusQ.br[1].js

MD5 65125851782a676455b556d771d3ac70
SHA1 f201fd1277fc51d53ebb8611cba3eb2c083bb3cd
SHA256 d763f1e7e5ddde8e9c79bce466a9f4fffbd1fe8018e46ae7c75df5fdc29cf8db
SHA512 a2c9f13bd9be96d7fadf43ff1b02ac357767b432e63b80394ac86864ce3f8bf306c5cb52489240540dde87353451eef2d298f840c585670d603c31694c4abd29

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\nc60aT-MXWFDGmlflZLjNBVVxkM.br[1].js

MD5 1c0981ac86e2ea5b7f08f34548af3280
SHA1 57324208ddb3a9e80abd3346607d712c999c2e50
SHA256 00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a
SHA512 0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\2RFgnacsz6nPw9vvxd8AGFyaQr8[1].js

MD5 e849f94cd30ec77987643a0d405e33e4
SHA1 d911609da72ccfa9cfc3dbefc5df00185c9a42bf
SHA256 b39968f3ab3c3867efc7115c77d0239b0a2c505ae87766231bf46e32f7797c43
SHA512 dbc5ef102c16d14a99f090821176b3706ba08d87d1efba817d763af969a10f9058c7aa0ce54d442dc816e84d294b52dc78623416044c1b6efa59a28055b48504

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\R5OIlHZUEYWuNhJa46yx5Wir2pM.br[1].js

MD5 d7365c424e30cb142a85b84c0618d671
SHA1 7212fe88cd0686a381acb1b0583a544ae3ada1b0
SHA256 8fd0225b5f75ee2326adc68a10f5b9fc50c30a45bf4b61c7ee9364103e6102c8
SHA512 26d9a5da2cc591954c6014b4de1826653c9f058e9c8287342d8f0f2c9960bdaf30e1d4f8addf529830327d94c8bca21848a3adaf2846036a5e9c618992b18d5f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\t7vjQF3Su3ZV-EkXGBcNcV5x97o.br[1].js

MD5 6904aba1ce02bb3a01b6550c4bf98a7e
SHA1 858127221daf72534247d665be661a175fad6dd6
SHA256 4492b7ef7f9e30168d8f6410ff6928fcc3019618019116f82b25459b9267b038
SHA512 ebd259047bcded6f925c3184a27d0d197d48b0ee3ebc2c12a27a2c9843b08c551d6dc34c299cd6e4931446f33c1d6bff3f8cdeb018fb6c614671cf43b6497585

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\8aj_I6fSAQ2HauP0CPPAfDwa2j8.br[1].js

MD5 4ff32905762c3a445028e11ed69f04a0
SHA1 809535e72d3dbe00f945893f7581eb3897f4439a
SHA256 336342b76b1eec2f9698dacb5d7d7749148a2036172435cd0c1a80a80a9886e7
SHA512 8b20273037fc33b549b6322d4b6a7623b0e24cf737c8d562e226f3bee2f5ba5a0692569fd0039e296146e9845e4f00ed5f08566980ede5fe449be08ff1f0b79f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\LTCT2zdUcB3ayDDUpC7BI5zxXuE.br[1].js

MD5 480df9ada0ab4f05ef58e5cb2e2392e1
SHA1 5510d9c30128875621b2f587563e7c1d0153f164
SHA256 1c56cffb0e9950e4a61b6955e8708befa2ceca71017838f1fc233e2038b23c2c
SHA512 dae1a6680c0f1dfcac1c2b7b23c459f162d3d00d83548dce37bb86a74d2c04f2ec6b68449631eb53dd176153bdec74086f287b02688ef8d4d977671060709d09

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\HdiojNH85n4iu87NAQvDH5bKMnM.br[1].js

MD5 794184fae3c0890ae4ea642fd8f7fbf8
SHA1 91f8e72f3517d86a28edeb1b476f90fa5f972168
SHA256 00ea5dc006fa84e08d604bf9708135b98138ae0a092bd2c101a912b5efe3fe17
SHA512 3bcbc295c3e482ba7d8d99df3ac396fc1da973745a82dcae8d02270afed54b758d3f2c9811ed3c08e817f78a1a6a73eb5564d05e0c78d8009cf2608d14bb96fc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\QbhTTihqpIpuQBHI4z0cMxYJtFg.br[1].js

MD5 48833dea59bc0b37177ab4c6c233dfbb
SHA1 966780d21ad4544db989e986b2fc3ab70983260c
SHA256 de9cca3cd151b7dd74da15992299c993d91a424083c1efb2a948230e87fecb4b
SHA512 b7e00bd79148657ca517b959c48b4e7e1f70cc7d5ec9b30df5fbd0a7f6e9275f16797c7414cac30fa6972f958d4a64e3ac45dc7d9be8fd517f66d44aa78207ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\srQCAZOtTDmQ8htvHi2-HdIwn_k.br[1].js

MD5 981ec7ee8567f72ccd2767fdb1784704
SHA1 cd3a81738552522d0cec179ac2500f3970a3a092
SHA256 dd932d224b094fa354111092f07e908687d279df62eeb6ee701dcd6dbed7f9f4
SHA512 df3c1a692d7cea2c37b4c4e30403fd9de55eb87c96c0421a9e237d5c5cda41d51c3fb1b89e569eb382c27330996433723f5b9d92f382ed4913a09a57002c9f19

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\s_KB_GYETp6JptI_mOoLcYDN4OY.br[1].js

MD5 4d50983f08b011f80e3b470684d38023
SHA1 d168a6911a65230ac9d9ff267d2133d16c095bde
SHA256 ecaa1db0e1d7b1bdf7cc063c05509d6c745ed5a2685b3b1a325ad9ca418d612d
SHA512 34656b85f2ec00e55702d572ca1967270354dfb37a36bf3983100a29879273fe68f605a336934a216bf5944ad404712ada71409325229ebaf3544ca3b8cc4c0f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\BFQDsdSF9E9Gp0u-xRbmGVfJfe0.br[1].js

MD5 60c8196199a6c715bc20652c09f64e7a
SHA1 fd861e01ba063850704195b35e44db2562ae815e
SHA256 708df52a72db22b1a287439cb9aa3ef2037bb67c8246835e36e673f70695a390
SHA512 7f16a9c7f5e6df6d78fa1d08818580dbcc4c7453db9d095794c730bb0f67e14070369e610b90225acf6961fda6471c7f497d59da0a7fef2f95e8bcc180b63a0d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\WPedHfV8dQrn4qkif5azDZSqmn8.br[1].js

MD5 f5dfb6428494da3c1f195528588587cb
SHA1 7575a1f3dc367b2332d837a46d1dd2748b225c38
SHA256 f45968b3999174976d6fbea229f627f0bda56fd84f8b1924c01da624bfea01e3
SHA512 bb677ee6f22dfe28ca9ebc94a6ea7b5bdfb95288ba246c85c135f083c3af765964dbe5f3a028dca6e8a6396e967f24c2734442432abf00e690f34bc8106dfe9d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\00BXM0d2_RU-uUgNDoDSRVtPaQg.br[1].js

MD5 2e718ad7ea68b5f38e22071f7425a28e
SHA1 186f4214abfb78dd13d92dc41f2203d31adba148
SHA256 55c5976e9b74795795dde440425382500e0abfe25baec51036e92ed8937fe1f6
SHA512 48efe5fb424c31efd70916ad89882f6ef611a865666e10b1b4570c3c34e8ddaf109bf2ff50a0911aeef5effabec3d0b057e92963e0e0490567973a7bef1ac741

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\pYx84E5QxKsDa_GCjDkQj38YO0k.br[1].js

MD5 487d9ac02e3cf57172045869ac3f97a2
SHA1 47c9870beb200a74d274fdf9e98aa2efcd54efbd
SHA256 a97799ff4c48323ad3314a13e6a20a69145d0f8257fdae6882551d6fb6610ea6
SHA512 f13633d84fe8133da9d1823ce418cf42717cbe79176c9c11f4a7dd66905ba1aef571b968bd29d7c7ca91d802b4b36aefdb0c5d715e480215754c5d164eac27cd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\y9cMttd-SwSaYuiqhqk701fxHs0.br[1].js

MD5 142a83c5800451a9731a262400de2419
SHA1 1e5f6598f7f6b43a6f4e1b2a900ce1676e0c024d
SHA256 7d49a33d66c98ab838f9a15d2ff49bbac72c1588d979644fc174116d0afcb852
SHA512 b1d7fa83b4bc787409c088f7cba58acaa031fe3239a7bc139b6d4839ad6c66156e44cdf6f545d7b6b9309b3ebbfa0b17d9f307884f679cb6d2ae11c6935eea2f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\7iVUkp_QNKYQoVs0zBrZVocZL9c.br[1].js

MD5 97915942b6a10d84303c4dacb1504534
SHA1 e0f8113722bf674a19a62486e3bac49411808822
SHA256 a0f0cab751697baa6ebe2474b612fcb9a76dc11f3c3dc1b190b48ea97d7ae6a5
SHA512 973400122d040141fea4bf4d19490c414ca53c39ad02e1b8d0eb06a5faf9b38127bdf36d0f172b0e71002e9f45246aba07949339ceeacb75a6f8e30f0b3281eb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\7LkHIwasTuL6tufzeF3vEaazAxw.br[1].js

MD5 b8f06071ffe625e57bdfd1a21e49c819
SHA1 2559eb20b15847c8b2f56e1d202466ba4c5f9d63
SHA256 9793a56fbe3adbd00486687221bd29bd39952b83c16c06b59b322b06db539a45
SHA512 04d1c6e734890261e5fe4e8898fab2398cf6a0cdb7a6f99b25808bb276c93a158882c0ea73723edbb09ad8aea298682cdc03a79d55f7ff3e9b7d78238a96f4f5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\ehd9DVTDg25XG1HgnAeMa17fMkw.br[1].js

MD5 beb88ed8f5f9a2aaf9e38981609da958
SHA1 44cecb1b5e69cae3c75accd8be11d7cb500b8dcf
SHA256 6c51f791aa6dbfbdf5e8c2803e69f6c18d58d96def088ee770bd92b7cdf8fcdc
SHA512 43cac0046ecd97ca77f6acfc6b997c014f0156e67dcff16493bf43df695c4963bfc4c109c2d75e2259e7022cb315f74aa1ab147049b92e8fcf84d33552da9704

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\aE8OMYmbAbtZuaBhCiFbNjif4c8.br[1].js

MD5 4fb1c5e7b360230bcc9df540edc9e953
SHA1 49a65c2d617a9fa5489a318dca6a7931bd26be1f
SHA256 017a095827f9514495c2c89b425832f5a05482f7de42c6bde34f9a4ea19e094c
SHA512 f2ff4887493008a72b3d68d042b2db5d2013f44c109930a90f5a33c6ed7348448dacfcd4df15cb9692c7c9e3fc9e32bd609a46c14e09cfc158bc07328bd49d1a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\MCwdqGFTwqu20jt3177s57V4wZk.br[1].js

MD5 41e1135d5d4aefe240c4dbd7b71f40dd
SHA1 cd1d7feee9a4202cf3a32172e8c5b081855f3061
SHA256 2e51a8c4ab5b014aeff1eeac9da5a0937f5ca7dcde7f089f88db05460f2c47ca
SHA512 8b43c0246a2a3447dd0fc818a67faf5c76d4bdbae52989c80da3004f032033cd2fd45e484727facea150125766a8c6b9b1094b855b9e1d23495e85d8ae1ce041

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\DUK18cY3cfD0zk-_nBEv4bFX75k.br[1].js

MD5 600aab0f07672850c21b8ad1f208c021
SHA1 1164fe094cff4bebd4a1d307f6083aa13dc2f556
SHA256 be32f8b54035cf1dc8c7eb6e9b7b297262bf16275c97df2988f02084e4843390
SHA512 f6c1195c7dca727848d863d0d653f8ccb814d9a0c2b0481d511bafaa5b2278bb9b7b3d954cd26593a8e277bcce0f0b555457068c4e992eaa011bdc900bb05535

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\Ivjrtaa9JhEJURQVZcs0_qKi1j0.br[1].js

MD5 1393b275fc02e98dd08b99ae54711edb
SHA1 7335dd3a3362c569fad744326398ae52593fe704
SHA256 b16854c988c234faef71a84b6fb8b0fabb88919aa7a4c473f25cb0017937a4ca
SHA512 d86dc4c20d2f5bccceac4c986e91ebca270091959d447ef0ac336f83945f3262ad642ca3415f0168a8717812441b4681fc02d812dc8c87fb3853e59c1ba6a961

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\wdztorm0zepTG5y9h06J4IZsb-U.br[1].js

MD5 0e84fcb6403b13a8458d66ebcf66e53b
SHA1 2621afa6dfb35a0392837505c3cdd0f5bb91e089
SHA256 02b0bd64a0fa50ed4655add6325858ba2bcdc33978dcd9d93f4b3c5eddb05697
SHA512 9fbfd419ecfce55444a4dea65389204e2a19ecc325f31bec3dc27683be29ab94aea1cf2374f0bc252d21a8856324788e146f3cd2e00983c2a312a0fadea724e8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\6juFsmmZTw2skj7CvpgreXtsgqM.br[1].js

MD5 8d8ef449b2b1bc9adb67f33b6e4b2c0f
SHA1 631b24772931a30f4f0c776b34bbcfc5507e2b88
SHA256 ad13abe2c6fd52cf3608fbe4388bfdb14b54c8b7243b1e8d047359ad9023ba70
SHA512 a41d6023e1d29512efe9e4e34d2ff22abb6dd17bdb05f5004df53ff082ef2d90af96c6f8ac39a6f5146b7c6e54ed9add94832f21b8aff27af7de2e223a92e0f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\CuoJ-XSESmq5e-S0atX4JdNgEbQ.br[1].js

MD5 2f0016fc606eeae0bc4b2a3d01e02d7a
SHA1 f4767ce1d5405a2b28543570bc14692fbaa9a998
SHA256 2b0277c292e4a513ca0eba797f9958a9388f49cafd6d2497cf309e9b6370301a
SHA512 0844e67bbd61dc7bd6b1c25ea0ac3ba41b685279b538c8f07b484e2d957acc8c07ccb84ee166284950eac904f3da4a6252a9a4c40f7f60478fc088584a0e2d61

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\gGRPwribt8XPTQXpd2zkMD5o04w.br[1].js

MD5 eb8aa421c5061f7eceb605c499779712
SHA1 fe6d09d2ae127eec408ce082fa5fe295f803e92d
SHA256 bf0522679a5e3b62e1309c7412c183375c1029b4e19c69c07d7f736f587c2b35
SHA512 d6f63a298f18e22c22f477d4d01227e896bc84ff983d60231a1cc15981f59a4bce14c78a3d8a676204e5c68e07275ece5b6684f325095595ef9e1a30a6fe3131

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\aj9VOivqSueJ9SugNuHsiq8s6rw.br[1].js

MD5 ffa6026338be078a92c0242a51f8cb15
SHA1 29f43932e0fa9cb87ff63798e37adff4096f5f81
SHA256 01de69dec68e17743c146e8612fada1cf6a44f359c39fde8b7ab61164bacc6f8
SHA512 365c0da8aa3dc879e5ac4da2338dd50f05b63a4ec4f464b6c09374dc3936743fe24b050732dbed64aee020063bbb110d0f3f1d8d729c395835011875b9285b75

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\X9zPQVZQzKFTYze2B2WNn1LJCS4.br[1].js

MD5 5b3e2fd8e824e69b2e32469c046a35e5
SHA1 ac62b20d73e2fa61030d585deed53e58d03ef74a
SHA256 9077771f70727a1d7007a97feb2a07ce753e90e3d1da19a733e46f36e7910397
SHA512 01fde7361cee5d3ce3093f55bfea0745670004d228934a46064537288f983d26b62869ef969875e091045e6a28eae3ef0d9e59e7de824ed6b76cce52a9fc7625

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\XvPs3zdtm8Xfl-ujR40Xu7FW0LI.br[1].js

MD5 23466624683daff4c2894116c7b9ac6c
SHA1 99b9540b33b694d9eac6fe5d683e6726d72bbd4d
SHA256 0b0ff20d9134242926337f043aa9e12dad809e78273db9b69796f970eba52019
SHA512 15b0064e3f07eb9a7c85a54511cb6095516a3142710d18c942f648f5947e819031a51f7d72067f9e04b1c560e50e9e3cbcc7e3735554eb38ada0a0be2a2367ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\2pI-3yxS71qnL6vzhVIltDQouTg.br[1].js

MD5 12ae5624bf6de63e7f1a62704a827d3f
SHA1 c35379fc87d455ab5f8aeed403f422a24bbad194
SHA256 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543
SHA512 da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\wNhUjm3kl_kvyfrio44J6j1zdYo.br[1].js

MD5 2ac240e28f5c156e62cf65486fc9ca2a
SHA1 1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487
SHA256 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3
SHA512 cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\WjLJz0ZZ3W6qclUa_RsS6VdZFzE.br[1].js

MD5 6deb575ed015ba9f359671380474ef88
SHA1 0f8f36fa0b0cbc56fa091dbd60d918a0c1f2c99a
SHA256 f015ed4a8bf649fbe3333f1b9e3214ab9cd495bbdd6387812ed79039f2ddd394
SHA512 d3ace5a16cba1245128b38ef256ec2420a44c929830540dce0f8539ff45dcf833257a82f132c4316d9acfa907823741ae4146a67c99242b0ee1b1ec9471e40e8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\RvRBoZ5KQDNHwbHfo-_ZBZIoYQo.br[1].js

MD5 718c9d9c2d2a498de3c6953b6347a22f
SHA1 b2f1a5400618972690d509e970cc3abeb72513f4
SHA256 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081
SHA512 ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\lcj8996lLPHohM7LK16sWWtGSzE.br[1].js

MD5 2937c6dcad55e5e4a67945f4f803c7cd
SHA1 27399487b23109021f178841013d476f92b057c6
SHA256 acb0819704ddc4062d6a3b565ba7fe999fef298778b4b56c284e8f1bebf3c9b7
SHA512 2c07163f841a09d2061af35c7183984475247ce50a9000b4b2b0b5240701a64b140eca99853238db08bb94e9b9368bdfffe9e83185eda1745fb02e6f81110d3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\f2tIUlGO-Vx9ewtZM2JDtvorAmk.br[1].js

MD5 3a53ccdee6715ab68cdada74b043d626
SHA1 3cd6e53aebfafe937e6bb5760fa25c53aeb0d5a2
SHA256 75dacdd30b50e24162a626a89636f28fd4851fd6c97ec28a832f2aeff6919a39
SHA512 f33706b9bfdb679cff063affc300dad03b08cb6f5c921487e7dd97882e8c7e3c33034b9c6f0734dfaccd508ca317bfe68ee96ddc9546a2d43b1e3731ff4f75a6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js

MD5 e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA1 d149907e36943abb1a4f1e1889a3e70e9348707b
SHA256 cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
SHA512 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js

MD5 072d0f8c7fdb7655402fb9c592d66e18
SHA1 2e013e24ef2443215c6b184e9dfe180b7e562848
SHA256 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a
SHA512 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\AsdMf7D6KLdP5SQOeuSIZtV8-sA.br[1].js

MD5 43b58b6b14b60581457ef8a405721626
SHA1 fa9da729b92847cc05ad81625b5667f299b75c08
SHA256 cef3b449403a4725a3866768f730e13f1bddec067cc67f306f023de2815a2789
SHA512 4c22ec83b8a81e0716c4ea9c643cfb4c4f9256447a114b7b0e05c0b38bc073f4a0538e2a385e963b3e2634ef34f66050ac2c36801772a345670409be8fd2e829

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\buUaCZ-qbYO2tqBHHU578PNjjZc.br[1].js

MD5 e3c88357b2300e478bb1885eb450beaa
SHA1 a3882b4ead208b7e9092c623b56c567fd5995362
SHA256 def75f204a79082eeae8506874bb8e649e4806fc7be9b4d9d170b2b1a0d7e9f1
SHA512 f3d3c441f65a8d99af138be945efc73d3bc9961afe75f27cc82671bfb463b153e953b3ef6f9d46cfb0025c15a2ed95ae17dfc701fad3de5ecbbfe7bd40e7cf16

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\IEsUJAq41KbrXKW7f2nmdJPCUXs.br[1].js

MD5 a31d65e2f94b0c7671947a653e7f7ec6
SHA1 c21bf708012f948044771dec640b3c2213e75ba1
SHA256 457cbadcfb29fb7fa3650b9580493f71b7e57142178045b6ca0985589d91f2cc
SHA512 701f099603962b86ff543969c1447330ca5a31545fa80339db8bc558a242d740f41cfe4f0fcdb65690f7b2c092bed5b15340c16cc47717de8fb64adc7a4594ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\kFdRGnsF9oNJsnfvt_bKFj-yBxg.gz[1].js

MD5 0794c2ffc9aaf238496bf687a9c68799
SHA1 7938be485611f9d417e84b8c0a74bd3c589e052f
SHA256 805aaa9634639b2eaa912e117219727dfa6e92a63b8b92569c336a9ccde52dee
SHA512 fefbfbd39b9b86d8975d8faab62b50515488e9bf1e21ad72fed9fa93614e10adafc99da77349ead2501b89d422d766adc313b6024bcb9b331ab83a7b99bb135f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\t5vZ9VqTO-Sl4hN969ySbvZgV0g.br[1].js

MD5 6932cd1a76e6959ad4d0f330d6536bb4
SHA1 e2e7160642fe28bd731a1287cfbda07a3b5171b7
SHA256 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666
SHA512 28bd0bb200704fbac0de2d7c3d1c64a38d5567f79bf24b9c9894c7c6a3b80bb69a5c9f0929cf82163c8e8d39cb6667a2ac81dcb4e6d2072cc7fedfb63219e584

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\EUVdjTinS37NjfSnARYo0K9VebI.br[1].js

MD5 7fce09b34ee7381d4daa5158533f3729
SHA1 4b861bb4e501c0c56c0d1f4a4f28b0cb028c4098
SHA256 99b92ffa51304cf3a7e77aa89f4e2cd349fa947b2ceba7ba786794f37554dece
SHA512 fba9cc286fc3836d7ad91c04289bc616218116e95474a31dbe2433a60b463514e673e01253d03e0722fd8d9822bf7acf87535aed30dc0eba5d21f87785938cce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\n7roHZRr1mbNerR9FtbnXOskd84.br[1].js

MD5 98ed2ab2571e3f450ef265f9e506897c
SHA1 79747169dc2d59a689f575879b86109e25a7f4db
SHA256 4c4535af86d197589edaf1f6d9e9cdfec2afca8fa4466e8ad584327d0ec8145d
SHA512 0e752507b9b6cf1da4c622d34e5578aa523f123167f3429b6df24961636c67d6d2cd3d05f6cbf3ab292761e798dad80fdb29682b38bbe0d3a7f4823b2ce944d1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\fWL2xzriHzWjhZXNxQ8Rm3CwUUU.br[1].js

MD5 ca42e3253b64b3e1cc112764fdb38dfa
SHA1 d09178830437f890fde8580c973f5e7049039536
SHA256 75cb5d690846dd621f5794d392600ad61904a928366ddde80f3449ed0d684b9c
SHA512 39dc86d8de9d8fdb4ca9fe8e4824ef35a038892dca766e3c6f0a30eace54fd74a9c2149061a4e54fa7dbff63b5377eea09b6d25eef16104478a2b90e5a746b73

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\Xs0bcRwli50H_9_TOsfurmNnZ64.br[1].js

MD5 1511e1305fbeae4e2826ea0e2fe94e96
SHA1 b1e8f4e08eb188c1ff157375efb8afe5077ec33f
SHA256 e5c67347f550530145ab3d849e51e480fefdbe3bd7bb97b714b19f7012edcfc3
SHA512 ddb65679b2ba30e6e93b0e182f36fdd134926f584745f056a52b1e35467152b0d8d5ff7ef29a8530629efea00f31d54c6e15b518cb859d565062261b4b5b9b52

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

MD5 45345f7e8380393ca0c539ae4cfe32bd
SHA1 292d5f4b184b3ff7178489c01249f37f5ca395a7
SHA256 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9
SHA512 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

MD5 40d38bcf0af2019a1354f6ab7aa2c134
SHA1 7cd3fe33e1ae36d30d104247d6b5f514ced352c2
SHA256 cb2cf713bbce697162fb21727573a47ef024af817dfd242871680bc48c465a36
SHA512 d6e1ff038fbc73b9da0078cbbf4d82c379287f28b4c8f1c26f5f36391d3adf77a166d5dfc3c00bc728bae146ddd0e0d79e71ab87adba227b59d0aaba1bd930fe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

MD5 6875c91796420fa5dfbc71157295fb5b
SHA1 0827826ad6328c897541f5f5304afd65ec5554e2
SHA256 1eeb16bfdbdd68c54c497dbb7444667670bd9e082019ac96ceeb7c534b515066
SHA512 b1938faebf5c98f4ecb4be0c3968835110b1682e8cea02bacfb42483507b685fe9ed82399ac5f148d62d83486714a98a2a18a4632bc2e38ed4f8a8430fb3e1b2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XHM9025Q\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\d2c4jah\imagestore.dat

MD5 e444d703c55a67cbebd06b90496b04d8
SHA1 8756748ed58effff368ecb3d1d89e6ad90198163
SHA256 9361ac93f3fc25b2e34cd6c1424be862b95f217ebae94072961482e2c5e7d7a1
SHA512 ebe3c2a1623c592ae74cd1f4eaa46dbb09c9bc7fd5c687f6c83281bed66df51ba47015cc918a805e8042bd5500a71daaf7b3286d1cfac54f587e121d2b01d753

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SRU97PSA\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\Bonzi[1].zip

MD5 ced45b447c1b57bd09866873ae932e01
SHA1 f07389a358ceec4a8ade8bf8e0411413a610b56f
SHA256 7d1442749c55fa52503524b8565638c502565536e514bedda3a991f82c41f117
SHA512 8e0aaa496c11fce5d722984a8d0fb6c8d59a6e71c2d641f5bc7110f6237c299d400eab1d8f6d99884e3c6a42971e38c16b07e03a0b0676567e4ebffb346e030b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\SU1Y56JD\microsoft.8aa91a5fe4f5d8517ae1[1].js

MD5 1b4bd481201681e6e6609b4e84d91900
SHA1 712b959a52f424694b3fa5b852c3d7adf27bc19d
SHA256 ce3eeed6a430adf998eac68138d70e1d064cc81a54274c00b71a22f6c1e0b2b0
SHA512 e844c8e156b94fdedc70830471a4b8cd095926c0a0e5fa3c2685b34a7efbc8d2bfdd662513f46a2021b92d46289ad25ebe7b54d3885c438ea3d4fb7cfb17e5fe

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\SU1Y56JD\common.5dd7cff85de67632bfd7[1].js

MD5 cd8d2938dfcc295d8d63f9e40e79b3b4
SHA1 08a48c71162cb94c0a4737376c499de1b4666a90
SHA256 881c2664c20a836f6784a1db963fe6f69f5809912ffa0b2d54ecc1361526e922
SHA512 fc252ab5d8444efbc3072b1101c7ce89f91cca35cef475eaa3c28b33dc746aa36b6ac82d1a6d896a975a3e086d8e73882af29392d1235962883bf9e7f0feb590

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\5JE41380\vendors.c47bf4f4981f23895ddb[1].js

MD5 01cd3e668d1acb88b93ab929d450ae63
SHA1 f44e64fd07d828ef0b41a127faf5fc4d0ccb7515
SHA256 76d32a47254928b038acae6e59dbad89eff8d7126eae4391a3a869a3ab6a4eaf
SHA512 b8c1db0645e3aca3e5953724077fa2699216e1f8f780346fba8bbe27f1ec2d8c7bef62dba1a88d3cec8db445418bdc7c3307ac3bf84abfd400d1f1678681e368

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\CZ5OUZM4\otSDKStub[1].js

MD5 d683e952b70d9a2c76d24ff78c1e1380
SHA1 e56b51d8c3eab3969a48b2d668fa1eed770a0411
SHA256 bd2643a9b113b8811e39e676a95c54960b02f31e93d1b634268df3e981867f38
SHA512 d3145f74070b5d197be6f36ec1a70d1307211027b895585567c6d88135652ad60c0002f19a3dd58d532ffc12c96224b99786a3f7838027ed191ac5c07aa94ccc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\QDGCFLQ9\web-worker.440858f9fe4973b6d967[1].js

MD5 3c27e2c5547d9a2776909c6c8da8bff5
SHA1 c347bc4ea26cf2c55475b558ee9d29b739070c87
SHA256 0c1146defd2749d575ddf1f34be4c0c6fe6991de08adcf85555c255df9ede1a8
SHA512 9173de0eb213aa52d84d21bea9697c7abeffd5b8be2085e53478f4821c219f1b133dbaf10a26584405880540643bf0d1bf9e9e7718339da7fc03811c7c8231d9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\CZ5OUZM4\otBannerSdk[1].js

MD5 2c2c1edc088abc81aaec0c432b3c35a9
SHA1 a1a9308cc13c3a97018ca391bac44c3220522ffb
SHA256 77acc5d1e2f17b9111f2b7ae27c0ae6d87ccf3fd88a8d8a48606106ff2253dd9
SHA512 eeee317824b874435a23686de9aeaa85c225cf2f1ad9be8ef20f1b7c5a4e5767c42250a1b1dd378e6773f19cc9f5fa03ca56f8f200dc65df2c2442b2fd6eb489

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\CZ5OUZM4\otTCF[1].js

MD5 77db7e17200d600e83e98a7d6f379f5e
SHA1 49a49444dff7a0da15a246d35d973b60b86c5392
SHA256 8a6ccfbc35513dcb3815d99783af84a354da533ebb5bfbc8d26f65ed87191364
SHA512 ba697d35e50f2adec175459df218d1dcfe9589ae44322f4fdc0ba894a6f77e5e6f0ff56dbabaa0761c5ff6a828379a25bd4da87f58aaa0c20fc3714033873652

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\17b381ba-e807-4bea-b972-578e175e71a0

MD5 ac894c426369005ebb241f5d418f9724
SHA1 1476fcc85457fb6afd45dc35c62cd367822abd6e
SHA256 dd7ba3213ded0bf39f386f4c839350f8200099487362e235f993764766d9052b
SHA512 257b75d85f3c4464f4945f0cd6fdd507e8d3775f09239bf2a0c84f67a0f39b685ac707e0fd2947de8e4b584188649bf0aa4a64ddfe0c44345931a22118ec5c04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\60b78c0b-803c-42cf-8794-e4e23bdb98d8

MD5 dcaa7e182c1aea7fa6f9ed3e5ddea271
SHA1 46ff736b98476867ada4b212088ad27eb7ca8006
SHA256 619b13248a937a1deb6a567986b629b88a68145cb25fa84c4acc87dedcd0c394
SHA512 f31a9a13a17fe61c8a89026cc78a6fbfa669729b99d7400066ef5fe6356fd01c51f02e7573fd21ee2f3da42d700a3fe23c1bb0fffb788b8dd5b31b61ccf02565

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

MD5 e9a6f731bded69cb64b076df1f8ea337
SHA1 9523bfc5796c94d154634a78f4d518e2928865bb
SHA256 ac8c6b3f336fa13feb0412390b48734580caab087b469d5782173f6ed94dc85d
SHA512 280363ebef18411ec1c8ba4e884ca4b9907cbcb31454c036000354fb0e6abb0f4ae784323256df842c60814a4ea18cad631215af876bff6028eba6eca6e16d1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 2d356821dec3ab52617e3f0fe7bb732c
SHA1 640c6671f4883d678fe18266099d31fc1a8793e2
SHA256 bdf2b20db591cef4e5c8ae7d018187839487b2582951bc08c4da94a8124cb525
SHA512 c924ab27a8022860310b24ab37cc6a34e1eaf9675b593f61e54d75f08782dea3b0abbd4b6fbd0efc0d5d14ce30273c3ac61cc63733d6eacc0398b8cec20a9b78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

MD5 e15cce7e8d5490eadf2143eeb5aee560
SHA1 b5e21ffd1efdeae643e36286f18904ff53f04cd8
SHA256 f78358752a3e799b0cd153652fd5d43fb561c99d3a36a0dc8b9be2e0a0f9d644
SHA512 ba2802326b0d6ab59d8455378fe2cad24bf39c8f9d181aaaa92a814ba56e5d5503a4ed1891f05f1050c08f91dd7d99a139797082e962578c8415a79791f3debc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 b0cfd69ee82c33f563f38cf1f8df3d14
SHA1 1d6d0217a62b50938c05fc2f685689e718e1c287
SHA256 fd69f3b65a0be93a201886412e6de564137b7520e16584ba3fd69c5f6ac14edb
SHA512 1e35ff55ebfdd6ee2825dde9f5b9a3fa501efc880e7e184f6d3093658906dce94925eb669db9672aac00e0a7cef87094bc942c606a5ffcd2cce7ff1572a058bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c86477bb8ca45c7f68c8db0577fad800
SHA1 d87be7efdad6f9385549790a038cd02139fccede
SHA256 5b43f7e5c46e841af463d000ec2e27112aafb984b61146bcb4b79af1f547fc71
SHA512 20603793710b98e50ee711a23df59b7af68b7f5d537e1471702b292230d195b706274a3919d6914047757f2e4276053705d38df507a23164217fe4cbb22c7846

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 6a9972774411e06629d1613fe246158d
SHA1 1b138e565c5f5962fa7676b763d4bda4ef802808
SHA256 4392b41c2874c1f9a6430b86ee6d2691a5f0cfddc0988adc299130795c47bed9
SHA512 95832a6c7c3d081b848d3320969c1399e01038fdafe6d783202e90926d0f0da2aee0716f885812b76f4d0aa3f1e2c0f283f1699be0f75c4401c2d4b67b2ae85f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5640a53f6066bf97252037585b556220
SHA1 c27d713636b8e369f8408dc99507f76aea8d24f0
SHA256 5d022bed52399cc4ff559bad4a3e08a8aa923bb09d830bb0dd8c0d96be8dac63
SHA512 44896907753ada53b6fdbf95e2659621c607905b3503595f2c8426195943eafe6bec50aac134ad4afef60714861d5dafcb664a25459a3e1f54e1dd3043a6b677

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\4308

MD5 2ee2faf3e4eaf4c5fbdb3235f2de4299
SHA1 736fa6e8c3796b1de1354cc467b0d42285f9bf4b
SHA256 2f851ffea468df3ed13688cc4de7c3f43dd080e322681067719dc727d986c52b
SHA512 31f15476cd7d753cf9eccab253a16d833d58e6f801f7ace61e5cbf8cbf7b216911f87400a269a1edea41546c8663aa7a0ee040968399ad2261bcd4aca126835e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 07df199b1a059ea33b942b36506ea296
SHA1 0d32a39ab22d6fcceae47e5124fa0d517ff1504b
SHA256 7d09fb4e2e9ec89592b3b643130b5b977a58e221c6337e95d035ec903dc5daf0
SHA512 46f21e09a1304fb456145077adaef84607b1e5321507d8c4d725caeed67d3551771007cb7d60157067b77ee3811f29434f13c5733fbf299c4ae2c8672094e77c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c152f76b9276a3beb5458c4e3953913a
SHA1 6d61b4daf2877c25a118d8037282bf5f4cdfd4f0
SHA256 1ca3ef5a6409dd1670d6ffd5dcbb1e60444dfd2de80ceafb36e20ab3c1c91f21
SHA512 f9c2808389d8fcf5f571a3b17a59472da0891acc6ede465711665ec6aa9a90352f81dbdcd4549cb305001850661e49aff8ef446be88adc4f7cddb449c19dee7c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6034edff9b1cf76ce9964d643c7fa664
SHA1 04104cd1b82fd176d6c3823bc5413b88048da1b0
SHA256 3f70db796137bdbed8bd65d31c7a62ac46031922b1e719b37728456fcc9e0b18
SHA512 282946d289c797207528bf20532f89b0440a33ad4e2a9c4e6313356f082508d36789b02581ad53fddd572c1cd03c7c7ceb60c1cb7d0d348b44f3d0f010b5dc64

C:\Users\Admin\Downloads\SHXHtPay.zip.part

MD5 ec1e844660524560cc47649bf202eb5e
SHA1 061190f0ec9c88c523e790e2bf8388e734d5141e
SHA256 b110a3ebd4df80efc3ab7bc2e07b5e7e173d1e5d3d57708dcab4dc89db3b8957
SHA512 dd6565e02e68cbfcbe3674765894188f87a8bbc081b97f4063992fadda2798839ca64b9d75b0aa0d7ad4cfef364c8c4df34d4f141f457aa044e021154efd34f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6498564a269bb4d3be71cbddd4ab781d
SHA1 633c62730391dbb6b195ddd7a17a4a8634fdf2ec
SHA256 fa7aca2bbb0ce9f9149a88bc0c5e86bcbbc0dfe40ca5feaef9198772eb8c0fb3
SHA512 187ae96306892b15ce520cec894e174947bbe107b9a297395fc9745f97a39c44fd816f11080efadb628ac8cb2902c1cf1ecb295102742f202ec4a97c428566ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a247ae80c72b0691c1456a2b712f2010
SHA1 ac8677c20aaed8a7247d6516e0ee2b493c95f7af
SHA256 c82441ba4fd4e493092e49bb54ccb4894bb2f2eee5e2fbc4a116af33d26d6b21
SHA512 2f0bffd8298ad80714680e49642d0fa63648b7819f3b92194cc06b4dfb7fc604c2f15d8f7924e301756f3192813ccec5f9841d94ba116e7aaa0473f32ffd6a1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 4b5f9824df284534063bb7d25feb479d
SHA1 5bb0a48c5c71c98f65591d629545f0fc475a587e
SHA256 bb8e1ec0850e39279766d75b312dfef37433fcd026d2ae7d22b369b3a9bb408e
SHA512 b4cd11944fc342e7599fccaec49638a6063dc8fbf839f3d52bd36a068cd3a39d051b04ed849c95d583c5c4bbf727dfdbac79b2385cf9eb5fadf92501aa40cd36

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 dd50f62da86d8f819065eee5a9f28a2f
SHA1 29147c89ad58166490e232995d58973fc4b78fb1
SHA256 ebc7878289f86d9d5b01109cff9a2238bebe0372a5bbd6d305e78617a9fe8073
SHA512 f4dfcd28e1a433fde01f5efb6640b55a25164380d2af56f7916b2cab770c28ec03c35aa8e13ce2b11aad6040a048f63a25c83d4436d58a09a53dc2d05e889eae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13338

MD5 2caad7b89c88b251cf5193f7d7fb7b0a
SHA1 e67a6d084fc79b6e9d7f01c056d7f2c0c1520240
SHA256 8b7db46639b686fb0fefd184619cce53c4d53546c5dc5d9219695033851783e6
SHA512 37c96c49a5d6078aafb76d0c948da930b0dce64f3c1783120128b00d1b9b8dc1672ef489c0eb24acd41ab122f08437a7ea76f9460ed762fd2c249cb1b6757712

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 5c2092470283a0efd06aee5414efae1f
SHA1 9e3795065f3243360826ba31126e2eb5e839ce4d
SHA256 f7ec8b9648bcd583c42cf003fc1307df77c5ecc34cb36a23c262788a117ca779
SHA512 31863acefe67fadbad5a6515bb1b2a51aaf4f92bb490dee7b769ef39447c98b96d5cfac8c289af00ccb378d34a858fd2f8accc90c81e48d335eb195fbe42866b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 67ae79d419af60d7b3d5360403ac2a50
SHA1 1e521cb2c9f7da0eb935af12f5e588e00c78c5a1
SHA256 c67cd61548d423ff4656b8a9272dec3d39e51ff7398203eb210ea280449e342f
SHA512 12167071791c2a065853d008f6b326d790a418c9da8969109a738d046d383fe8f7cf53fffa954df85365336ead77b2e3e2c4d1b2335b45a5996fb53b0e5ca9f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\downloads.json

MD5 181243634c1309bedf392b1d8995e480
SHA1 6b12f854666abbe8d8fa66b55d96211874d26dda
SHA256 29075f49e3baa4f4df1a8cf97d76c25c8452aeebd13efff1471399be590a35ee
SHA512 1c234fd8c403ebfd74dfc3b6541bad28aa489bab4f4e90ff41460ac78f9e2e4f7120fe691fa89dc7007ea74aff9e5cba17445b0b5152428e7732b89a1892420d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json

MD5 1c40efd946ef07c08eb489b9882d1e84
SHA1 3d3df8fd3754f59d5420ce7d7c7e012285aca147
SHA256 3f53013fae7f7d2f2d0eff5ed72a675c84e450066f39cac5b8b354000f90ce1d
SHA512 b887dd2e9e6245afe452567e0759dee3555caf65059527db3b0b702c16e8fa093cdfbd1bd1646c877b8be16a7815ddbc7dd16cc54664c235f4cec86973485230

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-10-14_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4

MD5 14e152530b0003973263fd54064ea363
SHA1 98a18c46e4980317a1f795bb0f364f02b7524f06
SHA256 98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199
SHA512 21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 068ace391e3c5399b26cb9edfa9af12f
SHA1 568482d214acf16e2f5522662b7b813679dcd4c7
SHA256 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485
SHA512 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 c3b0a56e48bad8763e93653902fc7ccb
SHA1 d7048dcf310a293eae23932d4e865c44f6817a45
SHA256 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb
SHA512 ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFEC067A43497D7788.TMP

MD5 d3cdb7663712ddb6ef5056c72fe69e86
SHA1 f08bf69934fb2b9ca0aba287c96abe145a69366c
SHA256 3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15
SHA512 c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Bonzi.zip.vhvch1y.partial

MD5 c9e05c9837c424b46b7cb57c30932a51
SHA1 a8760423d7a5b204aafc975836b7ea731bbdb0a2
SHA256 adb408bb068fb0db27313bb3c0e30e1006ef1e16db7241cdf006199c08166a41
SHA512 e095933196ec3fa452957cbee9217ca2a1dde30f44d93acc4874b34f87d4b3f1380546f13b5e4ac0c9c066ee0e60db99e0bc067c37bb7ece70c9dbc50d22c383

C:\Program Files (x86)\BonziBuddy432\MSVBVM60.DLL

MD5 5343a19c618bc515ceb1695586c6c137
SHA1 4dedae8cbde066f31c8e6b52c0baa3f8b1117742
SHA256 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
SHA512 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 de6381f88acd02a6cae9ed64269d5e4a
SHA1 95829cbe2cf00d8af650ea40a0eed1adcc7d1769
SHA256 8c20ddb85c9297023d86077eb62993f7b4ffa593333f87a183d5fb8b47f5ba71
SHA512 54f357bea6c8760eda14eade138da1850755d8904bd3a685a3b25cd8b1ee871fbf771f659e76ec90a7f7de21c768efbb159a03b5e5cb2be8b4b8e9219d101275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 957c77b36893960fb3feea668242a287
SHA1 40d9e48ca08f4860dfb6b42a9db66f612f6b10d2
SHA256 c2952bd0464f56685bcb03adaeed59d618d4c6fe5f00b1ca0919a83858c34ba0
SHA512 43aaa42e450ace006a1c394e2d550e3a3aad4eeb9bd8331c4f32ff34bd76ddb5a88622f9d6bca1227040359281265c36ac03ece776e9407e35c41f2fcc5c431b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e354c17800221ca39d434ae31dc1649a
SHA1 015b2b6dea2b04f629c1c79dff6b9aaf6e7cc659
SHA256 1931af7769add17dd3400a5612b01825cf3495ef6bbf0508587d0a98198399c9
SHA512 71bdd4474c94ee678e7ba198db7bd656c1982b7b3e842ecbd8522762af5207c188bbdeec27d0aa394d71f3a4db3d5d300d53c5213c4194d10eeda6dc7a9e6a38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 376a7f877fb70cfe4803d1536d4afaaf
SHA1 5c9bf48c275241039273006c32e5f8600e8e7426
SHA256 15b005914d0f46eff8a9145c1ade0b74fdabbfd89f0a81146ac6937c7971e546
SHA512 6b692d460c9d4cdad42e09693629ef1b3c78871444edf834973b3e8434556fb29f914bfc589d8fb71cb895f86eea077bdf55cc749bd6fb0d2a60740ff12cabbb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dee669cf0f2fdddd2068c6c78ae0bbc6
SHA1 818f800bdd8192d02358125f32c248370fd15931
SHA256 dd4a0e0381802b9ad3d8347eb9fc754b884699fe0a594ea50e3f801b55219ba4
SHA512 584a8367dc536422b07a359aa9fe43ed77650d11cb39c939cc5c0434783847445eb4b236761c4822c898dde23545eedce54f8d9cf72ba66252891c54e736396d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\SiteSecurityServiceState.txt

MD5 a16c7333db536b8ac6dc2df02951098c
SHA1 bbb2334c39b52e1dcb0ef458b84c20fb49b6742c
SHA256 1d0e43d952b1eb1569308c577c4ed791811a94da0224a69290aee56883130f7d
SHA512 0fe05c3cf8c385802b7723c01dd13e914359bdb92ce6dadd41e65a0aa184f2c04f3a6c49bbb8c1656a172a1bdf67876fc711d9742ac19b3e9a17c5a5dca9c83f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\AlternateServices.txt

MD5 30901dd9788be8e05f0878023adfcf06
SHA1 c69853de659d5ce01f6ea67ea3f9de171dc722ca
SHA256 53d9edcf4f72d269f4a1a950e822f69a4b60756a9b04e5e8ef44152b0696856e
SHA512 7128b3cdf28eb7ef9ab27cc09912727eeb9830eb62219a1e3da29b973b899a2eb9eb829c5d37f50c04274f5f0a89d6a4c7eac364301b2de1f9f95a5d643f1a05

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\5164

MD5 6182bc711280d72d25fb97518ea875f1
SHA1 16f630f42ff24fb03b5b303a2956c6ad513d48f6
SHA256 5b0f67ef072c38f39a5722c45b069584f46f0cde56266f5ae48d84f4a35f9767
SHA512 3a2484694f89517956539e9be995a7d4baf67d6c69de014ac93808880ed112083a8102af79c8447cff0e6c93b2b09ef02f541d99ef1804c335d01599b9203cb1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31861

MD5 2156b930e953164ac74ddd1a679e067e
SHA1 c7721391c1768aa69e1d8c7eb59f3ebc7fc33347
SHA256 125f05c1a65d710f9396285b7db0fbadf62e4bfddacfbc39dd9e8c4833483748
SHA512 17d28579e62e6a40d97fa14504e93ae949b46ed079b32d0906bb75aabb54a2adada13082ed9c49d624f98c31ec9a9f9f00ebcaaac573febb27c4c3dc70f6a04c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\7331

MD5 1b95826b77c4ca1e69d056b2aecc558f
SHA1 a5be67cb7a9854d8ddf9a88d9a45938063423f3d
SHA256 8da26bfa11702f57de39aba614c7ec1bf681ac14c4ed3bf067026723b4d45be8
SHA512 a292a9e25c5026a3a0f0a5c0f172991c4baf409ed649fa1c6b22356aee5f60f5eaa004ce5835cbc777ed619f31d2b391a6bb645d20b58696bfaa373db1699e14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a38775864c0f9aa4fd868bcd5694a8db
SHA1 1b20b3dc33ef92fefb303c92d7470d62bf2bb2a4
SHA256 0fb082a82a3e7cc7e86d5b3f08e826d3f8cd45877c790bd9bd8d2371f849f26f
SHA512 1d51978a3abdd5b95329fce678d23056f153d5337da3cfedf843b15414e4a40caeed9a46dbb41b7a6b6499429a16441409477007d2930409b1fc321741d13a12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\4484

MD5 358d4bf5cee54a2d8e6d9afb12d9a85e
SHA1 10e7b7d1812c7a7ae610af83de7349a69e1b822b
SHA256 7a94abffbddf1f7f9d9358f20d257318b377b436c8a8890cd5a52e9c5ad41ce5
SHA512 75e817bf10178c62c69ccf8749eb7b38dda902c9926f16a364800371e8a334df035909d1973e3a240e0e1347b1e2128c0f32bd6f9232c923c6119a0f0c0f0588

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\2577

MD5 97cf0db1c85d4963d5ee5d6b7b87e483
SHA1 1b7a2dd46eb9ede90f92bfc887f7867248057535
SHA256 3c7bd85fae34d3b3ed72cea3f4c48200305b59528a2a874346312a38fa5e6995
SHA512 2071a8a0c5051cc565205546e87df1f12a8911c465fb7cbbb288913fc7727f0817f26c20dc6531d9eb91e53d94bb25699beef5ddedb1afa85491163da1d98915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\16784

MD5 6f72e1d1e1c0cea9fb3933f7d9f42230
SHA1 a80ee153507397a9b7571928acb6acade1650790
SHA256 dc73442ba2ad6230bb333826cec75862d7ea311f983a3746dd2d07fae6b06734
SHA512 3c49c768df4137962724326f8162cf7970c222d54dc806f1291375bcb01d8ff9ae8c2d4916073c8ba6f4a72c7b2a479be32b12df4c9ff20a8729dc7252a138fd

C:\Users\Admin\Downloads\fortnite-free-skins-download_P-btZt1.Z3JUMPpU.exe.part

MD5 4cef35cb56164e4427c8890cf5cdfd85
SHA1 242815e66819f32d46c37a57ed707030f57ca2c2
SHA256 564b8e327a13c948cea21587245b7b0005f786ea57f62bd602ef4ecec66171c6
SHA512 10d9755fda076e6f363a13bafbd186f7161b434d54165057b06c6ec0f1b8292444bc90cd558048b228be0d5e46ebd3c99ae379bb71c27ee300224d7d9eb1200f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\downloads.json.tmp

MD5 3ed73ba37ccf18127e3dd4257e783d7f
SHA1 541a4af5e48eecf268b4fc48e7ced864585a1bcc
SHA256 e726f7a3e5e7d655e7161942e2e668963ca50001d068cee70ff164f4f12dfb0f
SHA512 2c5db39b949f5a5a361c619c59ce7c9ce88770aebe5843c345e532bf3f9b6c48ccc811763dbcc024670287e0f259f005af18ed841067bf975fefbc4aebc9ad19

C:\Users\Admin\Downloads\OperaSetup.tNwzDCjn.exe.part

MD5 54df8b7c54b53de240c6ec5a9af8973f
SHA1 91511e3bbd16e377221317a00b62c75b3a502981
SHA256 12bcf8101aef4baf2c23c3292269e2616b31b36797bdfa0a2c0c1b7e11d8b07d
SHA512 6138e07bb1dc59239685dbf9f791448188ae04a1ac2d1d792477e20f1b1067cde66179d8bd81331517b99fc5c5ff9f508865f145daf079b1a613b45fae13d4ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9360f19098496ab440344f6772903c47
SHA1 3977d7c5419361cc088a822344c0dd8231972a4f
SHA256 763f2ef3cc314845fdc1230d90c8bf50d73d47257051dfdad478e26c8966db91
SHA512 a4847a4257f73deeec95bbb2136f6a3bb1180bfd80280366760721c14ac4fc5a4c348e2e11d45f0c250f4749b0a4622901092b9696705b4d987a87e0a2d50468

C:\Users\Admin\Downloads\fortnite-free-skins-download.SjP5ReZF.apk.part

MD5 2f18726f2f8d40da56298fd7f385a26f
SHA1 09ed48eb2fa8eb2391c4869723647ec0ea795f5a
SHA256 83d758c1c9dcbaa4c8a8201a8bf39d5b04edd4b2b865c301493f5859fe534e91
SHA512 79ae6e5bc5c04eff8b59ac927410329d0a4d83ab91a8220beb63bd827cf8489ec088cf6f6040172970f01a3ae11aa1b482993331b5ca62f9fedb2b652e6d0efd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b0a3dc712b48ee1025cd311a6233fabc
SHA1 e810aaa847f9779c0153ce343f6e3135c6199dcc
SHA256 825a37db4236d639e050e4f2ce376beb0a68eb09e7bf7c9f5aaf507b1b1b499e
SHA512 ef9447d278b53ce357428a68b674a00c0d87f1e7d4e78d63b7e33d8eb48b38df9bfdd2fe2ccf98d67e7fcfaadcd2df6473dc4ab76fdbce2a3e72738bb4bcaf16

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\mainlogo.png

MD5 384b09cacd77168b340e1f1ae52aa8d3
SHA1 c4d9ef3189b3a2b631dde74361189b9aa40e4e5b
SHA256 a1d7bdf94274fb5f15cfeffc58f8c305a80bca77acff416b4d965a6cc9d71593
SHA512 6539d215feef3902e4924dc9041790df9bb3dfaf539524d5f4b92aa1ca4c179ca49b8d2ea94172e4fbc282cc92328a324902e9a8f09b720d866b105e5dfe9c8d

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\loader.gif

MD5 12d7fd91a06cee2d0e76abe0485036ee
SHA1 2bf1f86cc5f66401876d4e0e68af8181da9366ac
SHA256 a6192b9a3fa5db9917aef72d651b7ad8fd8ccb9b53f3ad99d7c46701d00c78cb
SHA512 17ab033d3518bd6d567f7185a3f1185410669062d5ec0a0b046a3a9e8a82ee8f8adb90b806542c5892fc1c01dd3397ea485ebc86e4d398f754c40daf3c333edb

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\WebAdvisor.png

MD5 4cfff8dc30d353cd3d215fd3a5dbac24
SHA1 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA256 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA512 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\Opera_new.png

MD5 b3a9a687108aa8afed729061f8381aba
SHA1 9b415d9c128a08f62c3aa9ba580d39256711519a
SHA256 194b65c682a76dc04ce9b675c5ace45df2586cc5b76664263170b56af51c8aeb
SHA512 14d10df29a3bb575c40581949d7c00312de08bb42578b7335792c057b83ab2878d44c87042bbdb6ec8ceaf763b4fbd8f080a27866fe92a1baf81c4f06705a0c4

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod0_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1.zip

MD5 c360e8985dbc697ad5479b95dd9961aa
SHA1 71305867c24c347179b5acd0abbdab584c74623f
SHA256 04eb95f7784c97271822351be40df623dc0ed98fb458c3f3ead4a1711bf53133
SHA512 09fb19365f5e3f19d7b2812fc543361ea3e34df2f7fcd5f7a9449e3ddeea8a5f91a48b655a94e33ce626b83a218e17260f12279c61692c4311b9d516f1412580

C:\Users\Admin\AppData\Local\Temp\is-H4U7V.tmp\prod1_extract\OperaSetup.exe

MD5 9bfb889759ff25ee90ae5884c0f56388
SHA1 d36a73fb056d70b2c79fc0fc25132c544acdc9c7
SHA256 e1715b4e01bcaf3c3e14e24e32b53b22b2d1802f3f22f348405f2ab18cbd752a
SHA512 728827719dd77bcefda1f3b0467d4bab86e419116a4e83aed64a68048fa56d46a22b67ca5c130ffbafe02ac5ec11b1a78a474fb97516037c63ff6e9106305236

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410141703172807864.dll

MD5 4b50fe97f7089d1fae0a25e5ad15ecf4
SHA1 b3663c083cecbfbb32191ce568da39a4f4216e8b
SHA256 8942345e35be841fc97ee1c1eda00648e49af780c874a17ed3aa98fcfb455c2e
SHA512 14bc32ad47cf88f4343502fc30c2e72f8f090d1517a64c9a3ab353990289e8b6981d8460fc51001a5b7adf931a68c306ab25c56b91bf81189616e375343a845b

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

MD5 7da8a2c448b0e24f0ac6f895858b1504
SHA1 051b036e288f9778f68670136b919ac7f6fc8b33
SHA256 488bb498918b959fa9bba72cb380a0f0683489336b8f754f2437fd041b13682b
SHA512 2b96a8feb3cd6b9d3e7324fed3595a74c46e1ffaec92f1fd02123d2e1fdbe69ea338956517c52f86c21a6073bfcd680a7c65a0de083bd20b6b9d00a46107fb1e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XHM9025Q\favicon-32x32[1].png

MD5 ee68a08b526f9f223c0a77ca0b1db826
SHA1 ace232139d88086f9971fd80cf85ac84bae2da7a
SHA256 486042f1d958eb079cfc0aea20ae5723d4fc39c4a8550889b9d1b13dbba1fdb5
SHA512 14febc2d48eda65bf039298f411af3ff14e1985ae60a9772bd754b19df69a5faed210043fbb33ca7737f50ade96cfa6cddfdd6ffbc40dccf77f9b0e34315a7e7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\js[1].js

MD5 07ffb1df249c5487792832ea2510aeba
SHA1 f1c3506e977dd8934e19b4d60e5e7599acde308f
SHA256 3f857e372140c1ed98ce4ab2d872a68c59ae07c4dbe49114843a37d763dc4da0
SHA512 07f059d53bc7e1e277227e74d6b368c16009585707e1a567560bee1b6f490a820708ba95c13612035ef2f2ff586e3e85246a2eeade4b6f3181ec7d2e913e75af

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\choice[1].js

MD5 1ff959070c1c7669cc85084f23cf5474
SHA1 d19f1f241d41ada19534c57d46eebc80ac575d86
SHA256 26689e08c0519ae5c5a49c9a80ce9711fcbb88b075734a183654bcc10333e8e7
SHA512 53a82d6b7ea2b8eb65c59ce978f18e234d11d7cf933be0af03524a87d32187a84ec2343a92c9fd3ba9745f237bc693d79ab7fd3eb724f9a9bbd36eca1d48513e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\HhyJU5sn9vOmLxNkIwRSjTVNWLEJ6bQl2xME[1].woff2

MD5 ce970d793efa211d87a1fea6f70870d3
SHA1 8feece87eae950c3804e8ae2c8620a3322c8682d
SHA256 256f08320e4147486c1bd28bf69c6e92d23426ab2c4d7daeccfe5e16c52c50a0
SHA512 495ea4196e286c6355c808be1e926b50e3594fd6fbcb84a14b329f69f373e554b5d46d31697e5bba439cefb349230f41cdfe547512f4518122ed45a154819c57

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\vcd15cbe7772f49c399c6a5babf22c1241717689176015[1].js

MD5 ec18af6d41f6f278b6aed3bdabffa7bc
SHA1 62c9e2cab76b888829f3c5335e91c320b22329ae
SHA256 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
SHA512 669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\cmp2-polyfilled[1].js

MD5 ec29588ae53732429d92230d67227bd3
SHA1 a1ab3152fafcdfa3b9ca88c29c5a1ecd6c3e9b10
SHA256 375ce61ce98125bdb3c07db0d63326bb8b627583ada180907e5b058fdf81a654
SHA512 219f17b66a020d735ec5a8b5e2020e3b5db777ac07f3361552b1bf680565365ee85d5f8ed484b1e62c6a5211b1f47b2e050a1309c9f44cbf8d0dd6f7161b1856

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\counter[1].js

MD5 213b95143600b981518486483a62d7da
SHA1 034e5973746ed418e4ed98049b8aab8fb0c54e6a
SHA256 6d661954657cac563efd4b9aef7ccb60f21bf97d17059dee4f5939abfc3515f0
SHA512 c787c8165514215e03c56ab33dcbdf0e2b3f4cbbd722a37aceae57194a1cd5068e188aec13ea67235eec9363ef9de51aaaeaaab655d836e21ebffc76f3bd7799

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xME[1].woff2

MD5 06b620a23fa223fb235f57d55e09e742
SHA1 c54ad34ee5dfb99802b80714dfff65173cc790d5
SHA256 3830ba0a1c13e1a44b25b86be30bcbc4581a104b2d875aa377bd613477a2e6b4
SHA512 b6070ae9416e1d502374329c9dfba002a1eede5cbfafaa61346ec18242397bd6a9793c3f91cf794c0938b972c73f37d1df2aca68944071578441e037d03a5049

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\dit-supplement[1].js

MD5 276876d719b788b550844730b3851e8e
SHA1 e48eb0fa09d905d1858784de3d54e6303e309c6b
SHA256 18351534209a91b2f82b9d729cd40ec03df685421e7f918abf4da735dc5237c7
SHA512 2d654671c4a81a8a0da3d01c33d5e669f61d9b19f90a72de78cdfbba761a7860da45e62c8b2cea2700907766cb1722669bd3e9550065d4c25df5f20a3a96eb72

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\lazysizes.min[1].js

MD5 fd4f902b789f81baa379b0ba42c21acd
SHA1 9f5c7f1b6e8151ed8d54c24a297b27177b38efb0
SHA256 6e61be2f374a0122510025578940baf7ef8dbbcaf3ecc5f5535cfc81bd1cfd39
SHA512 6d88550e1bddd52e4bef156bd800c97147ae7ba30aa0eb0d0b31815250a119d8c5d165a777b7aa195bb70df2f2dcc159204f6a3e47ef71d24d7861ef58171cf8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\search-header[1].js

MD5 a8911b3362bf5935c0b8942ff31e21d8
SHA1 d1bf600cfb85ea668868c3fce3cbea54f6d80855
SHA256 ec47e6472651559ca723a66ef956e8b17527d80edc59644be04633abf4516786
SHA512 a95aceca86ad4de49687a5b08a2b35cfb0a8c0761cde58d08809e89f293f5aa698aabbaf6031cf78944596a4b0decad3f6c3e95309673d8ca617c7add5d06268

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\geoip[1].json

MD5 c5c0c9220f8918932c3d83202ace5dc4
SHA1 7026f4f5672431cfa396f25a46ef3ebfc9701a29
SHA256 be0225e5f79cc0803899b0a4466dbd541b54c96e903dc8f2da6f23d4da02419b
SHA512 054cda0582bdf7e5dbacdea9789cbaea17a3fd9606ebe386e26d8026d1dcfc04696fb738207e0379cfdc8900de2e99f67e21fa41339ce9997d1a95d97df4a652

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\bootstrap.min[1].js

MD5 61f338f870fcd0ff46362ef109d28533
SHA1 b3c116c65e6f053aaab45e5619a78ec00271a50f
SHA256 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
SHA512 8c2694d03a7721b303959e9fe9d4844129cead2b2e806e85e988a04569da822ec7a0e2ec845d64c312d3e3ec42651810b1336aa542a3e969963b1b2ef65dd444

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\popper.min[1].js

MD5 84415b7368fd6fc764cbe86039ce0626
SHA1 62f238e73348c77eb9e865426a7d1b7de23cbb2d
SHA256 c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
SHA512 8423f7a626064813ea9d7ca974ac4a3d23b304717be6853cc10f356ba3a21971c531e2acf7ff0285b81897ba54bf02265c96f4dcde1bb35a350f399ba2479e17

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\jquery-3.4.1.min[1].js

MD5 220afd743d9e9643852e31a135a9f3ae
SHA1 88523924351bac0b5d560fe0c5781e2556e7693d
SHA256 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
SHA512 6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\dit-logos[1].css

MD5 4904ba798fc6fc64de8844cf9b43668f
SHA1 f6211957dae5164bd2daf40f812312a5ea0bc83e
SHA256 9d35615d83672e5ceb1bf88fb84a9da3a4c243148b10bea4b651f624bac3d674
SHA512 e2d346e832ba71ea6958b7592fa2c15354d3ad1fc4063b14a1db6e50960f077836ca815f1206cc9b298c6a757c605fbd8825da916557b25b76add141f36a10de

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\hover-min[1].css

MD5 766244a6ea3ecb9c1d502e2c03e088cb
SHA1 f4b638b73f95ea6e1937b5ce5792918f9ebd39c4
SHA256 73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d
SHA512 72cc3431ae285c202077f7789d3729a04a33e2762fbe7936d5af1503687677384f02f8db5082ba577b22eff83f1de87076e9eaa96d7c4700892a90fbacbebb5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\main[1].css

MD5 8294a2cb9f5220443c1cfec20f1036df
SHA1 620a179821ab575ad07af4e426b31801bd81dea3
SHA256 c91e06fa9ddd31b7ccf2097169b9334c0626886a2488dc57ff03662a8fee7f34
SHA512 47e076b0d78639778f7ecf49a901d128efeb84152c9bb4fdb5e76460da136101ed25f73663ad46c4d08cb5b3df6a2bfada69b8515146ae4a0c4a3c7e56be9eb7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\bootstrap.min[1].css

MD5 4a06316bf34e208892e55e080848aaee
SHA1 069ae98189b1a33c3eaa923cd8a8ebedb89c8c37
SHA256 e3400e3ea6c68192ead1f3ed3b73ed718742596e653370e25dcbf279dfa4e8ad
SHA512 dd7bd1828b73d5d29620805f11aeb2a79c23fd5681f43aa51c1212d78f4829e3d5ce3454131384ed743518456bb70d1343ff66b36063655793cc6ba23687a552

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\css[1].css

MD5 e481b1dabdde1e42c728916643efedd9
SHA1 861922a2e156d4766d86e1517cab28b1008a7af3
SHA256 814348bb672961b6f4207dfcdb3b032c6dec279f70ca51efaa254abdeccffd70
SHA512 1d79b164432162d001bc2c2237f3de31669c29618d69b56deca374f278e2f6b1bab37cd2ce554401001117bfb5a2b239c226eb6c1e585f1f875ea5b699cc355e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\35117E_0_0[1].woff

MD5 351e9a80bd41ed38f558ae9a8c72d4f6
SHA1 6b46f6f929bde787af78d57107ca5ac08456e0ab
SHA256 c1826c77619422cbfc2d6c86317f35c583411abd2f75de81a7ee8bb309cd9135
SHA512 5317bd8fb5eba7255c6f3d79685eb899cc689b71cc378be45834670e34e4b1fc8c67c00698338643919f7f3b25d718d7adbedb107adb656ea5530963df0db78c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SRU97PSA\free-fire-gameloop-favicon_i[1].ico

MD5 5ad6aae5d08b519be2fa145db82f0343
SHA1 ea565528df01b78b13a864fbf45a94d70121f5f9
SHA256 4e07e9e989909bf3e7f32b23ffc7187f6218c0759f26103fa5e87e96af76c471
SHA512 21105a8dfe3a6414a697d3b7697fcc9793e93c5f956fd8829e98027ce4dae9491ce09006662302f93e0ab2992350590d6efb973d69e9d70e17eff40d64aba4ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\1MTV6XM1\free-fire-gameloop.en.download[1].xml

MD5 cce9ecbce7dd12dd1f74874db66ecfc1
SHA1 1907880a0050a58487558be4958be72c5f8363c3
SHA256 2486a44cbc5bbe4f498ea1ae0b35fb2ea71c1a4a12c227e80e55d5922900dfd9
SHA512 691e0978be7b77b856bb3e86f46adfc7d3692cde29c5dbd5b84f35c1b28d9ea9bb012545e1c9c67a07662afb47a7761917bb655784724d83f512149ebab03c7e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\smart-device[1].js

MD5 6787a8772f5ae99719f785ffd7049c90
SHA1 72c55b5b96dc70417405ca30ac0056eed621f140
SHA256 97ceb2be755727a80c56fdaaa2d5979d25fd570f25005a674707270d6aa79de7
SHA512 63c611fb2bdb4b037e08eb12d55cda09a4ea82595890c5681d0e0b55ca979170e63c51aed87a195c3a75870dd4b9c8b66cf8a09b6a947e4b235b810c06bff793

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\f[1].txt

MD5 313879af745c6ed2fc4032c56dbcd2d3
SHA1 9dfc6d3774b2394ff4e5a6619d49da1b04d91263
SHA256 d28450f820e56a3f4cbbc37f7ba43d77d104858cca6ef6aa326136a1cd938007
SHA512 ad4d2286e7ee2a053fb30225ca8c4ade3d70357144a2201b3767c81a917906a7f48980910ad0e42b8db51873f9687a3a2ea9b95ec0e66d30645c23a6f56b2c69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\ouibounce[1].js

MD5 69718d6898e29117b4e64aff76ab4785
SHA1 35ce7bbad542938fb14075111f5c1bc0fa881b75
SHA256 332a4f3e0e1cc73b6dc796594340d2c5bdd5a6af61f559740e33aae5300c23d3
SHA512 5c86a9816c079302240cb1f586b1e62796b39e0f5225e14b50f06fa222d4c3f05bef5f82cec4112c6c84cc3accb71653a366172934ae44c7764ec545376f9ecd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\ouibounce[1].css

MD5 ba26561c778bb62a6ed42cb5aae598fa
SHA1 e214f2394a19bf9316bc271973708ab3154283d1
SHA256 2e08b5b325fbbd6fbcbaa1deb294125ee425297b994d722bcce1d329d60de2b7
SHA512 0d1be0f97114a2adac8be7403f7e3d866935d1509d6d36a02c9fbc8dee2fe1334c326613a092e118731050f2f5cf4561ba7618d7a415e1cbbf68aa689d65011e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\ajget-download[1].js

MD5 a40e6068c6fe11fcd3b5eb819613b245
SHA1 377baa31b9f5c91bfdb4cfe6cf8f66fe80320313
SHA256 a838a8cab2b7d95c437c8ee698ecefbd5745e7c9709146d473547f5e88ddab59
SHA512 e0889d9a0e1abd835f9e44e82946e6600f282659ab9824c21a5da52d096320aa38e91ed2a3b841df35d97a958422653903273fd92db1bd18014bfb156db49d7a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\jquery.md5[1].js

MD5 f8518e13fbf406f1c4e998580e1fff76
SHA1 58df51a344d8a3f41b891a51a86c2f735aacbf1d
SHA256 4c8ce6c1372920d818248559a28470c6152e5e0be4ca1f45dfb923c34808d21a
SHA512 e10dcd8773404603e96275c30a75a95c2134abbcccdb7c83cd72c8ba0ffbdedd61e3ec034ff09d5883f9fdcd18306e462a470fa5b9fa2c0bd1caeb9307a4a548

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\f[1].txt

MD5 2fe7063ae5312ccb71101273810f1b03
SHA1 d2f5a8708068ea411820b29350f92d4136a01f3f
SHA256 de2cc0bd453b082ee50c0aacccffe976f093b0bce2984879bff3db9aa1eaa157
SHA512 a6edf8da9ebd22d42d00f974a259c9961999a32e456a7aae2bb1e6d21c6efbe9cfcf2dbb4bea6ded44fdc103017abd6a984f2437040418770db6532286d3e879

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2d3eb1f222d8e7d24fced6d1c7512ec5
SHA1 64eaaa9e5c4d19e96a70fb1ebc74f7db7231fc67
SHA256 8c439a7480fefef2054306f45d213b473d7e40a60b8dff000eb607f8762742fd
SHA512 6e081987f482c0a058a1d2887bae1b48e8f3a4a60bfd35b4b0376c6fd9fe0bfafedaa824c1c88b9fad2ddbb0e459fb5eb115eec584a71414b0dfa8b4044b1d68

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\dit-logos[1].woff2

MD5 1495c465f8b66f64094c9d5ff163d6e4
SHA1 0923046c747b5b732ca91013f12e9b00095db260
SHA256 6117060a9640c268607f9f9f26889c1cba88aee1989e9cbb5f4bbb2b0b3c7dc6
SHA512 a624562b546efc5f6ab39aa6a5202d2ef1d44e2d312ed0de6314a04792b323d07ef1c0afd5918d9475125e43b9e7024a376d66daf34b7b24e9e4d55075e183b7

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141703171\additional_file0.tmp

MD5 be22df47dd4205f088dc18c1f4a308d3
SHA1 72acfd7d2461817450aabf2cf42874ab6019a1f7
SHA256 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8
SHA512 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\OperaSetup[1].exe

MD5 b69aa6c0fe5eb60df7b647984ee9689a
SHA1 ecbef87c65ab4b9dc9700a36755d027705064bf9
SHA256 8c6ef4db070903df861aec196bd56a543e8e92fb2017dd103c4bb559419ca952
SHA512 df06917ed9e5f90326aa6929246a401b58c35e7c0a3520abc1b2b74397bf91fb139626f71bb73b0620781f5501741ccec009b853c25c1cad9766632e8e087e26

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410141704428831480.dll

MD5 a0a086eadb30b33d556ace427e6fe3b5
SHA1 ccd76ed307469d0e2ec59a57f4b9ef5f6db42123
SHA256 99ad2bef393791036eb600f35cd5ba5c7d9cdb28676ceb5fb6fbb748515e2f16
SHA512 f2208b5ad4180d7bfb1b6eab3f18f52692505d5fc84ef34118e16659421a099f11fad1ea49233951057bbdfcf173c13d9927fb2ea984629b8fe60cd91c8c14a6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 ce0696a3359504c1b2b5b1135d73b3f3
SHA1 7c42e12ae9c62dff4781546484c3c2f852e09fb4
SHA256 07470a7ca66aa22dbba04696e37cad859f0875a1843898953a606386b33635b3
SHA512 f692eef5d24b95863f20faa73be4a0aac9cc24662239e4fc6dbda4ad01595e3dc2ecd09440690bd6e3b408f287869ad1b340abfabdbb4130d7dd6b9626017141

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

MD5 d2b32d2ca95b09c440db5f37788a3829
SHA1 d0f5f06b9050ee2cc9202e6eae18349ab1257d70
SHA256 6cab004538645353524008c307f897f76a1b46282ea6761cc88fdd4b6fe3e9ca
SHA512 cc091d48ff9abf5add640bfdf99148b466cfded3cafc8451f87cf3723fd4b7f096e4b518216fbf7482f34167dc8deea5de251fe369bccd28ce2bf56b09163a86

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\raty-votable-main[1].js

MD5 4cba79221d3878d9636b541403884b8b
SHA1 313d7421ce343006025b88142e7e1ad0aee62dc4
SHA256 5b79f935e90b63658f207544145a77b0f1eda307bcfc65980d7c9f916965c2ce
SHA512 016ec47f6b10a0eacdeb76806bfe14224a9e2e31d3e5d5666c0c8a376336af0feed53f632feef593433f6f2229fcaabe505023202878ec50d6c1eaf18ce10f27

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\raty-bridge[1].js

MD5 b8e4e3ee3da19ddebb87ba97f12a4bd7
SHA1 00a42adcd03b91a49de513bc5c01800b30689953
SHA256 147bfa7f085b8fc56ba18f988db65946c89bb63a9e3ad4ac0eaf0693c345b61d
SHA512 04e28919b59f7109075462ed87d3c52e4b279b9ecd69065774fdcea75ff8db8c117a027d877538ee007be0005e29d47ac90f7be8d20b7b7b4edf0c43ea96d5ae

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\jquery.raty[1].js

MD5 939ace40c4ed43f70b97d225bb2947a1
SHA1 0f77522c3ca213b4acb75767acb1200815e20d57
SHA256 fb5112588a752ef36a064ece2242fe849bfbb90c333608d4515c4d34bbb81a60
SHA512 8ed317ccb29cf7fe699becb653af720d9fe125b8f69b85d4bdcd1c14cd019989ffe60d4bf9a86f80d6b13537480577f0039c8b2e128b85b879452c9b9b252f8b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\jquery.raty[1].css

MD5 60a1c33ce1776d4caa1850b4b5738801
SHA1 07d6da09233de767fe680a53eae88daa26197694
SHA256 83d31a13cd5e137294047a76fb9f244a98ba7df979f22c492997f7f4916dd3fc
SHA512 0632815cca059782a2134370ee709732f2118294a5d73f8e0c112ef3c4d921ecccb499bb2548dd7794ceb6c546612e51c5c5ab17a19f540022ac613d05a7431d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\raty[1].woff

MD5 d473b273e15ec0c8721cfd464ecab07a
SHA1 b2735a8fa0907916c722a4f022e14078447d9869
SHA256 ce79bee15c8795bb7bee159131318308b432133f4268f2531eb9f2790c95bda5
SHA512 b95dc132c9acfbd6c46746fb5d604deb2ec435e17d99f3a603f1419a6c0d9ff38364e1bae22028c745eb3246b5c732cacc11811bb044c840d9d7cdc8cf43a862

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 ab132892f67130b321a327c0176209c1
SHA1 e201727a4588700ab81966b1fcdc89b1d382d312
SHA256 1449e0d333b54237720f694aec03bf1f2afcd72c5c0e00596f624485e1a8fab5
SHA512 10260986fdb8a369e6eb108d6c5994b05b2c154784da61e66936a03b88d0e2e9365e369ddeeaee829723e80c75d191fcf7831e1c45dd698626c4953c2662db1f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\consent[1].json

MD5 f0a959f37aa8215a9ef7bd2b13878863
SHA1 32737935ff96f2564a47327b10eefb01f284123a
SHA256 6b8cdb1d697a5ddf8dfb2043854e0ad7f04b8ca953e2c0c084c27f72fa9c94b5
SHA512 cadcf6438eac81a04178971b8606f5cfb4c7ceec37907e3e5fb7a2a8e4b28ada5d55dad6a7d163894033bf46cdcd9de5e86ad6aa29c1c8848045aae419f53ad4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\zrt_lookup[1].htm

MD5 34955220f745de9e3fc149297e7741f7
SHA1 c2fcbfa0ccb34c459e75d4878bc67b736ea4dc29
SHA256 ccb6cdaed3b6f76ab7b0cceb5e026eb994139e4b26f8bd90712bb87c04600aef
SHA512 12c3d3d001307bc5c79a01f2b0227310c4d9e8924819bd928f268c567cf310cd152f70e3e19e042b787e4fbf1f353d3f7497aebe0c0e948ef872019f753fb7ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\sodar2[1].js

MD5 3b071d5606cc1cf92ae307f5bdb4e540
SHA1 e191068cc90e5489130489a1cf173fe50bba28b8
SHA256 ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
SHA512 8a1287d7528b2b65d61d6e0a639f2cbe5658afc3edb5e2af9494e8cc876aa6c8060a55d3bd4aa85a0b3b82733e64f7f7a6b4a5f2597fd99fd37136a83a6bbcad

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\-DbLkJJK3YZOSOasYi6rcjkBM_N5vpNI48728xD2bD8[1].js

MD5 9089d76dbbf32efc7c97698772263a04
SHA1 2285108b524f1bf6a36e84ea32193aa9a47cfa4d
SHA256 f836cb90924add864e48e6ac622eab72390133f379be9348e3cef6f310f66c3f
SHA512 ad0fd8f5b73755f93081aa859bff50f5b291b7b07123d2b79ed60727a2fcda51a9d059307a23be567a490f57806179bc85f11e48c76b7b4c1ffac6f281f3ec53

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\maglass-white[1].svg

MD5 a2afce8c63269c7e8a5a3d5c90a88519
SHA1 47cf7b541c27e4d4e3d5afed9d55b288a923fd98
SHA256 38afa88926f69f684e93ac9023338100a57b9424cedf63f7ee73b1202c98eead
SHA512 3f55865b7fb3b6ed27827baced720a9e578328a10095e7bdec07a2be70fd05ed9eedd2f76b3ebba8adfebd293cc459db73d00ce03a0fdd88169bd83d8a34b85e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\maglass-blue[1].svg

MD5 d9512f0f525415f06c2957770acfb9fd
SHA1 219155047825f9a836ace8402b750116f5eaadb8
SHA256 307238fd564ccf483e9503989f781d89c45525f80dec2bb3e80a9ad70fb37ba2
SHA512 b1bf13930cb63fc5b8c67bd09f213c0cfde364c6c2cc961361ec466e41368b8e8e134159689ad5b77c2be234aad132a1150712c95cabc64123b7530e2c11d3fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\delclihan[1].js

MD5 4518fc3f2bc1ddfe2975d1058ef11c3d
SHA1 37276f3f02d077aa845f2e6258d7c381a3405542
SHA256 e8c917831193be87890efb04334f1054f5a4f45d2a62844f51bd6cbe7ba850e2
SHA512 e99d892a665ec550f2d9ab259791b60b27a4106a9bc87655baaf8fce93aa664299f5538a78ec2d71d75cba2f5bd39df838671481b73f20f3218ee16d43fc18b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\ctp[1].css

MD5 70ae06c975d6e4cb0489a7f6403bb88a
SHA1 79f62089d532d314b8fd0df3e502860e2d849074
SHA256 57794c07739dc9ad2f0da3e91e6ca1face6d98e924c438ff97397d2862809e16
SHA512 ef5becce39d4f07b98e2d81fc1cc178330daa53a36a95b3fdb7289d0f064bbb37685ef7a8a33887068bd1c13565688ba9193b28a33c40581bbbef9b61d9b464e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\ctp[1].js

MD5 ed2b9b927fcd5e566929a18bf51f29da
SHA1 429dd995b5ce53a425c66bcbbc5aeb58a1a46bf3
SHA256 d4266bb58364641811aa5071886d1c61e41d8d111edc980bb11393cc3e065d2a
SHA512 94c2cee8e222ab6cdf99e1b64ef022354d6d7a633f9499462e83555b11997dffc85468c248c42d405acbd9a7dabd6a1df328aff70ffaaf955a4016fe08831e4b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\aframe[1].htm

MD5 60d84acd6e798e4050968559dd8936df
SHA1 0c72d9c68482bcb77b32e4f880c2d1c958eaab6a
SHA256 0a258ebf12354210b52b279792cbb42ce268c1faf607978576ba7009515b59d7
SHA512 39aebbac9641a0fe9c9648e1a8bd28bba4cceab35e51355920d2cecb6ccfbf4798c35e1b71fa34c299b46394444ed77a0797d12f3c5b3b93dfa63d044f8a281c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\runner[1].htm

MD5 d1f231b50b152372a6c3100f4aed1973
SHA1 1bf10951be06da03d1371a904e19c0419f2a3637
SHA256 9dec95894af322b087ab6e87f9c8ce66d849646cf33b375d33c957f4569ed081
SHA512 00093b7fc4affa2d2230622f5d7da69730246b74620ad4de30ac64e41fb9ac927afd2ab426034d71dc85a3dfee9a46e73df48da7e2636a54579ea9aaac4caff6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\f[3].txt

MD5 107a44135a51cfafa2731e2abe82d6b4
SHA1 11dacd433b837ef4c31a320c1d0a665f0719c397
SHA256 a55c75bd2fc9ac0f23b11d52c31412fd07508bfc11128827e06ee9dd62dca7b7
SHA512 941d426a91781d43ef5aa48ae28c75196ec951adb6985929319ecee3f4663f89b0d6124eda17f6aa257fc0d1cba80bb5cdebe1a7ef19d59a150cfc16173d68a7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\f[2].txt

MD5 7af883ff0f217bb30b186cdbe16a6b9a
SHA1 ff4484ce5ffbe75672a9d26353111a9f21d7fc55
SHA256 2a2473623b8541529d038b10b49f6ac263410a7482c16c7b4cf75049d578b1ae
SHA512 94881c47cf43626b2943ab472638be2f54d296c4333cc4dbf81999feb8990d67978739df2564ce19ad3106fb5c2cea694b79da4584495ff25b458c1bb9b5859f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CRYO0VTZ\favicon[2].ico

MD5 a0c760136e1b6f7633a3582f734c53eb
SHA1 00176cd4ab6423fb4673ad856e79447b93dd05fe
SHA256 c7eb5447c806948853f817df7f8a1871a8707987d5606e39b145d69f7dc29cd1
SHA512 b5f9d0e6fc9346ac34a87fc5cb42bf375a0e2d58eff5fb53dfae4a1e576940cb2f57f921be390bb66b5ebc7b174b9d88d8519a27773624f1dabc960e077ecf65

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\cmp-stub[1].js

MD5 de37e8e7c0a8b5bb2ef13c41bc93a023
SHA1 a053ca11f4ff372c6947879ed13d18690dd00267
SHA256 30ecc4cd36aa5d13b26bfdf89c9b0c41af9a3311985c0c878bcc687b9f55986a
SHA512 fd0a25d72ca2f41461fc5035fd82f0eca8347fb8d60de7b3fba16b74bd333968b2441b1d34d116f7d2c6787cfc7478e0f066397e33f460c86b9c8e90ed91d715

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\adMsg[1].js

MD5 78374eb26788ee2dfdc4507619d0db44
SHA1 82a0de52fe225de43a7d692aabb249d2499a50de
SHA256 dbdfecc2b70677db1a00a7e115a79cc1a0e89c06593b1ae0a63128774d2ea9c8
SHA512 a3fb44d847a1b6a44e6fb26df0aff286e4ed58c1f4daded28ae78516851923e18ebf8a641a5a5f3ac6c7a56e0679943484a9c32ccbafe43345e8ce486d627125

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\stpdwrapper[1].js

MD5 a7733f7b31129b950371130c8746e213
SHA1 4fc181c958159eb00d337c988eb0bee55a0bf8e3
SHA256 90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133
SHA512 213f263ef0de0353e3310791737cd8de807b53462bc7eeaf3bb19334a31fdd9f1fa78abc9ac984d2fa0046d147c8617d8a11aa2e94e47c02b949d05c37f21fd8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\cmp-v1[1].js

MD5 1d6b84d4082459072318eb72ad1770fa
SHA1 822c5cb66b725a94244d0ffc608b6560187a734b
SHA256 603dd66e3cff1bfce0f397dcb657550136bee1424695c4fff19ac6d4bc8aabec
SHA512 814bdf0ce3eb3c76f1638d48841d030db49b1b365cac3921f0fa29f57388df2d134e31c4304a09e4ab1b06295f984c0c01c4f4994a6967fd18c62b15c42dea3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\94af347[1].js

MD5 532cae2cfdadbdf5c7ab83071b02bc5a
SHA1 46fa0b45454c3bd3d22f7a131f785b0aad95bd69
SHA256 21b437378348c1762b2b97f747f961185ca88b44e1ef14b18ca78b98aff58093
SHA512 5ef1e926b5d95ab619acb31734f31aec219d313e872355349a46e931e15894c2e0cd9659bd4a21e483c170279464b5fa2cff4e4792002ff20bd97b82a23dd092

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\e13cbcf[1].js

MD5 76affa99b737b34dcce1cb681cfeaf2b
SHA1 8bd0ef82c641f783d191dff57c4ed1924bc77aa7
SHA256 36a8b591887a335592af7dbec0945e013381c7be379c800d8ed0aa41ab376853
SHA512 db21853ca20d3e6322ead50a85a30bc12f7817a1c624445ce42cab93f8dc2e367cbe3cd467e54dbec4d50eb4805e92958418acebefda0ece48d017212fc6c27c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\6f2e593[1].js

MD5 f5ab9367d9e69a2036805e725340592d
SHA1 bea098c6a3a547291c4b246dd58b8bdf2f07b8ab
SHA256 11714687f0ac7b637c25a32e9834a7f3d2db99a1bb4847332e206db3af158659
SHA512 8cd311d79a2e8b1c35fda5b82b2a7da526480d897c57ed03435f6282aa03c09145ca2e02a28e81999716e3ace203a0c0e0a4d955a8d9f40b119127626b744d20

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\f05c90e[1].js

MD5 2455c162b69c581aac02a1f2b690b412
SHA1 0f007c75c13fa6e300336f917cc78bc7761e748a
SHA256 f5f9f7f68881a676e6d38a2b7f82bf53189e024fe7afb6835a876a36dd5c83c5
SHA512 15237b7c33cf2a42fe7e260275a793d5465f716152bf2b17e79c33a7f962dd245c9daf82d9c98faab8caa42f1080d6d6fbf279527a4b819abbc4923fb7904143

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\c18d858[1].js

MD5 235eb5b66c4949a783ebfffe3cb57dd4
SHA1 fbd094d650cfa5e9c25400abd6f81b4609df67fe
SHA256 790a5a1be5c6ac8e38933d7104ecb572aed984528b759e79bb30e36b525fa9d2
SHA512 5b273687d9b511859a6346cee06f71718808b8ae6bc5e13778fc2d815712586bc48d0377861bf05b07ce92681caa5eedc2e128fe4e536d2a89f78389c4d46c51

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\743fc12[1].js

MD5 9390fbe53d16693cb3d70aad1be46334
SHA1 ebf15f51b7b4c50497ae86adaaf59447d80bb6a3
SHA256 2903f25f74861db33481391a26de403f6cc7f5f13a58e85e3616cd4905406f2e
SHA512 f760587c9ecef19e1bceae38bbcf684f05e234b3b0bf2e1dbc4bd9f70e2e42a643d04b4fc9d01a5a13b1888a334e6f9d9843ee90fc08dadebe85f035d45722ed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\f8f31e1[1].js

MD5 8b807dc4cc8de0f1529b3f5015a8f557
SHA1 8a1ae897abe80e68a2447e41476e9ef288ddc7a3
SHA256 f7c5905f783eeab01a8a4a9f4cb44f95be4bdd4ef5182c7719888be32560b60d
SHA512 49f75d5e6e79c160d2c9d6aa925d7469879cbae2328003bd63e725ea364debf63c8452c5dc6ba3a2afe04c0b12749d5e7f02e9822309abf81245bc167fca172e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\2af5e0e[1].js

MD5 54802953774c8ff135a1af939e79c57f
SHA1 701e8d41bb7224e22ca158525ed4355ee6c950e6
SHA256 34e4fcef31588b1e56f39603e63df8201f3f468494b4c84a3ea90e0f27a2ef99
SHA512 c97b54a6b73ca1313ecdfdbe39c1e0a4e56fe61f0cff0ebd71069cacb24ca88c688a37d7cb83c1e560cf83bc7b1669433324e2a1351983b2bde498ddffba0662

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\329aac5[1].js

MD5 207e84e42d254bac5282180134170c99
SHA1 b6576339f7066c7dfd8cf2bf67c635a46c872308
SHA256 6f4ac9ef6fef94c06b66835d928a434a344bddbe02c96e1040b848337b1ffc53
SHA512 32491bdc3dd31e68496ccd5f093e4b7b7688ff196a856dc03f773f9fb9b7b424bb7d9acfb2abbf0dfe00b20edacb8b8b8906f8f02e3c5b96d9f67b88baf0f947

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\c520b82[1].js

MD5 75ffcf20bf9172a0693c6a0ddb7ee2dc
SHA1 76f34355a234cb0b651e43fd9fc6ea8c0c319df4
SHA256 da5fb9c0f40c42d93d1d093b89894a49e0ea017fd02dcb2e588a5dbc6a58ee79
SHA512 afa8278d09b1aa09a1fbddd88aa81847a6c571ce7109f7fb3e6849b2e450dad915effba037bf24173cfb14472959d6952d46493e658308b54399aa2c98ae99d2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\4ae49c3[1].js

MD5 99b83fab76081b6e1314c3b691e78d7a
SHA1 17d54c989965294f0aae2f57f0456134d223af75
SHA256 0299543a1371bca47b002a281d14548435f570ecfab0efae0d46d40ea3c1db3f
SHA512 fcbd8789fd330cf2442ae7ca5bf9e76338f21cef186ce4e06f252bbfc660a6317fb6abfec08daf1d5fa55b133061d3b06d14b1a9e3837f009ab2ec8be2cbdac8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\fcc86b6[1].js

MD5 8619cfb2201c345cc8e0af49d0d6e2a7
SHA1 d5093c7d28893e2e07c59d27fe7f533674021a6e
SHA256 2ea65ae92f8ea5f39346ee80e8ec1833f4bb42505564eae1418ea809ae560eb0
SHA512 816c8efe788dc843730864372e35d1e6603883ad28be4da547f101274b8de4950f2d87bfb9457af9c05d0b2c963b1601fbcff9be139c39a11f70ed6708609c04

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\936f4cf[1].js

MD5 14f65b157ac99b41d1d5f730a8f5001c
SHA1 73f0d8c5ed6320349595863d1fcc5b5ec1168dea
SHA256 c4b27c9234b142614c453a1bfe74f8352473de6d778b9e214ce33f002f8aba85
SHA512 cb59df8d9144a4ba6f9c32f6a088936c58e7dcac3bb1d74ec68849cb72235d13e64cecd661299d66909e62aeac39a259fd024a4f96fae015fb77174424bf7b4c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\9811b80[1].js

MD5 2f1f53b136284f63f9226a916533789b
SHA1 368efd4e550b05ce2fcbf208b009498cb90f974c
SHA256 60dc14f817719e566674db1ee379424c9168fc28d1ac72b8e4c0c3fc05dd5d56
SHA512 ca35f3981681b78bb330a1f46d083395804938ad961107a4accd85c6c02cf46ef1cc8cefa673baea645e13657bca0780a72fa1f742454076022a7db4637b0d46

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\cdb5356[1].js

MD5 9a30f74b2dfa8d96555e38d01bac52da
SHA1 171d0209905e688b08503c26c8fdd877106356e8
SHA256 ef0c0312a0d5473eaf0f4d6cacd0d27fc4689981982e82758da4a942f90dbb08
SHA512 63c44c2c5907c6d1f23c7daee70c58ed6c5f3e3d0e331bc486c98c1bc71542f771f3e40ffe9df8e697c9b5594d59b989e7eba629bf83bec0f5ef46fa72e4f78f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\82b449b[1].js

MD5 b294df73fd59ad5b36e0a3dc288aa811
SHA1 69d7eca9b131ef16db731a59e94772402b9b7879
SHA256 3d31978e86e73ee490df3e6a24fa7d0f142bdb216dc3547ce2c3bfbd39dd3a57
SHA512 1eeabb5152ec74fe3359b3525175cc38b91ed2cae82c5ee4c99ab025786a6d6b7c67ed68122a2929c7d467f92d23953eff9a50b64f76d38d9100ece0f716254d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\b61908b[1].js

MD5 24a1b2bf48e1146924d0ca5ee68d5172
SHA1 c0402feea940ee98f9d41ca3e4e02610aa912b1e
SHA256 c039dd8f97d9cf22fee84aa6125cdb4ef292ad45b31a74264cd36c79e281a65b
SHA512 7060379f73da2df1c0b5b99af4182cc46d56058371d55343fe0ad37821e991d57555d710e8c8147e4fdbd7c1a2405391ecc03b431b7ba8c7c9e9e0f7f2fcf720

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\5597061[1].js

MD5 0edb9ce150fe10773638ab43f907fa00
SHA1 625e22b06e45782025d532cca1a2d9ba13ec49df
SHA256 f58291bc1fb3d58d831657fb431eb5178d3073b03bfb7339585095aee0104c27
SHA512 fa8c8d266a15175b9cc3d5d74eb4d9eb522428dee0b4ceabfba19a8144ec1a6ce08d1b1db41fe5988e3684067d7a1a550c848f8eaac211b78ab6cdfbec2ae547

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\30f4ca2[1].js

MD5 d838fbe6ed4d0bcaec97ff85c1cd2b15
SHA1 2e52e4898d92ba675725cf6c4583a5b26d42453f
SHA256 96eb4a7a2ca06b902ab5dba574590ad945586bd6178441112bb330afbe3b7c08
SHA512 287bf29ee13bac938b4128d121575ac80d32220019547ee71682894cdd225ace614acf80b19304c6e4e0fa77393c12f78cb4d0086df372e1588a75cc66a63765

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\b1e6416[1].js

MD5 71d99e59389e786b9d79128539ec827a
SHA1 3b49042b257a2a856d3bb37e712d247b7d6b259b
SHA256 1b8b1a48f585e71d2bb31a4f48ef99a0909e0a0c7cdad761229cb1ca132b3c05
SHA512 02286e3f532e5dcd61d558172e01529796d6d92828305f12a256f7f4e9786823a492d4a428757945964594a29bd6eee71dd2ce2e8e4d76a3593de9a0f1ef9e91

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\c3e6bfb[1].js

MD5 ca793941c97f449838b4e9e790790dae
SHA1 8701fe08233e66d538b7ffc645b9ae84597fb90d
SHA256 fea4b5c4a542ca04348daa612ba7b9e1f1f50e0a2949202d7f15deddc2e370e9
SHA512 ca98302e48e9356ab2e16f385a7e0366a8b2c691940f8677c9af48774817b88220e377a2f8adec7e6ca7f4987bdda76d0b4f93edb14054f54a19205a16364dcb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\8a6fc82[1].js

MD5 ccf3865335a3618a33584b3c8a7a667e
SHA1 a99bd201e87efd199802dad05314b9f856e9d8e3
SHA256 d1456281bf14c4d6b85ae49a159d74d3a95ffc2a0cfe4506bd0db5ea647f51f1
SHA512 a851a6a840f3c5658ea20daf2554ece5280d67dd5eabdfd9ba8e2af23e87f185e64ac4394c1f08cb40cc51054adf16dc7675d471f49a7006b49f6576f4e273d4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\c14bdd6[1].js

MD5 58e2b051662a9ada311694e4cd604856
SHA1 bdccb09a47c58e08daea04c3062afab36be0a839
SHA256 1781f5655fb76455b4c2e5a75ffa6fa084815c491310b06debe5d73541d566ef
SHA512 e3440b9292561a079cc1b1d5c1758ac5ae6e661f15d6f0ca01a9150e76ac8dee7eabbf59884696e9153442297ba04fe344a1727832ad13e56f86e90916c99ded

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\3db6060[1].js

MD5 db2e6080de203108bcd6ff24d14c2ed0
SHA1 eb0859d23667eb8a14f2b574140c7aec0ae506a4
SHA256 7c35885fc5fd10260b8006bbff38ceef6a94aba2a29ccd18a753242e1366bef0
SHA512 4a2c8ebd8680fdffe959c41d51144812b6d3707f1a00fb108fc210cf43f21d58b8a1ae681417cb71077a05104d71a50a5c022bc14355bc3e1fe70f4c42f08cd1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6WTGQ1GJ\176af8a[1].js

MD5 2df467151afc49ed51f9ef8b4112027a
SHA1 db3f5412665fa3316bc9542a47fdac8d23620ecf
SHA256 3df3b55aa99ab5f74d069248e33ea3e34e8bd2ce36afa50f1054d2d6c130578b
SHA512 e5e1531eda1074354ad1afe2be6e8e5c7022c818b686e7bc873aab44b708bbd9ba7720f6ac5da7f2921a094b42c9042cefa836dc3aa655ffe8d1510133d23b09

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\ae6e404[1].js

MD5 89a9a7c1bfff84f121dbc1aba48cb850
SHA1 f0509f24f132f583649d8d17091e990a19ba59c5
SHA256 eb0bc5a84218f8e1ac562b2a3214096b8ed3ac00e5e4652b9a5b0becc5e02a26
SHA512 55bb09c6b6cdd01d1de9b49eed96d7aba2f4e3e95a62751cdaab63c441c58e587bd281c9489dc670b1f044bd97c4b682f538386c53df65b9b7a01cbca2c3fce5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\ea3d90c[1].js

MD5 d332a90821031273f8bfda1b50352d63
SHA1 4ee6827dcc52cd101715e3e8af7a4575277694e3
SHA256 24233a7878aa43b7f76345fd35dbfb0f00e303098e365ba1702a687c8e10d339
SHA512 a7b77bc5872eb41e5ecd092457d4890309cfa1032abf5bd3e986783fa66ad9ac4d3d21cdba1d6da83ea7232d363bb45697a4bdaf0c5885a52411bc66972d66c6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\17827bb[1].js

MD5 b6a11f293424d72aab1525d348ae0741
SHA1 fb2282fec6ce9792560f2b27324d8af3f43e4434
SHA256 df72a0e8f077bd4395f0f411e9b1217bf2ec5d95a6a98a32aa773707109da6ad
SHA512 f3b9bee50491a9a572b944f6d0bac7a353406a3d7ffb5aded596815eae827ca2e3f27e10a0b056c031ad3576eec61d4313130e09638cbe4580385cec47f1ba88

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\de6cf08[1].js

MD5 06d82bfe795e2dfbd3b78276c26db4e8
SHA1 96f5452203e64fb08d2a55b733a652b19d80c7c2
SHA256 23c7a6a2057149e2ef23dd2046a5cd59302727f6160993007db441001a3abc35
SHA512 4c3daa5c3d8832d928239b6294b019b2aa033f739e11efe2d0899e135b2febe3c6f461d418d0fd39f95d98cc83a4e60c9598f63f36706f070d1c5348b9ffa6eb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2461P2AL\79a45c7[1].js

MD5 fdc280400bd0a23ec1489c69554626f5
SHA1 9906b90a789dd72f2dcfa3e9ba2d5ed0688619f8
SHA256 abbef8ed76247013e572b1d134cd7c75f3b237469226a3398d265095cddbfab5
SHA512 2542dad2f563884dff2284b3ebb61f3e21fa067e40b7e448d7d07cb2c86871c364cdd8557d35e7c7c2232662a3530b1106ba0468692b3e327fb91aedb12bdfac

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\2da8629[1].js

MD5 f0eebc7f70582718278d0eda9c284336
SHA1 053af678a7db8b3aee05cbd81714a65d63517559
SHA256 bf3078dc2631e98b99576ffd2f5a87c53c0862b5c0684737fc3970c72418fa60
SHA512 b07053e61118f6e295c9f6cc32b15d7ff975bed2f24b77b23e1a46f91983f3dfa7f6f367376ef0965b6cbd74643beee08f824e7d0034b8f00e31f96108a424e4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\0a02c4c[1].js

MD5 b6609497567372a41acb91da66a82bdf
SHA1 bd40d56e6f717b1bdb3b54a1c96f7b4e8b200eb5
SHA256 2ffc084cbdc8af180385a247bdf61f3abf6c81eb59c41dcd66e20968e50c73e3
SHA512 c36a83f47a0d90c106cd781f493a30925329ab05bafbdb93260fbd9b3d25339b17c360fd8f286581ef4e58e8374b3c783981537b833f595b6147e3362652120a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\37bbf73[1].js

MD5 42500e1255d857d2c86f9303b31c45a5
SHA1 1e7d7db010fff1ca5129b8777aab74c4b88f5ef1
SHA256 b6d064231a49dfd3ae9faa2fb3cbb148e8bd8b7ac201cccfcc92e4e03d3ccb38
SHA512 da34bbab1b31c235f2a47ca25be9737bb0ac74ad87c8876125d84d5c17e69e12893f756567f7018a35576774b4d16cb7c91a9284803ccc30c5dabd5506102317

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\4d01370[1].js

MD5 5ade3263b652f8fe8947e861d67703e6
SHA1 e6c26efa8b43114039801ec5b131fd10cf4b361c
SHA256 3d77ddd1dbe3a044bf42e354b07a2da71041d1a5d203c517c7d1c209962ca28d
SHA512 32c08baa175dd49f98687a248800c37695ec4515109fea803114147d68368e2e683e08bff302b5352c567fc2fd13bf6a2d2bc4198ddcdbc7225eba6ad319042d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\752cf03[1].js

MD5 a2558a6637070c3cc93af3b64807b982
SHA1 b213327770604a3add22e75ad88cda10329186ce
SHA256 802398489ea38879f3f561550da21264875ad0a18e6c49ca84d618a61c0b065d
SHA512 f3347941c1bcac8c6506a5b514e74c25eb245d49ce4cad4deea5eea916ca46cdee24309c0a1b4acebecb76245b545428c73636b531e3a229203640a84cf9e54b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\5c2837e[1].js

MD5 605dc744a32783890774053695703863
SHA1 5aa379bb625d94ed5f3fb24a48fb1a14c7356625
SHA256 29465071843f75a75c766f97a92ce0ff6e43d5f8f759a4d1b116e350935f4805
SHA512 fcf628405b213df1f1f64cddb089886e5e686c56583d284bd6f4ff354e9e6359c8165ec462af4216c5ba6250f9220fc9ed22110c70e6456eb9420460e8b5dcbb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\2a7f7cd[1].js

MD5 ae0831cd467d6e1d6e80d21aabe23b09
SHA1 05d1ccf3185429afe12e8433c8c9e7bdef4d3f86
SHA256 698a2cf5cc7798c2356d1d7805dbad60aebc053f8489ff77454c15ababeec48d
SHA512 d52e6c7a82ce4b80e6ec8901d82f6f4f5458ea9ade61e0c2357e01d8f633588a0c5f42239b87fe911b196198691491bee98e7e931cacfec5bde1f9a594c0e1c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\495baf3[1].js

MD5 efbaf983ab6a5ad12374cf7b3cfee790
SHA1 8e78373768667bc54af08f19862b14a6172418bb
SHA256 87b072fd5a47ddc2fc8e1ceb8951132d666603235dde178832774d7f1fdd34d3
SHA512 c0b6707c21a4482ed96a7e2f4ff2b043ecdfb1481999a66186fd02f6424cf7f86825d66a1b47bd80c84046a5372d63b58eb010970f68fc6e761bcda17ae9fa8c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89ILGREF\19b2c39[1].js

MD5 35f25ea6c3d206eb6ddec8363433b7dd
SHA1 7a2ef00fc8c60144a95dcdfe663897d25541741e
SHA256 6bb03f1ebf5e5d28a26696c3d355cecad574f3a42ff68b30fddc5ac74ce70d12
SHA512 b1bb544dbcaae7df2e6cb7eb19868032edb5cca70e960bc87ba3dde033c9220221057433ae5f306865d62592a82d8249fe03f373934e528024b83a48087dfd56

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410141704431\assistant\assistant_installer.exe

MD5 3b103a9ba068fb4f932d272d19f5619f
SHA1 8270adf6a18d0101ce54afb77179d55a78a35fc7
SHA256 7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15
SHA512 83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UL3N1MAY\LDPlayer9_ens_com.dts.freefireth_25567197_ld[1].exe

MD5 9855e448af8561fc920d69a7b45a309b
SHA1 9ceb185e61fde58d6db6e3c4e2e7932ca53ce712
SHA256 aebbda8979b54ca3094e835ec7bffb08aca6c79480675d46bc5df75d9750a583
SHA512 a37495c629c9fd636702f1e1479b0ffd8c7b921cc914a7208478d2b9c348149634bd7736ed41d6627902e8b8e5d5316dbeb3d5783b93574a48b7fb1786fc6d6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f6b01d09c1678e7e758dfa82a0894955
SHA1 12f18a0fe96075b59dded654182dca5d6913a4eb
SHA256 718b9ba6976bd6042375fb6e2b7223c6509b9deb41d35d3ce4fda96c100f18a5
SHA512 443dea74c5c500031ac1b24d85026193df07c52c0fa6059a91badbdbe5a8e66d5a840193b2fe9fee75fdb4b768ebacc67d64982ce5ca10f4a6862b278c6918c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cfb54e70e4015a2f4de60f5f306ae3bc
SHA1 ceb78da716fc560bda4fd39fef6a39e3620143a4
SHA256 14bdfd4a21196727d266fa2de63fbd13f783334194a83cd39081d99568c587ab
SHA512 97b37331432372570e6c4bab8e2b07e0df61ab28071c2b93b1b42ba9fa977a4fd347242d560c624d6f19bb47df543f8d925233b7ffdbbf423e974c405dff541e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 be55c3f87a6fd7daa37bf25398e1043d
SHA1 b001c82e0ceedf44317b8da7e8423e6b3f72368f
SHA256 650b56ddc4d35c899827ffce1b2e1d8063923f4ae1e4692bf67a7fa7bb5d0455
SHA512 f27ab2a92d2526cc39e3279bdaccb89feafd572e9c680f4e1cdb8d816662271c9407c4db0261c4b228bffed1a71c6e0edc218dd6733a5a11fbf105eaa22c9a08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 91aa8ea4334b12e6a5073202fb61e4dc
SHA1 f656577bfd88f1b3885718149800d035ef7fa495
SHA256 452d2e3a2cd5eec40e06915724eea043248055478d556fbf41f3d44dc22cb128
SHA512 31abff6ffb405448cb7fa720849e4440f17a7c060d610354e91cb7b2553b2db1c824e0e2fbccc417c0dbe9aeecc76ae518eca1a2afc17d10e35585247e65c714

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 841bc702c5ff82cf4078b817afb182a7
SHA1 3bbeea395b43aa1ec09d63c7731f07edf5897fdc
SHA256 dd46feea5b1c27ad1b2e10fd43d764c41b7ca1114ab66aeb56d5ff8b813aba4d
SHA512 049176ae1c08f04508e16107d6a9bbfd99f7dbc4ec752dd4ed63974afe04ed4243e751d3d9661932d5762a8c36c08c2ee9a46144659d1178db8ec1462162b81f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\04B9F0FB7C466980A18B81686266C55B1664430A

MD5 01dfb7a8b08449b6d0735d633926b1b7
SHA1 cfe776141e354a89103c90f1ef6e8aa4eeb3231e
SHA256 193f9a64e264822e9ce9e9fd7ed7379d5ba6425d642fe8430b07db35c84c310c
SHA512 70fcd915fbb7b8267e15bc83962cdf1801cec115c833458c534347d617e7780741938c28dc61ff32009d727ac74537ee08ee0d5ff22f71f9da8af28f0d6347b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 06f16e229cf8eb3dbb6bdb3565eb8888
SHA1 0e646d44943b0a45a913ed2f1655d205a5884ceb
SHA256 ab0d5985e0309b93016aca85590eb8007e738708c4fd75681d7070caf48bfbee
SHA512 14d2023671b5567243c695c8e0a1572159fe34a1f69b1dc4a1f2beac4c62e3544dd936ebd7e3726d4ff8effad285cb3f8de43a494469c12ff94abcde3eb83c80

C:\Users\Admin\Downloads\HitmanPro_x64.mD5Kg_nD.exe.part

MD5 0225da5d1e3e61268421a1b8f0bf369c
SHA1 2360c2eb74dd1bad68a2a18968be5b7d73135f37
SHA256 c107c3779d41cc18f7cc556bb02b88fd3d3d2668bb56fef8669f509632e7b63a
SHA512 7616a722b4551d76c7674d18e9cf96a8c5b24765bf846bfecdffc1746c278b5261ac5bdded053cf38257d9aa1441a34819d99eac7b69f295366899a9f01c6c5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89b2b63b1f20ecbfe0be3bc160955ca2
SHA1 0f76eb5b6bd6cf2a742e15642b86d59b12f6dd30
SHA256 71ddd101d4b86cecd229c34db0bd2873e93de2a0ff6ca5cb66c58eea7dc37d57
SHA512 bb01232c3d3596c028e41119747ff3108943379f54e2a543fce3339deb112290320f7dfdcb272bde5121b806c881cb894104a683d054a2807f113f95fed77125

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c07dcacb8b23e5bf002d87f9eda56399
SHA1 3ab712893c9c7a3953f74fb971d8bbd03168a58f
SHA256 cdaf035e3322ae7c46440bac423bc7aa2c66959e049348d93246f4281635698e
SHA512 138d07ceddfc1a8150e8af70f41cdff43c438ed48f99f31b786473e8f155ab639e9cf60e6ad3a6c9f4ab2a9cd0844e6130faf00d2c59670eb6a131f41b99ce79

C:\Windows\System32\drivers\hitmanpro37.sys

MD5 55b9678f6281ff7cb41b8994dabf9e67
SHA1 95a6a9742b4279a5a81bef3f6e994e22493bbf9f
SHA256 eb5d9df12ae2770d0e5558e8264cbb1867c618217d10b5115690ab4dcfe893c6
SHA512 d2270c13dc8212b568361f9d7d10210970b313d8cd2b944f63a626f6e7f2feb19671d3fcdbdf35e593652427521c7c18050c1181dc4c114da96db2675814ab40

C:\Windows\Logs\DISM\dism.log

MD5 7f0bb70edc4834667ccd1caa7b281b21
SHA1 7150f91aa4f8b4c84a40ba32d62fa28c6273204c
SHA256 c60ae94948f4c2d0bb962918336f646c751e7b62497f04f5ef30fc33f2ffb3bb
SHA512 0d9f1a8ec7cc2d2e9c0841fa63ce21467e581d3cc0a4aa2aba03b721fbe0c39cd93f6809348ef1e2a84905bab5bd580b6a595a2cef4f6e0b13e83217d1ed6d72

memory/3348-11418-0x0000000004400000-0x0000000004436000-memory.dmp

memory/3348-11419-0x0000000006EF0000-0x0000000007518000-memory.dmp

memory/3348-11420-0x0000000006E50000-0x0000000006E72000-memory.dmp

memory/3348-11421-0x0000000007600000-0x0000000007666000-memory.dmp

memory/3348-11422-0x00000000076E0000-0x0000000007746000-memory.dmp

memory/3348-11423-0x00000000078E0000-0x0000000007C30000-memory.dmp

memory/3348-11424-0x00000000075A0000-0x00000000075BC000-memory.dmp

memory/3348-11425-0x0000000007EC0000-0x0000000007F0B000-memory.dmp

memory/3348-11428-0x0000000007FA0000-0x0000000008016000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2atnftfb.y2n.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/3348-11446-0x0000000008DD0000-0x0000000008E03000-memory.dmp

memory/3348-11447-0x000000006BC10000-0x000000006BC5B000-memory.dmp

memory/3348-11448-0x0000000008DB0000-0x0000000008DCE000-memory.dmp

memory/3348-11453-0x0000000008F10000-0x0000000008FB5000-memory.dmp

memory/3348-11454-0x00000000092F0000-0x0000000009384000-memory.dmp

memory/3348-11531-0x0000000009290000-0x000000000929E000-memory.dmp

memory/7524-11623-0x000000006BC10000-0x000000006BC5B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 28f905b22471522edb5dcefd50abec62
SHA1 44cd3f71d1d82f4a5eea557567186fa37be460c6
SHA256 0585284d768eb6fa14dfe91e6d094076cd48e26a540830902b5484a795ae2a1c
SHA512 a5d086bbcd12bf6b7687c3ce3972c656e2bd035b3314034eb6c3332bbb7e051f3e4166acedb0a965d6dfd538c4021ef713607be9b6727b725a26fbbf7f320684

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\jumpListCache\q1djQgUOgGNqj+ogMWOUug==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

MD5 e2e37d20b47d7ee294b91572f69e323a
SHA1 afb760386f293285f679f9f93086037fc5e09dcc
SHA256 153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2
SHA512 001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 fa2c08e402cc1c1fca849ba2e4eb56aa
SHA1 133dbe827d469e8dcfb792734f1fced97690efca
SHA256 bd6ed960624c4ffb99ce82611f23365733df329b1ff3216590292ee8034a4421
SHA512 d96f84f06784f6d2c2182301ae4437303f5f3ab8936e6e3512606c28cc99de268bd186a4eb73b092c1e54995fa849c38080a26fe6dc2b8c1e7171781677d3eb6

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 38f88ca4211fb378c41412c23af886e2
SHA1 7c904c5fdf84d13ffd47703be39380861b5a6a7f
SHA256 6b149b8b72bf3631111f0e7b95b4dbe2646b786a3de1b414110438927d3f9c38
SHA512 6ff289ee872bb96de9de4a3ef82d043f93542545f1555885bd4b6aa008892a8e3fd5f59eb4ed76a402aaa884989725168206aaec6582ea37bd556e7f642d681b

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 395970be72d1bcc7755f95a04b3b303d
SHA1 f4019b43fd95f1748e2392d5cb1aa4486aadbc13
SHA256 5fa3f4cb4f4f603bd8b9a538b54658ebbcf9198d99f2b0e1ce447322b22fb312
SHA512 2f4968b8564bd3bbc624a6838ec33de22413afb8711e08cc36b082863f4e146212c1b6173921ea110c65a0dc20b97c9e187a8ef006005711efcf4237db0bcd1e

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R8OGHIFB\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\d2c4jah\imagestore.dat

MD5 e2fee601dab985f9be78b8ececa5df41
SHA1 18000c9c0ae37331d739e63205ccd697f344d355
SHA256 f12c409876146df65c29fb1465dcd4012f2775262d399b5ea0298083fa57e43c
SHA512 701e22e80b6c86df73fb8fdac97103955776bdb9b966f7d1a1eae27ff7b794532ce1e8c31d3e9f4195c02024d630b75d01fcd026a1f3731c6be4ce485f4b41de

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XHM9025Q\favicon[2].ico

MD5 dc07ce58639e2deeddd787b3c7bf432e
SHA1 b0aa235f7ee556249350c73d7b64d0402f656ca3
SHA256 eccd82a9b6a9e2bc95a036f90af21a7891ce8e86b612f2db40b1083ef6db2c80
SHA512 3da2bbf1be19c66d6bf09bb3334c37da0434d6ea38045590eae3d7d20cb382acb3272978cda116ee28ae612c784545bc5de37961d20c0184c990fbe2603a2a55

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 73798c893886eea29d1adf879116fcc2
SHA1 c3d5ad4e0277047918f8d0afee88d4d7982b1f91
SHA256 c43e605039ab53f8aa5b3acef87cfe83a8c13e6312f0af98e918f432564ab640
SHA512 279df359faa2177d5cba9928736c7f8786fdb968bfd9db07423e9db16917e945e35a392791ad479f758535ea00030d0b67c2463f3a4d3f2678d56e19a1a5aa19