Analysis Overview
SHA256
282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd
Threat Level: Known bad
The file kreo q zi.7z was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Quasar family
Executes dropped EXE
Checks computer location settings
Enumerates connected drives
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks processor information in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 22:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 22:08
Reported
2024-11-04 22:11
Platform
win10ltsc2021-20241023-en
Max time kernel
115s
Max time network
214s
Command Line
Signatures
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\kreo q zi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.4355\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7B9B7566-9AF9-11EF-96B2-FED1C665BDC9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752317200927351" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\kreo q zi.7z"
C:\Users\Admin\Desktop\kreo q zi.exe
"C:\Users\Admin\Desktop\kreo q zi.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff811b0cc40,0x7ff811b0cc4c,0x7ff811b0cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3692,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff71fda4698,0x7ff71fda46a4,0x7ff71fda46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4424,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3280,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4052 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x464
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4580,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5420,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5388 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\CompressResolve.dib"
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Roaming\CompressTest.ttc
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\DebugCopy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\FormatTest.vbe"
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\JoinExit.wmf"
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\AppData\Roaming\MeasureRestore.pps" /ou ""
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\AppData\Roaming\MeasureSwitch.ppsm" /ou ""
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\AppData\Roaming\MergeUnprotect.ps1"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\SendInstall.rm"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Roaming\StopLimit.mhtml
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff805a746f8,0x7ff805a74708,0x7ff805a74718
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\SubmitOptimize.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\SwitchBackup.bmp"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\UndoDismount.au"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,1417792300327238791,15799818021476200431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,1417792300327238791,15799818021476200431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,1417792300327238791,15799818021476200431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1417792300327238791,15799818021476200431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1417792300327238791,15799818021476200431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\AppData\Roaming\WatchGroup.dotm"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\CompressResolve.dib"
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Roaming\CompressTest.ttc
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6236 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\DebugCopy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\FormatTest.vbe"
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\JoinExit.wmf"
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\AppData\Roaming\MeasureRestore.pps" /ou ""
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\AppData\Roaming\MeasureSwitch.ppsm" /ou ""
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\AppData\Roaming\MergeUnprotect.ps1"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\SendInstall.rm"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Roaming\StopLimit.mhtml
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x108,0x134,0x7ff805a746f8,0x7ff805a74708,0x7ff805a74718
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Roaming\SubmitOptimize.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\SwitchBackup.bmp"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\UndoDismount.au"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\AppData\Roaming\WatchGroup.dotm"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4016,i,9664971663459300272,8810769469283417849,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5184 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\vcredist2010_x64.log.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xc8,0x12c,0x130,0x108,0x134,0x7ff805a746f8,0x7ff805a74708,0x7ff805a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\vcredist2010_x86.log.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff805a746f8,0x7ff805a74708,0x7ff805a74718
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12687087772462353754,17404542514366741478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hola435-24858.portmap.host | udp |
| DE | 193.161.193.99:24858 | hola435-24858.portmap.host | tcp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 8.8.8.8:53 | 99.193.161.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.57.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| GB | 2.19.252.202:443 | www.minecraft.net | tcp |
| GB | 2.19.252.202:443 | www.minecraft.net | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| US | 23.192.21.87:443 | assets.adobedtm.com | tcp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 202.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.22.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 23.192.20.199:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | minecraftprivacy.microsoft.com | udp |
| GB | 2.19.252.208:443 | minecraftprivacy.microsoft.com | tcp |
| US | 23.192.20.199:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 23.192.20.199:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 199.20.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rldr2laccp6muzzjiyca-f-276975967-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 684dd312.akstat.io | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.73.31:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.31:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.22.192.23.in-addr.arpa | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| US | 95.100.195.47:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 47.195.100.95.in-addr.arpa | udp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 136.252.19.2.in-addr.arpa | udp |
| US | 95.100.195.47:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\Desktop\kreo q zi.exe
| MD5 | 28ac02fc40c8f1c2a8989ee3c09a1372 |
| SHA1 | b182758b62a1482142c0fce4be78c786e08b7025 |
| SHA256 | 0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b |
| SHA512 | 2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767 |
memory/4656-4-0x00007FF817273000-0x00007FF817275000-memory.dmp
memory/4656-5-0x0000000000F90000-0x00000000012B4000-memory.dmp
memory/4656-6-0x00007FF817270000-0x00007FF817D32000-memory.dmp
memory/4656-9-0x00007FF817270000-0x00007FF817D32000-memory.dmp
memory/4816-10-0x000000001CB80000-0x000000001CBD0000-memory.dmp
memory/4816-11-0x000000001CC90000-0x000000001CD42000-memory.dmp
memory/4816-14-0x000000001CC10000-0x000000001CC22000-memory.dmp
memory/4816-15-0x000000001D790000-0x000000001D7CC000-memory.dmp
\??\pipe\crashpad_3020_KMOZVLAXOVGXJDBB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4816-40-0x000000001E000000-0x000000001E528000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a06bd7899313bd6d7d80245bc1f3489f |
| SHA1 | a379bc36e7991a0c47fcfd388f7e6d3062fe682b |
| SHA256 | 0bac12b361d9a780ebb2a37c7bd9cee699ff9076bc3f33664c4191aeb3782dac |
| SHA512 | 80fec1aaa95cacc67d0cc5a8db0a2341889870a8996c90916b7f8929f7839b84585ed5dfec77fc5492acc217881cee3bd609c05b8c75268d9a3be8ae5497f1d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aaa3c54176b3ece0e1bf31bdf35c3145 |
| SHA1 | 50d2cd41490a329d404edb5733f93ef90194a5b5 |
| SHA256 | fbeabab9d35b1c0c8d5f0aa376eb844924d0467aabab0dffc77f5ead849addcf |
| SHA512 | c6f7206c0e77118ea55c944664a34d9fefb43802627a84d45ce6e9f36a76eec296a4ebc909b8d6b2043b6a0a689747112503ebf72016df1cff59f6cd91b001b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65bd48cac619208dc4b280bfb5c20ecc |
| SHA1 | 554aa7070619780d72052b7fc5ae91b10cc6f3b3 |
| SHA256 | b37bd9a8579c1d87516ae8fc4d40a7cf788c70c8c82116792ae2d290c77c66d3 |
| SHA512 | c09b647d8b12ddd241d16ed18969d42543bbbb29494d875b7628b02c3562895ebd70c593194c7923ab4a6dd717f16d6b7778dac82cc8049e1f7bcd856bf42fa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5b877c0c783fc45e801c14da934fcbe |
| SHA1 | 0fef52c24ec9f99d0ee427388dd3673533a616a2 |
| SHA256 | 63117f6e10818c0ce00e965ae680090e81af45d47416a336deccfbd98e3dadc3 |
| SHA512 | b75b2df15212a87757aad8014f400fe3551ebe48b42017ca870b973326a4bfa9fe0c10d522c57a6e5915e5b7784906d4a975cf61ebc17b45445bbae8ae3e91ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | eca0a91f01f956c02299d008be40bbb6 |
| SHA1 | 1e13cb21b97f0ff998132116ab484cc007dcd7d5 |
| SHA256 | 8c887c0233a8100153da878510804ffe8f3aae83d4bac176e095cdf44628e674 |
| SHA512 | eff6aad87d7e4ba42f528d2d28e9881de2442fc7b498aab17a68fee2f5fd5d9696b1c16e8f7eaba5c5ea67076f1a7feaa8d60925099fce07f02448510642391a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7edcb01eb51b266fcc2ceb50197fb365 |
| SHA1 | 8f1d5b689305b1f353b5712dd0f963dfed144efd |
| SHA256 | 359d082e52dd2177e08d1e61b81d69af6be50702b8a0c6f597a214661ef71603 |
| SHA512 | 65997945d0ba64867297029c75c505ad2339b43ce9665836af9e618ce884341b04849a6f0aa69db018bd2f5469f5174b69ad06462ce15e8c2f1baff141d99d52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 70197b581103e441f1da6418908f8852 |
| SHA1 | cd0b59216748444414f25b56655c10fc976878dc |
| SHA256 | 75517a05f42246767568236bc535eb7b0290874fdbac9a8c5d40c09650d1f9a7 |
| SHA512 | 105aa4561205cde07a8860c75b350fd9a6ed4798a036bfef03a3741b86334ce959f1c85ddf33270d90d491b33e8dcdf301e1dd40dbee541a0266b85d3b1105fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da61b8fc060d3c4595946695b39e8589 |
| SHA1 | 0db564bf283dc008f73b0168d0db1c8315b5aa80 |
| SHA256 | fb6a9ad785972e23c15b337b9d038e1f14b08d9dfac18f6e3460e648e16b9222 |
| SHA512 | b52ee82fd87476a155767637892d9416ea11c02b0a8dc6b798e24f191add182813ed5804c91091d25ddac48f8f8b797f6a79738403c455018d994dbf83464789 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 047b0646f1871e1fcfcb4c075520afd1 |
| SHA1 | 93fca3e62c614d5fbe4f0cdaf6f28c2825541e9a |
| SHA256 | 9f36fe604d2293b8a6944f70a21db5e68200de1bd92859de647367367c341c2f |
| SHA512 | 33860c7f06cbf5b95a65565d47c3485e8f27a9e96986c18dd802c8993e6c5b5f42d1652faac338e56e17d384bc231e97d7d2fbb6db11b4dd2e6effee4e895c89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 56c6089453b246e1ce12181804b8c49c |
| SHA1 | 680e94c5c3dd5cceaa92d1aeaeacab8ac3f8923d |
| SHA256 | 0c1c6e6bf4a88ee877f74ab855b092c34ca885723586af576e197f87a6f5980b |
| SHA512 | ed0d22d288ecc6989f69ef80a10660ad3406cd2606ccd9b53719cff5256478f6d4779005825647e2de23e50185313b476f7f612b60facda6645897462a811da5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5125503aca0c33bbf5372e1dd5dbe4a1 |
| SHA1 | 1978cfe490dc1c2bc19b9e8a19b743b57de1b77f |
| SHA256 | d38f8516e759065b866bbe7a232bf572e90b87a6ee9eeac0491b687278718ea8 |
| SHA512 | 4bc7008cff4469ed6889a5b75e15751ca0cd1a962d927adff77a0336ab674d11812781b0a271a35cfc0d305d723537ac4d94c39e7b1a9987f28e897a516558e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 876a1b186f071f08066245ff45d1120a |
| SHA1 | 377ba1bed1d31ee25ae6d33a9f50820662be8940 |
| SHA256 | f0758567610c01a37f3f2968e6c128e97e2e62cbd342912a952ae3abefef2f20 |
| SHA512 | 5ac3c525660062518cd650e1f7e8b4f64ca75e1b0722c94f7183e95cd6ba4ad520040414e05a8e075771e87508e45034aa9929a293852ab0adeab12d1cdc8aca |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 987a07b978cfe12e4ce45e513ef86619 |
| SHA1 | 22eec9a9b2e83ad33bedc59e3205f86590b7d40c |
| SHA256 | f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8 |
| SHA512 | 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 3295ec3eadbaae0d008567434d32e2ee |
| SHA1 | 2dd90f49daed5d0d5bf011ff29b5cefbe8ccacec |
| SHA256 | c595bc2cd5e0658cd1e956d283c6828b1853e387d62dfcae0a18ea3efebeeeb6 |
| SHA512 | caa4b1a3e31a1dc4222c233124f7b3e915b0785471a671103548b0522101a82ed019776e0db138bfacda92345745239f48209ea084c01f9c258bc54dacb5b572 |
memory/3832-372-0x0000000008C90000-0x0000000008CA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | 6ecbc692693f1c8df250fcec7a890c31 |
| SHA1 | 775952dbf47859f9d17eb5328e1c55c6a2b7edea |
| SHA256 | 19808a83a4a7448fd136e8301d47cb02453bc1ff285f92f19b7ca487cdec8ee2 |
| SHA512 | 7963cacad2ec30d3fd0946c996f4ba828b0adb82cf95a7041e7407c009974146dbbc7addfb7175750627aa14a1ed31bc0859dec54f91023642ac0f5b31858a12 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | d3e6d96a3b22a333ac98dcfdbd76eeb9 |
| SHA1 | 5e618ea452a36ea65e555798d37ae27d1fe30e46 |
| SHA256 | 2acd4944b10c1d26dec1fd305b638b20d80ad02b6504d219a1ca693f29d91063 |
| SHA512 | ff9f6f250d1dc17e87ff485459982d5c560655bd797d6a6cf26d5be71510898c9f1d972b763c1b18d4e7563781fad173cfa8059c21ffd9e6f2bd56d3f2eca7f8 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 9ba7eec1a0ef66b2a1d77f9d4a4f9148 |
| SHA1 | c2fb078357abba1d256ffa997d175b0145b342c2 |
| SHA256 | 4d60190954afc2dabdb90eaddb764c444681dbbd9abe09264270ae94d3b01b8f |
| SHA512 | dbe21461443f1fba56375e6b8ce679ca5687be2fc70eda4c3adf4865d31cff8823d280f39bb8e9ad517a3295cd851eb582f0caf8fa54c8768517cf78e0808758 |
memory/4816-385-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-386-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-387-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-390-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-389-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-388-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-391-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-392-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-396-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-393-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-395-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-394-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-398-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-400-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-399-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/4816-397-0x000000001DE30000-0x000000001DE40000-memory.dmp
memory/3832-402-0x0000000008C90000-0x0000000008CA0000-memory.dmp
memory/3832-401-0x0000000008C90000-0x0000000008CA0000-memory.dmp
memory/3832-403-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-404-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-406-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-405-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-407-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-408-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-409-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-410-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-412-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-413-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-411-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-414-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-419-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-418-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-417-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-415-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-416-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-420-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-421-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-422-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-423-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-424-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-426-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-425-0x0000000005DF0000-0x0000000005E00000-memory.dmp
memory/3832-427-0x0000000008C90000-0x0000000008CA0000-memory.dmp
memory/3832-428-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-433-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-432-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-431-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-430-0x0000000005E80000-0x0000000005E90000-memory.dmp
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 969a5d4b95735ed53c71578eba70dacf |
| SHA1 | 578dba2d58ac42b20382b8b93123d712df88ab9a |
| SHA256 | a27d85b8f57b33d91dc93dbde37b44d1b787047f244b3991bf9cb200747e6769 |
| SHA512 | a7adb1adbc141951d79dabf861e20f579b3a1517bb00b1f195dfdc3c81c7a761269d2dba2b39a5c2d40ff94121dac14172536a1bf7f0ed4c61b2dda7c6aaf2b8 |
memory/3832-429-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-436-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-435-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-437-0x0000000008C90000-0x0000000008CA0000-memory.dmp
memory/5520-438-0x00007FF7F70F0000-0x00007FF7F7100000-memory.dmp
memory/3832-439-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/5520-443-0x00007FF7F70F0000-0x00007FF7F7100000-memory.dmp
memory/3832-448-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-447-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-446-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-445-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/3832-444-0x0000000005E80000-0x0000000005E90000-memory.dmp
memory/5520-442-0x00007FF7F70F0000-0x00007FF7F7100000-memory.dmp
memory/5520-441-0x00007FF7F70F0000-0x00007FF7F7100000-memory.dmp
memory/5520-440-0x00007FF7F70F0000-0x00007FF7F7100000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 543d3307852a4286f764b054e8de492b |
| SHA1 | e37431d7d442662614bbc288859bf5c16ecc2121 |
| SHA256 | efbee8655698540e2e4f48234989c9e13a491a9685098104130cb751f6f91b3d |
| SHA512 | dd41d61022c790dc5d60f9373cc97ac47c18ee75cfc233d153c9ac9116d5bf4ed89131d234e28ca35e89b68847e77beb2aacccfb3a54a3b32fa70061ea67c361 |
C:\Users\Admin\AppData\Local\Temp\590CACD.tmp
| MD5 | eb357a32fa98b8a098bcbe03580b0479 |
| SHA1 | 151f10748dde74ff80b83f291ec957b2103c99f8 |
| SHA256 | 96f064b1aaad486de3eed97967c826a3dad4e9580b156678b30111c970b8286f |
| SHA512 | ffc324e9e1dae07e439afe324d5d0c74c15bd485d8e9c55758dacb6e6d360d08bb9298ce6a1df21260391ab12ef7ae95c3b12fc5a4b5bcf7f2726d52cf5dce03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e87625b4a77de67df5a963bf1f1b9f24 |
| SHA1 | 727c79941debbd77b12d0a016164bae1dd3f127c |
| SHA256 | 07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e |
| SHA512 | 000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5d9c9a841c4d3c390d06a3cc8d508ae6 |
| SHA1 | 052145bf6c75ab8d907fc83b33ef0af2173a313f |
| SHA256 | 915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d |
| SHA512 | 8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 137094a3453899bc0bc86df52edd9186 |
| SHA1 | 66bc2c2b45b63826bb233156bab8ce31c593ba99 |
| SHA256 | 72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44 |
| SHA512 | f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8f2ab16317eadc44966286e716f3356 |
| SHA1 | d91c7c131a8ac6a9454628e054106b463100cdab |
| SHA256 | 29fb1edc8e7a12aba4511941aac39962ff4298d64ea8b4d041a1f55e59986e15 |
| SHA512 | c5cbadbd253d50822630d5809e67d4213d8a0d03e49b043f8e07e1eaab8a10837b9882db86b0de28598806cf75bde7c3290ade2c86ec3117ec215cd8f4ba399f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7F45C47E-4D3B-496F-8338-96241893DA79
| MD5 | 2ca8eab8b94c85dd227c240523ca5a4c |
| SHA1 | bae3df058ba3fc0691b4a30f107685f33bf84cf2 |
| SHA256 | 30fec4f893f2b9ceb0e80075c1a06296c456085b8324f37caee89d8fdc310230 |
| SHA512 | 9b5a62efa10f63309667601485e25cceb619c7aa1ea97ccba52ed9c069cb2533c40d2993f352c51db016524a4204f57e21c39844e8fe1ef7ed2be799af3e9dd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4a18e3a48a96e68fb11f2a267fe74aa3 |
| SHA1 | 2071a236eb6c480984f26f654d70dfc0838039a9 |
| SHA256 | 40e52d13997a58d43b822c98b14f158a3876f6844f547383d1057ed587a91386 |
| SHA512 | 7ef1f5fae9ead9409bd8bd537b20126637c86849fa2cc278e1cb590efeaf2b2caef029ac3813de56859db7f916d6665661e4d2ac116b474d3b34fdb8fe5c6d27 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
| MD5 | c12d9afc7d3cab604390ec3caba1e9b8 |
| SHA1 | d21bd1cbb679cb18176b34c6334ed8312bb6f808 |
| SHA256 | 68c1c8bc4661ae8cef4892015589c32c2d555b950fb86f5d9cd9ed1a2e3e7c6a |
| SHA512 | e18d9f2b96e76102583fdf1a28541e90d31f21a39d1019e002c7d61fd764f800eebf2dfc002686e7ec73a3739a5d3caa6a5ee1f5aca5dbb36c1b960754a62a68 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\f3df91c436730d7a37c58d5f25d9bf4a56fa3a34.tbres
| MD5 | a77d7b36b82f2d854c32f6d332cc70be |
| SHA1 | d6f782d9cd0a507c61f99e2999f804da4ba3d163 |
| SHA256 | b6c69c1d92803ef753cfa832fcdc7319226e04058a5ce34d3d3e9c0e9914f36a |
| SHA512 | 6943e356b162196dd5f1999e70be256f6f5b9e66988c6f0af25fd4e7015906297ee352bf7f2e655654a88eb8a13becf64ae2fa069400007c7d6580307475b3fd |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | a0669a91fda9685fcf408aa61d65670c |
| SHA1 | 198e40953f2f7c63a1f56365710912efd9cc925a |
| SHA256 | 5ceeef62ff0eb9c39f102d7f831ad88448c52777325b2ac809cad7dfabbead15 |
| SHA512 | f0b8c9fc4c05dfb08dc0feede8e73af58a63a8ef8b1cb8b7818b4f63c575b318f2f4b289dca5e11240043b950134f3578a66983a0e7935fbb1a76aa88d79ab41 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
| MD5 | fa7eed51df213c96be21ce7dff5faf72 |
| SHA1 | 05a45d88b15652d5c9e96c4aa3efeed64555db99 |
| SHA256 | 1dd61269a99bcdcf5045d2b075e70facbad663543095242c3abf9be1526febdb |
| SHA512 | f0be83cb177e8cd44e9cf69e209ecce84c048d6f3be285270b5e0aed6734490c970e7a525ee2b8c4505842a3825dac4131d12199e3d8f147ae6e4f8d816253f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | 1de8e9a83c4383b33d5a6f5d5083dd2b |
| SHA1 | c95612528e5e530fe6129bae1a77345cd079e066 |
| SHA256 | ee6a4a1faf8a8ceecbd3403905335a36bf66630307dda31181ad7183e2c46ccb |
| SHA512 | 384e2deede23034652b3cc1432c4d9c53ada07d5dd29147162ce7715f61f96276e172d230b3f854f256765e8dcf278924408899b645424b564d2678cfc6ac31e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | e7f30ea0d4abadc537ad833327d33750 |
| SHA1 | 3d251a1aba0a1b91fa5f13f8b800b5915fe3267a |
| SHA256 | 4a72fe98ba64c84956c9198f0e57ef0c3bd7252fc1ee90ebd4b95d3d2c0bf060 |
| SHA512 | b010f3138775819f691d4e3f47dc4bae798a3c32432f47d12e16a286897e04764cf68a79d70d71e476a1ff1cacc72698652e5b3fa80211fef6b2ef9452bc0602 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 2bee56722dc576170e300b45c8e646ce |
| SHA1 | 51283423bbba26c99e246b5836c1018dfc14e7ae |
| SHA256 | 36dceb4fcf44139fbc501172136cf1294709d1179f65d49094de8425ba98c197 |
| SHA512 | 3ae54040af89c78f7d41a84f67e413c138fc8aa1ef186199a2b0b9afa25e3181f9c3b22d3b97e4b160c558649bd247afce9c2965c7cc5d43a7c2eb4b372ef334 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a30df8f2f5717434a5699b1e629e5e9f |
| SHA1 | a153e57bbd94121dddcf34fb2f111fa7dc012efb |
| SHA256 | 29b5a7449745f16e1a7e0554c22a77f1127802cc1339ebd57b35f593de610d3e |
| SHA512 | 7ef2aeb8dc84d75e54d1916aa25432d754bccb9db45a4c9945cf57b90e440edc7a6ecba7082b49d00aeb3696b59165efb4247bcdb08524cdb33d2e3d466ef27f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 794620ec1e79ac9bc9a27ebbeecb08ac |
| SHA1 | cf365eeeb64a25fe763ac078edfa5ab9c321d789 |
| SHA256 | b3356f0ddc460c6b00366420f51c6bb83c286362f073e7943a1271b4a2c3e58d |
| SHA512 | 613096da233853fd5116a0b94d2bcce62ae83900a23d3e64e4b0b9ad315a173eda178a288611e37c37d6b9e2a5af3af14b25c36c70eac78149846822fb3d012a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9d2f6438da9d01af0c15818aa34839a |
| SHA1 | 9deb0d53d3197fef5a6067f6acc0bbce9c637772 |
| SHA256 | 7954bf03e1a612f65674fd34265d94e5c45263ce6a4b40223d2b6e223dd8454b |
| SHA512 | bf5f6763c98486fa78d1223138106b818e9b402cb4d8b4102243d69f598a960c30a2c1b9b584c6540e0a88fe6cd46387b72b65d0ccb742bd2beeedb92222c0f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06c545848b613d3e7acc253d7350bce8 |
| SHA1 | 4dea75d127428ad335aab8f7d8f58c3e21017525 |
| SHA256 | a3c1b49590361f46896c676109a4b74784b190d113f26a9fe1cb666975a06599 |
| SHA512 | 015e0320b705d234676528a4ba430cde0cd4ab44d03f9d52497db33f6316ddd3ad49fd4673e2278724e369b37e273cb0374513cd9611b9cc69a3848ef445e3f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce4bdc0165d6baf2af641205fbc46789 |
| SHA1 | 326a20cd2268c18947b39fff5e0677333b455508 |
| SHA256 | 8f9d4124178dffd8fb7aac08220a290d5e5cb050248f0735a1097ba0c42a84a1 |
| SHA512 | 81df1d6139a74b85dd16722e9ebb36d025cd4dbd56593db8e6a30cd870ce5d76ea1972aefe39fd85bd28e09a7b6a4067016da4b60736f08be9c32fceaa09b0fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 95e018f71864e5a39d49250977c8569d |
| SHA1 | c4e5c017ca1758fad08990073d664c1354df3934 |
| SHA256 | b9f5f5aeb119891ad84a33f248e01512eda15cd5d68086efe439c67df6a4075b |
| SHA512 | dd9289452c77ff7a330ed373eb5377b91e664531a4e4ae75ddd1f54b9f900f8d6015fa430d8b3263df0a0303866893614bc56a38bd383ff36df4a63b552b7c3f |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02836342[[fn=Ion]].thmx
| MD5 | c5a07069ad7e82f3aeb099f346c4ff62 |
| SHA1 | 39a58834fd8a25aed63fb83f0c00712afc3bd2f5 |
| SHA256 | eb7806d9dc3d2abf82a061709bcd9db8dd98fa060e66daf6820d1fa81bb5b845 |
| SHA512 | 343fb8bffa01801eed7289a513564b55b0045ff3d0a842a819cece416c53c2398d0a0d9b55397bf2ead5393638085ab6ab83ecb2c701f532bd55c0fed4c98eec |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900688[[fn=Facet]].thmx
| MD5 | 8ebd58005daf9c4ec15ac2530d3a4a30 |
| SHA1 | d11b9f2b85f20eb3db28c4d9c9fdd909848e3e05 |
| SHA256 | d3ab94fdc32b10903ad444f6f3518f93c3d7348fb945168dd8140c74bb7d7e26 |
| SHA512 | 00a3a6f8a8d10f4bad87c3beae299d0e28931593ef0fb4145711b1d164a3351a8ef131da0f26aab9c3eb7ac214b69e1f03cb52e0e1ea95eb444664d5b0b998e9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401375[[fn=Madison]].thmx
| MD5 | 960696af7bbdf3a98f282fd51a641797 |
| SHA1 | d884a5875c64c8f3b011e0754bea633acacefbe6 |
| SHA256 | cbfac1ee697ab73485822088e25cedb92d495b0b9423464cebac2fe3989212fc |
| SHA512 | 9000dd85a0b2ebf5be41d6c9785d69462d4d1b097d49cf2a57a432ab5d784bb9c95ecf1eb9f7ccc88d0ce47c580014e038d7a716fd1f8c094d2e6a1a42f3f0a3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401371[[fn=Atlas]].thmx
| MD5 | 9a0b4cb63dd4e749ee4258f897ff42ee |
| SHA1 | bd0f90aad36c7db69a57179b9702b13d8c83aabf |
| SHA256 | 9c5471cd01c213e94e699e12331194370d8e3f4fc37776caacdcf7ccb8949a2e |
| SHA512 | 407ab455623fd3911e6b00cf0a23333979d7e29e7dfb0a759a3ff162b12894c843c51eff6e1f99bb721851abb122052ed7f141053ff4f5d955d7842b3600aa44 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033923[[fn=Depth]].thmx
| MD5 | 2aecc99b664f840799028a20703c3e21 |
| SHA1 | 0018eab0ce4900220607f4f80b506aa2f7f89c17 |
| SHA256 | df93f14304e35e460eec7f8464ae2c2b0bffa84d860d4857f41e0f07a3f023e3 |
| SHA512 | e0bd3a86c7af6b7202e8fba42bca27fbb17a21ac94a685a38c8a45f5ae35f350ae18d6b107f553dc95774fae47f8bd8926f76ddd840bb7eb8e51e5cf2269aa1c |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457452[[fn=Celestial]].thmx
| MD5 | 5978107c3cb2a4a8427e643d0a5587eb |
| SHA1 | a3a865b6d128e7c9c5821df03b9edfe136f53d17 |
| SHA256 | ddceaec2a8e652b60cfa4d5d4c7895d70ad25a214d70de884302c8fe18f53910 |
| SHA512 | d9e0b9d52665f4c1e4b6cc32e6deba4c0cbc9309728415ac9588ddd84cad47a90567192d24bf7ff2f5dd7836a559f396b5015abf3e085abc9b813ff365388d65 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900769[[fn=Retrospect]].thmx
| MD5 | 126269588dec71f54d53b563106d0500 |
| SHA1 | e4e27b005a9728617832f0f2645980cc2ce6ec52 |
| SHA256 | 0c11107c6cf799125db9352e2f3a0d2b9ed5d55cbbeaed66d79464058598d94b |
| SHA512 | 667f9ca3929926397ed5b43df4859b8c52973f2603405763308d931c32c4da831a144ed7041096afc7cdd291b2978622ded5dd4c16c6bfb0f18235e05b212e5a |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900743[[fn=Organic]].thmx
| MD5 | 476cf35ed8367eb98237b6428266d6d8 |
| SHA1 | 37b320d5109d5fb41044f329187cfecaa8de2a9c |
| SHA256 | 71739bea66f1dee0789a7675add098123ec0e8e45eb74d707f6412b28fcbae81 |
| SHA512 | 7280c51f2dc97871c8b959a971445e1ce1499d108204c025043a0b44e9a9d6ac03e1326bbe652ef2ef900bc6f3f5566a32dba5aa2eea6a84f1585323e9c9cae0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900722[[fn=Ion Boardroom]].thmx
| MD5 | 407acaacdd935b4c82a2d4af73d07744 |
| SHA1 | e7ab195df6f9bfd7676c34503e337194dc7631dd |
| SHA256 | ed85105c65f81ec015215b76ecbd46bee4caaa17ad716393dfd15d5dcd57a3e4 |
| SHA512 | 03d30e2357319a8153d242eee035ddfda718ce93e00c0d99ecf82c1387d1fe1a436111e13ad1ce67214c87cf4709d68ff452c041772a43cb242786ed4090370a |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900720[[fn=Integral]].thmx
| MD5 | ad1c52db4c29726b3a2d28dda1110f76 |
| SHA1 | 46a0656c55202a4adfaac7e98e9e1340c4a1fd55 |
| SHA256 | 7973c1386416c251569acc3cdbfe04da848262a9a2da998f915e000bfd6b52b3 |
| SHA512 | 95c3f09611f977eb3f146c9844d7b96af3e8123cf3393884cd10efe7c250f446a565edafed1cf1fa6dcac4d7eadafacad134d2a75a8cfb74462f62f5ea8b7400 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02892315[[fn=Wisp]].thmx
| MD5 | bbacb56bbffa78cd4a21a9a6b331d84a |
| SHA1 | 5a854fb2fdfb3bd38dde1ac7c832ba0ffd46f4f1 |
| SHA256 | bd9de870d21c8a5336adc759ebfb740e105764810dd4b5b88bca6213c9133cd7 |
| SHA512 | 59d798652e181582593b44015803a13f9838ee1c5971d2992f968d314cdb80b77a9869344d9d1fd26c2d8afc4574dd9145e795dcfda706e6cf1b49cab6402c7b |
C:\Users\Admin\AppData\Local\Temp\TCD2D75.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
C:\Users\Admin\AppData\Local\Temp\cab34A3.tmp
| MD5 | 65828dc7be8ba1ce61ad7142252acc54 |
| SHA1 | 538b186eaf960a076474a64f508b6c47b7699dd3 |
| SHA256 | 849e2e915aa61e2f831e54f337a745a5946467d539ccbd0214b4742f4e7e94ff |
| SHA512 | 8c129f26f77b4e73bf02de8f9a9f432bb7e632ee4abad560a331c2a12da9ef5840d737bfc1ce24fdcbb7ef39f30f98a00dd17f42c51216f37d0d237145b8de15 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
| MD5 | b30d2ef0fc261aece90b62e9c5597379 |
| SHA1 | 4893c5b9be04ecbb19ee45ffce33ca56c7894fe3 |
| SHA256 | bb170d6de4ee8466f56c93dc26e47ee8a229b9c4842ea8dd0d9ccc71bc8e2976 |
| SHA512 | 2e728408c20c3c23c84a1c22db28f0943aaa960b4436f8c77570448d5bea9b8d53d95f7562883fa4f9b282dfe2fd07251eeefde5481e49f99b8fedb66aaaab68 |
C:\Users\Admin\AppData\Local\Temp\cab34D3.tmp
| MD5 | 1c12315c862a745a647dad546eb4267e |
| SHA1 | b3fa11a511a634eec92b051d04f8c1f0e84b3fd6 |
| SHA256 | 4e2e93ebac4ad3f8690b020040d1ae3f8e7905ab7286fc25671e07aa0282cac0 |
| SHA512 | ca8916694d42bac0ad38b453849958e524e9eed2343ebaa10df7a8acd13df5977f91a4f2773f1e57900ef044cfa7af8a94b3e2dce734d7a467dbb192408bc240 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
| MD5 | 97eec245165f2296139ef8d4d43bbb66 |
| SHA1 | 0d91b68ccb6063eb342cfced4f21a1ce4115c209 |
| SHA256 | 3c5cf7bdb27592791adf4e7c5a09dde4658e10ed8f47845064db1153be69487c |
| SHA512 | 8594c49cab6ff8385b1d6e174431dafb0e947a8d7d3f200e622ae8260c793906e17aa3e6550d4775573858ea1243ccbf7132973cd1cf7a72c3587b9691535ff8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d7342763db87fb549171994cd4ca651 |
| SHA1 | a9a33dbc592558f07717ce553c17c5d03edffb24 |
| SHA256 | 0571ffeb022325e1cc7a5c83d741ba6d032b57fb680da56b720eaf3e546257f2 |
| SHA512 | 95868cf076a5152a7bb3d55753f212351be7442564121839e30b52af6cb2dd1c39145298f9ffd3b924a1766d1d195d3d3b7655385bd00d2fbfa1cf755120cf3d |
C:\Users\Admin\AppData\Local\Temp\cab4B58.tmp
| MD5 | f93364eec6c4ffa5768de545a2c34f07 |
| SHA1 | 166398552f6b7f4509732e148f93e207dd60420b |
| SHA256 | 296b915148b29751e68687ae37d3fafd9ffddf458c48eb059a964d8f2291e899 |
| SHA512 | 4f0965b4c5f543b857d9a44c7a125ddd3e8b74837a0fdd80c1fdc841bf22fc4ce4adb83aca8aa65a64f8ae6d764fa7b45b58556f44cfce92bfac43762a3bc5f4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
| MD5 | f03ab824395a8f1f1c4f92763e5c5cad |
| SHA1 | a6e021918c3ceffb6490222d37eceed1fc435d52 |
| SHA256 | d96f7a63a912ca058fb140138c41dcb3af16638ba40820016af78df5d07faedd |
| SHA512 | 0241146b63c938f11045fb9df5360f63ef05b9b3dd1272a3e3e329a1bfec5a4a645d5472461de9c06cfe4adb991fe96c58f0357249806c341999c033cd88a7af |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 1ad8d4cb7d60513ee609cb193da00472 |
| SHA1 | 855ebbde7a0ab4e0e13a54f100a93a1911a588e5 |
| SHA256 | a52cbf59db0d67b2feae10e8bc0dbebc86da12d69f74347b46620c415c91a7b4 |
| SHA512 | 8aaf8f8b2c2c8f0c11b02960c09098dfc84170090c05d40da592858abb4cd2ce3769b5648cc9c34a0b6d6daee3da68a659ef7a3c19745e2b16933a6cdeaba1ac |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | d4ceeefc28c9ac783dbbdbe2a3d67939 |
| SHA1 | ab6c33c555e4d4bca89f7083187fdb267c3eaae9 |
| SHA256 | 1677ee40041da49042570b6d75cf58e1bad2871f13dfa6e63d57c073f578286a |
| SHA512 | a596e1b7a5328669e7a78d85688d5271eb83eb4df01e728cd6eaf8c19f4ee9889b7a18def75583f0367e8e85c1b855a7230b98930d53a741ab99d05bb4ef342d |
C:\Users\Admin\AppData\Local\Temp\744675B.tmp
| MD5 | ec6bbdaa414e14d65700e8d21e70cabb |
| SHA1 | b325989fa1335058c489ddf9ab6e881b1a8bd79e |
| SHA256 | 0fed7dbff7d61df7a58fc998d208bc7c02e432ae53ac7af9c44be129135163bd |
| SHA512 | d716ac4182da15b41974397eb7e74142c4c71ec7c62356bf31c0f219300999bbcd14cefabd286f1e9b9c3584d6630d7ce10c456bd90ee283f2d1edc5795a77f2 |
C:\Users\Admin\AppData\Roaming\vlc\vlcrc
| MD5 | 7b37c4f352a44c8246bf685258f75045 |
| SHA1 | 817dacb245334f10de0297e69c98b4c9470f083e |
| SHA256 | ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e |
| SHA512 | 1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a64c98dc7daad5ad686b126bc41fc2b |
| SHA1 | 63ac1632e77c36bec84bdb0155f299040a409119 |
| SHA256 | d485dae02e838f24b027b13ea300898a64b8773c27cc95f9e3bfb49beebe694b |
| SHA512 | 3f2d5146750452c323e87296384e8492e2d43fcfc89d570f5a091973a05bb9593390014480258115ce784e586c17fa3a30ef19668006d75b4675b9f469d9dea9 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 81e471d4abec25c2653ad71378f46434 |
| SHA1 | c669f38feac618724e99a2f22203eb1ba41d11d9 |
| SHA256 | 0175010a5ea712dc9e81b9d974e3cdc8d63a43ce4e6e0cafeb3b28c3057968cd |
| SHA512 | e74de324d6f75a21337c8c30ca7db9665f4936661cdd15de96e321f0c0663a9556874f2f1b854462d4d2aaedbc3b9bc89e91fc33854280d00a07aa52b208fd81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\31f72edb-a55f-45dd-88d8-8b51ae157ee3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6752881d65e75771ec1bcad0c25fc5cf |
| SHA1 | 9fc9c7e4cced40b2b42a87485cc181b1eff6f41b |
| SHA256 | 6e3837a43f1a40b3f87500a437e71ffe5880a8a0ec7bfd1e6aaf1ddd30677cbd |
| SHA512 | bedbfce436aad2d02bd6a8d7d338c628bc330dadfc521554de188991f80ea389f01784f1f7ad29bc5b12ac7c1ee022450260d472ee97f23c6672079366fd3b32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f77894b95498f83759b05c926db4c0c0 |
| SHA1 | b705220a9c59dfb3e8ea4124c57e5523ed06f7c9 |
| SHA256 | ade7f04b31bee4bdd37266f7fdd9d2f68d6bc2851a1ab105ddcac74f68108511 |
| SHA512 | 37915df71b757baab3b85dd38eee58eff36a27434ca4f4ee15c3e590d13a80a54de480b3025fbf5c8e998f727bd0ac00b5d76c50467405b4a202862280f36124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eae6dc67fe69da1e3ac50656a21b01a4 |
| SHA1 | bf637b48a324c7d4d32bb7fdea7faa7b9b3d3b1d |
| SHA256 | ff25e3c46028439bc8b2cd99d8cdcb4dc69c3dc51833b399b92b50430b4633b5 |
| SHA512 | a35b400eb7b90bcbb1f27af55ce9e1025b9e929ba93a5a863c9647bdc4fbaa43c4508d1a750ee4b9b98f397b85708d7eb9adb4e0e1475969ea05bcd48d449139 |
C:\Users\Admin\AppData\Local\Temp\cab8142.tmp
| MD5 | e3c64173b2f4aa7ab72e1396a9514bd8 |
| SHA1 | 774e52f7e74b90e6a520359840b0ca54b3085d88 |
| SHA256 | 16c08547239e5b969041ab201eb55a3e30ead400433e926257331cb945dff094 |
| SHA512 | 7ed618578c6517ed967fb3521fd4dbed9cdfb7f7982b2b8437804786833207d246e4fcd7b85a669c305be3b823832d2628105f01e2cf30b494172a17fc48576d |
C:\Users\Admin\AppData\Local\Temp\cab8154.tmp
| MD5 | c47e3430af813df8b02e1cb4829dd94b |
| SHA1 | 35f1f1a18aa4fd2336a4ea9c6005dbe70013c7fc |
| SHA256 | f2db1e60533f0d108d5fb1004904c1f2e8557d4493f3b251a1b3055f8f1507a3 |
| SHA512 | 6f8904e658eb7d04c6880f7cc3ec63fcfe31ef2c3a768f4ecf40b115314f23774daee66dce9c55faf0ad31075a3ac27c8967fd341c23c953ca28bdc120997287 |
C:\Users\Admin\AppData\Local\Temp\cab8453.tmp
| MD5 | 0ebc45aa0e67cc435d0745438371f948 |
| SHA1 | 5584210c4a8b04f9c78f703734387391d6b5b347 |
| SHA256 | 3744bfa286cfcff46e51e6a68823a23f55416cd6619156b5929fed1f7778f1c7 |
| SHA512 | 31761037c723c515c1a9a404e235fe0b412222cb239b86162d17763565d0ccb010397376fb9b61b38a6aebdd5e6857fd8383045f924af8a83f2c9b9af6b81407 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d79d24a33fd5f70dba69880bb45bad6 |
| SHA1 | bed1a6ae58b0602b37c3ca793cee4ae28a2397e8 |
| SHA256 | 02e143b122d87a5755ae1344e25be85227b157a84959741673824f988557fb0d |
| SHA512 | dba1234ad959dceacc32db4eaa8584200dfad4c8c6bfcac94108fbeb20ce95b87bcaad1111d1eef519e8602a0ac2658fc2c30455159f4ad865175687abb92e02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eda2dbde6c417857f25ee2058c974065 |
| SHA1 | 9c461fc1034f5ccc2af7c4654c086fdb36b516f5 |
| SHA256 | 080d6c7bfe4782ab12c7cb7651910804421384502000741865e16b9710750d19 |
| SHA512 | 1fa6f620e45a32c167a0caa8b12926378d9a249dece7472c81f22623ab22b8a0c8e06b08dd854c9f514a7c037147db9592eda38fc59d5334c00e06012bef8f43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a88e7fdb770496c1034705eda1485596 |
| SHA1 | a86c7d3e993c4c50ce44cc50a7f0c714d9c3c500 |
| SHA256 | d1f405c7e2e5aeee9f2ab8a6b2fdd1b3002b2ef02d285921fe108b9adfbfecef |
| SHA512 | 5af783eec5780b2973b3c8442b56044129326f02403f88fef766863166ea6ea6b19b54115d9748435a0b355d731ac5d00274fa97da84b2af92d208ae31aee706 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD5C5.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bff8bbdce35ab73b9515effd7aba30cc |
| SHA1 | bb45438eebf55432cac539845f8ee9986a0ec3f3 |
| SHA256 | 24cae338854ddfa17527e6fe86f523941bd0978b6a86481e0384df6c4ff19a41 |
| SHA512 | 76074fe861ee5418908f8ae8001fa42cd8635692de6fe6bd2d58d45b768993ba3bec0e38e0d8f2b451f5b4e04da3bb5ab421d01bf5f444d2f328419b4a40ff21 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MLCJZEP1\microsoft.windows[1].xml
| MD5 | aa62b4fd04cd733971e64f76e26da9d5 |
| SHA1 | de13193a8ae2bbd9b6c0caa29ba6f2de0209b61d |
| SHA256 | 18f34a370d6a5beeeca1c341e834a0e72d0629556b3e318100a3a674913bed3c |
| SHA512 | 2a9bfb8679e34c2a42b99461e815aaa44d2064fa10274c017b106f738029316d0af20a482743e1e100f140b04e53beff679a6c264f3500e56a22fce415b14d5c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 767b4debf46e2dcb8ca28c07294057c5 |
| SHA1 | a2a51bee91d17bc954da1d87cae9bec094ca976f |
| SHA256 | 5c0ae6308bc6c268748f4ef5184d9ac193b18a6a62e297a7cece6ed438c20e4a |
| SHA512 | 975e38c31499ffcc032da2bde9ebe0b23f49a09a3ed2e20fce1e8d66cce2ed92e06a5a0f23a4b8bbd78fe18a577239ce5ced0a8e852de7139a0bdf68b242fe3c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133752318719665808.txt
| MD5 | 6c7c5879f1c75b60ca6fe7048fdf88b6 |
| SHA1 | e3faf0e19132003dfc8617a40933f760ec6b64c4 |
| SHA256 | 5391afca6e19b795f4790c36b762d967859b8dcab7f34f40cd3e9d02fb8ab74c |
| SHA512 | 23a865f4b8d9b04b85d85c7e81a24ca6e28b12ad74acc9256ac564b437adeb0c64cb5fdfc723dde91f38a6c9363e63350791eba9d9217d67b9b387ea8ec209bb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0c659d54-271a-4305-ba10-9f17baea6525}\apps.csg
| MD5 | 5475132f1c603298967f332dc9ffb864 |
| SHA1 | 4749174f29f34c7d75979c25f31d79774a49ea46 |
| SHA256 | 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd |
| SHA512 | 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0953e579-3b34-4ccf-8a95-c6b6f2c9f44e}\Apps.ft
| MD5 | 6c78adbcc2f3ba7a2ad306983176414c |
| SHA1 | 484787d9aef671594b4d91b6c7d2d5c215f46260 |
| SHA256 | 8f2abe81c4d834b96b5e39b504949cd04aef23e290309b413f501b396efd381a |
| SHA512 | 69bb126822ee7008d30135f7c216bf364e8e70ec5ca09cff58671d3c29081f467719bedb172cc14962aeeef22c34fb7e4c4a6aed26c26691a4cfef3816138c69 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0953e579-3b34-4ccf-8a95-c6b6f2c9f44e}\Apps.index
| MD5 | 5e4ec42046e35b20c1b8d97c17926572 |
| SHA1 | d0f371a97b676240bd90f9fa1a0b14f97f9b1016 |
| SHA256 | 6a8c0c8cc58a866d0b874926f0ff1e2034a60bb18a2c584dd7f100be49c0febc |
| SHA512 | d8bc115f3e0632aa6df6d1ca949e53a5724eff26c9d42d90686df0aea777a00b6c3d1738adf7807c7c752f5f702c4bce1bee158d1f9e765a0148c960ea0113af |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 659b2d1d69ac048565f10c3d60820c14 |
| SHA1 | 592e3faa7aa94098fd3f4a9e5598a7ab91722467 |
| SHA256 | 3678ea3676b95c9b009ce3268f631f98ab2c9b85f3cd37adb4a414e14df0849b |
| SHA512 | 0057c9d83e3e11fb1cac20783101f2bfebacbf25fdd8601f4e6fe6ee043f404917a2b7401153e292e768ffbbbd96ea8e2909c4be3372a8237b03cf53df39984d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt
| MD5 | 2dee0ab82c5db228dee2de2fe0d82eb3 |
| SHA1 | c6231ad00bd775537fb422a86bfe2b5754e9b91d |
| SHA256 | 0e01a47917642eac553b6d0feb6e97b398f7af84c5ffc74ba35ca66d7a341d39 |
| SHA512 | c46ae09aab1f240ba384044ef46240a4cb02b6144b0403d690ff7ddcf79acc67da345c98254ef5436a4008fb419c889af43489fedf86e8ba822128365f30763f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{0148f9ba-60fa-40cb-ac2e-6ae381bdb26c}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{0148f9ba-60fa-40cb-ac2e-6ae381bdb26c}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0c659d54-271a-4305-ba10-9f17baea6525}\appsglobals.txt
| MD5 | 931b27b3ec2c5e9f29439fba87ec0dc9 |
| SHA1 | dd5e78f004c55bbebcd1d66786efc5ca4575c9b4 |
| SHA256 | 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e |
| SHA512 | 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0c659d54-271a-4305-ba10-9f17baea6525}\appssynonyms.txt
| MD5 | 06a69ad411292eca66697dc17898e653 |
| SHA1 | fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d |
| SHA256 | 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1 |
| SHA512 | ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0c659d54-271a-4305-ba10-9f17baea6525}\apps.schema
| MD5 | 1659677c45c49a78f33551da43494005 |
| SHA1 | ae588ef3c9ea7839be032ab4323e04bc260d9387 |
| SHA256 | 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb |
| SHA512 | 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0c659d54-271a-4305-ba10-9f17baea6525}\appsconversions.txt
| MD5 | 2bef0e21ceb249ffb5f123c1e5bd0292 |
| SHA1 | 86877a464a0739114e45242b9d427e368ebcc02c |
| SHA256 | 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307 |
| SHA512 | f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{dc1a9cbe-c4f4-42d5-bd29-d3ab508dd04f}\0.0.filtertrie.intermediate.txt
| MD5 | 8609241ac301971b563b8864447f5fbc |
| SHA1 | 81b1e9382f7012f2441efcec40a5aabf46f34397 |
| SHA256 | 94d0c4ea1f705b557a8dd983931ecab83f4d19e691669f2723781d406d38a282 |
| SHA512 | e536d2ae24ee17df34e28bcd1220f20901ec9b19a6f69b0c87f82a6535c813737681496927d9bea0b90e33b7c8236c77790a55d9a8514f5084ed3ad16d71c554 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LJVA2E1W\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3174b799bc2055dd135a625322b76d26 |
| SHA1 | fe288ae266049487d8f551af55b76e0487aacbdb |
| SHA256 | fdb22554d184ae5ccc31d4964fb2c9ed10d92f1002c0421fdb3601ec0ead6007 |
| SHA512 | 8f3fbd1d30a7a642ef85178e2e15186c7d239fb50a51ce02a5b640efabaf1468aeb0020d70a4f7b287df76c41c1d0ef14dd086a06a90fa2eb08a253bf12269c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5a692b.TMP
| MD5 | e10596b0a2b61cfd587d4fcf01d3f4fd |
| SHA1 | 37b1720f107ceec6b8ca6dc4d7c8b2e80694b7d0 |
| SHA256 | a89a2ce15547660e1ca81c57c6d5074f43c96b529445c418d3678c909c357ba5 |
| SHA512 | 9e418eab0e25fe82411846c7a999e30559424a4b9a61b6e0ac6478a8d97b3ad4bdbc8f431fe5113d363b5751bff55ece719c6685b872e9ecb97e5e030103fc62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ce82dddd55b3a90eed2eb296fd46f27 |
| SHA1 | a89e5d8ff102b9495835d1edabd674e9142b08d2 |
| SHA256 | c5e10b0ff51b6d2a14823a5019996911db04fdc8faf98bf3c463a3c2ec7469ae |
| SHA512 | 1cf0d0eaab489e914790db43d689555b718de2ff74116a4446349b7a70f82e4716f8b1cf06977dcbe1e8a904855be68e01f1b5f1024eed8833a99fcebfd0b117 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5a693b.TMP
| MD5 | e18e159bb895831305e19cbecc5ff032 |
| SHA1 | 07870e3643bcac557d26e5b3f0cd122830ce4f17 |
| SHA256 | 1cdcd3a430f4e962f5b79f29cc8788902127189faeb1c7c65c379250035d2007 |
| SHA512 | b7ee7f0f70ecdf0c9c2c3bcd0d82e339cc39d9650406d1b2681282f4db843365ff92d99279f1d9a918ec08dffab17cf0e8d0945b3bc4be539a53a5626f13ae9f |