Analysis Overview
Threat Level: Known bad
The file http://github.com was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Possible privilege escalation attempt
Executes dropped EXE
Modifies file permissions
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Sets desktop wallpaper using registry
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Modifies Control Panel
Suspicious use of SendNotifyMessage
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 05:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 05:04
Reported
2024-11-05 05:11
Platform
win11-20241023-en
Max time kernel
368s
Max time network
412s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3880 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6632 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6330.tmp\6331.tmp\6332.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6330.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe
"C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe"
C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\windows\SysWOW64\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe
C:\windows\SysWOW64\icacls.exe
"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65© "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit
C:\Windows\SysWOW64\takeown.exe
takeown /f LogonUI.exe
C:\Windows\SysWOW64\icacls.exe
icacls LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "tobi0a0c.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 2.16.165.91:443 | th.bing.com | tcp |
| FR | 2.16.165.91:443 | th.bing.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| FR | 2.16.165.91:443 | th.bing.com | tcp |
| FR | 2.16.165.91:443 | th.bing.com | tcp |
| FR | 2.16.165.91:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 92.123.128.180:443 | tcp | |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | rv-assets.softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 151.101.193.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.193.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| IE | 3.162.140.120:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| IE | 3.162.142.187:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 187.142.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 151.101.193.91:443 | rv-assets.softonic.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | udp |
| IE | 3.162.142.187:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.129.91:443 | rv-assets.softonic.com | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 142.250.178.27:443 | storage.googleapis.com | tcp |
| IE | 13.224.68.110:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 172.67.74.232:443 | api.btmessage.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 27.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| IE | 13.224.68.4:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| GB | 216.58.204.65:443 | a91110b2a6db8e023637520d653dc430.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| IE | 34.243.135.213:443 | ad.360yield.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 52.213.194.96:443 | ap.lijit.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 176.9.112.162:443 | shb.richaudience.com | tcp |
| DE | 176.9.112.162:443 | shb.richaudience.com | tcp |
| DE | 176.9.112.162:443 | shb.richaudience.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 3.162.148.221:443 | aax.amazon-adsystem.com | tcp |
| IE | 34.248.111.137:443 | id.crwdcntrl.net | tcp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| IE | 13.224.68.73:443 | tags.crwdcntrl.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| IE | 3.162.140.15:80 | crt.rootg2.amazontrust.com | tcp |
| IE | 3.162.140.15:80 | crt.rootg2.amazontrust.com | tcp |
| IE | 3.162.140.15:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.135.243.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.194.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.112.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.148.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.111.248.34.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.169.46:443 | ampcid.google.com | tcp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.223.94.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| GB | 184.26.56.245:443 | ads.pubmatic.com | tcp |
| GB | 184.25.192.27:443 | contextual.media.net | tcp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | 28.233.55.162.in-addr.arpa | udp |
| US | 3.92.159.128:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 2.20.12.106:443 | player.aniview.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| FR | 91.134.110.133:443 | ssbsync.smartadserver.com | tcp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 35.214.214.217:443 | csync.loopme.me | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 44.194.6.38:443 | api-2-0.spot.im | tcp |
| US | 35.175.17.148:443 | sync.srv.stackadapt.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.214.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| IE | 52.16.65.27:443 | match.prod.bidr.io | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | udp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| IE | 52.18.167.44:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | udp |
| NL | 89.149.193.121:443 | rtb-csync.smartadserver.com | tcp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| FR | 23.65.202.55:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 148.17.175.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.30.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.65.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.174.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.167.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.12.62.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.158.82.98.in-addr.arpa | udp |
| GB | 184.25.193.73:443 | eus.rubiconproject.com | tcp |
| GB | 163.181.154.238:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.238:443 | www.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.181.154.138:443 | cdn.ldplayer.net | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| GB | 163.181.154.244:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 3.165.232.83:443 | b-code.liadm.com | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | udp |
| GB | 142.250.200.6:443 | 8876029.fls.doubleclick.net | tcp |
| GB | 142.250.200.6:443 | 8876029.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 260a31d1ae646308bc7f515dc415d747.safeframe.googlesyndication.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.200.6:443 | 8876029.fls.doubleclick.net | udp |
| GB | 142.250.200.6:443 | 8876029.fls.doubleclick.net | udp |
| IE | 13.224.68.12:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 54.243.222.180:443 | i.liadm.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 54.243.222.180:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.222.243.54.in-addr.arpa | udp |
| DE | 18.184.224.160:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| GB | 79.133.176.174:443 | apien.ldplayer.net | tcp |
| GB | 79.133.176.174:443 | apien.ldplayer.net | tcp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | mid.rkdms.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| GB | 79.133.176.191:443 | invite.ldplayer.net | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 3.162.140.92:443 | live.rezync.com | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| US | 52.23.141.18:443 | mid.rkdms.com | tcp |
| IE | 54.229.135.186:443 | dpm.demdex.net | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| US | 52.23.141.18:443 | mid.rkdms.com | tcp |
| IE | 13.224.68.52:443 | tagan.adlightning.com | tcp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| GB | 79.133.176.185:443 | www.easyfun.gg | tcp |
| GB | 79.133.176.185:443 | www.easyfun.gg | tcp |
| SG | 8.222.176.52:443 | api.ldshop.gg | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.135.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.141.23.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.68.224.13.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | udp |
| GB | 163.181.154.244:443 | api.easyfun.gg | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| RU | 87.250.250.58:443 | static.playhop.com | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| DE | 23.197.10.19:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 223.121.13.30:443 | laz-g-cdn.alicdn.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 30.13.121.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.15.177.108.in-addr.arpa | udp |
| BE | 108.177.15.84:443 | accounts.google.com | udp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | arms-retcode-sg.aliyuncs.com | udp |
| GB | 79.133.176.185:443 | www.easyfun.gg | tcp |
| SG | 8.222.203.130:443 | arms-retcode-sg.aliyuncs.com | tcp |
| IE | 18.66.171.59:443 | shop.ldrescdn.com | tcp |
| IE | 18.66.171.59:443 | shop.ldrescdn.com | tcp |
| SG | 8.222.203.130:443 | arms-retcode-sg.aliyuncs.com | tcp |
| SG | 8.222.203.130:443 | arms-retcode-sg.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| SG | 8.222.203.130:443 | arms-retcode-sg.aliyuncs.com | tcp |
| DE | 23.88.8.125:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.214.217:443 | csync.loopme.me | tcp |
| US | 35.175.17.148:443 | sync.srv.stackadapt.com | tcp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| GB | 163.181.154.242:443 | ws.easyfun.gg | tcp |
| GB | 163.181.154.242:443 | ws.easyfun.gg | udp |
| GB | 163.181.154.237:443 | ws.easyfun.gg | tcp |
| US | 8.8.8.8:53 | 242.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| GB | 79.133.176.192:443 | wss-singapore.easyfun.gg | tcp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| DE | 8.209.118.114:45003 | rtc-singapore-01.easyfun.gg | udp |
| DE | 8.209.118.114:45003 | rtc-singapore-01.easyfun.gg | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 89.149.193.121:443 | rtb-csync.smartadserver.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 104.26.8.178:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DK | 37.157.3.20:443 | adx.adform.net | tcp |
| FR | 163.5.194.33:443 | prebid.a-mo.net | tcp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DE | 18.156.199.224:443 | btlr.sharethrough.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DE | 3.125.202.21:443 | 1x1.a-mo.net | tcp |
| US | 8.8.8.8:53 | 224.199.156.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.202.125.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| DE | 18.156.199.224:443 | btlr.sharethrough.com | tcp |
| IE | 52.19.76.108:443 | ad.360yield.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| DE | 18.156.199.224:443 | btlr.sharethrough.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 92.123.128.180:443 | tcp | |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 13.107.253.254:443 | t-ring-fallback.msedge.net | tcp |
| US | 13.107.246.65:443 | fp-afd.azurefd.net | tcp |
| US | 13.107.138.254:443 | spo-ring.msedge.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 176.9.112.162:443 | shb.richaudience.com | tcp |
| US | 13.107.246.65:443 | fp-afd.azurefd.net | tcp |
| US | 13.107.246.65:443 | fp-afd.azurefd.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bed1eca5620a49f52232fd55246d09a |
| SHA1 | e429d9d401099a1917a6fb31ab2cf65fcee22030 |
| SHA256 | 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e |
| SHA512 | afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8 |
\??\pipe\LOCAL\crashpad_4200_QNQGQFXACWQURNPY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5431d6602455a6db6e087223dd47f600 |
| SHA1 | 27255756dfecd4e0afe4f1185e7708a3d07dea6e |
| SHA256 | 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763 |
| SHA512 | 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb6abfd5371765add17b6fcd7091564c |
| SHA1 | ba80a69f52f455a2f16cf11b21c3960d31f9437b |
| SHA256 | 65268dc2bbabb624159e7f3d2e4cbe7f5cdc3ed6afdf0c6afaa90126bc14e768 |
| SHA512 | 5294a9a29a7fcd766ab2e21a88febf2efc50d8a99c7f72fff77f3fda26a51ddde191878ab3533e764f71368f8ec2528137e53b25ed47d9856a2f55ffb2cc1724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38f99e05d485b737087be3a5b3f45db4 |
| SHA1 | 01c8a145c3198ea85d73a39f9506502b9adcb4df |
| SHA256 | 805bd612f46b77ac2fd4b05a521a1e783a0720564e6a13b8ef42d352b28e2e3b |
| SHA512 | ad1bd863c43dde288c6a6d66f9f10208ab8d4e24bdbd9db042b0c5deb799525508befa49309f5bfcf89f6f4fccd2bb1d81bdb4229133f9e0c43dd3ae7b2253ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e59bb8856f51555572d628ca33755e1 |
| SHA1 | 9f4559d7f972a9d7154e74c768d02e3818072be9 |
| SHA256 | f5656a1d6952539ce379657f559fa18c175692d60e1805389727564fb8fa36e0 |
| SHA512 | 4353edd66e534ddfc8d3271e7eb9691a779c36044ee9be40fb23444940ed297b48b7442cbe5aac4d7d9b3e6f52bfd8c0b4eacbeb088cf28498169dbd1febb22d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf528ade61e60c998dcd21fce91c1da1 |
| SHA1 | f77ca1c4ee1a619c5900f86be2cc24f512afd3e4 |
| SHA256 | 76db13c19baea09b1429cc1a8aff35a88bfbf8098392cae2afdea14c312b4a77 |
| SHA512 | 7700f4b54b690e5a57ceb4342463ae9f61db26f684f8670f114b4178822dbc14a93eea6664e2c20c1ab186c4fbf1c5bad836c1220c9e7ccd32377f59b588caa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816fe.TMP
| MD5 | e6c0efe4acafcabe42433acc243b6a2e |
| SHA1 | 6026436cb3ddb865c6dcaa2c814647496fa10952 |
| SHA256 | 9bbbd31748a5f08ae8f70f3b02bf0839079f8b4a7b3d7d05a7c5d9ad3fe482e9 |
| SHA512 | 8e633b4d9bbe9c117bf1a266f01ff89b006721031e0f810b4b914b6cc9c6a9d6c9bc17e6ae30d213a9c56e0b011a234a7e1865f61f74430108e3a349827ec3e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 247ebcea2703530f837fa8e98c7440d4 |
| SHA1 | 26b70a4ec261f5b24214babec791cdebd5567a63 |
| SHA256 | 262b44272c608d92f632ba7adb52b2372d976f5bb4dcb6b811f758b1c8ed0ad1 |
| SHA512 | 037d7f52eb4fe90bcc44307e20acd5e022273637ca20974c479274853ef1a3e182161386657bff50c37b07eb2a5a1613ab5b8f799b22267968aa6b4a56f983ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 178008197d603238d4e7d7823393af79 |
| SHA1 | 27e4b69b07dddd4b6bf4e4f98f636346332a1b5d |
| SHA256 | 079ce11550313a8882a5ef18b72e902b764b0b8060263ba76c40a66af2de60a0 |
| SHA512 | 2c2f62545a255aa4c5d983df50d7ca47bce0b291f8fa11b0b298af2cd58067970fb7e6391eaaba86f4f9aa82d7c8aeb69ba1a14b52fd7637f0bcc5f44c09ef0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d4233164e9f8a933c92721bba63edfa |
| SHA1 | 67a8c3f90c429a51a0041df04aa083fcaf6643e6 |
| SHA256 | 73f4127763a064c6ce1b9dda640f98b504701f2c88e5a5fff55e7cef37a76d52 |
| SHA512 | fddbc16854d7d4256a66f50394e7e6e20940c9eec29455a6bec789835ebd50a2c093d8b51e5c288046a8d2043b354c053bb703d752b99040664a9ff85502adad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03f2c91745d4ceb666d9ea82d9a4abe9 |
| SHA1 | 6bbc311aedf789a93ed6b6ddc2acf9a1490fe0d6 |
| SHA256 | 693e195da82dc583d9d73fffa4c6766de1a7030e672d5d8921031abc18816069 |
| SHA512 | 951e51a690b8ed28d58de7e1504f05072f42da078718f54d5f8d152ec30ab1e3e06f963fba2ad516df9ac0ad7d5ffb46d8d39ef258f602605e952d2ab7b70e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc655ab0-bf91-49ec-a488-e156630b9209.tmp
| MD5 | dcedf6b1b6d1e434164e23577d7720e7 |
| SHA1 | 3e72b6ceb20609b703d44dedf77793e4e90a5a37 |
| SHA256 | fd7f44e50d02ef1e59148cf1c07bc694d4df87b56529b4c743b4ead376c8d5c8 |
| SHA512 | 4d80f075a0135b4e7aa9439de7ae772779ae5386116e4df28dd59af858ce32ef22ca177972540250ab4d1803d8f412590e66a56818b9e7e5c1303b8ec6fbe229 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8669f15f633bdad04ce5d3e7d5bdabe |
| SHA1 | 9d864e4c4bd3f0e51470708fc39340772f808056 |
| SHA256 | 1ca79d7196446d00cadbfccfd628aa860a37114befe13a0434ae3f8c4437cd36 |
| SHA512 | d7343eb569856ce7b842a40002ee390d5ef6a62f9748cdbe42d35ea3a04f14149197b3bc25e70fc7c0790a99798b8adee8003da7d2b153830766d427a6e897e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0805d68b0851b24876b6ea23d5beb667 |
| SHA1 | efd365b7abc3a6b9afaca7826b90afa02c0b3ffd |
| SHA256 | a140241a40f9161c61d3b093d3fa4e2062c14a415a42d3dfe543c55fb89b78cd |
| SHA512 | b1287ba21ffe3b19b15571512b968de00baffb7ca881d22e24b8a392259abeca881d2a3c7c84836e67eb98de8b7399face7bf8a7f5d01a292c409aef71717eb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93d6205283bb34e584a335b99a1a8e93 |
| SHA1 | 775da0cab47c9566ddc355892084410ab0177df6 |
| SHA256 | f70e8dfdd957e7d209860453bc7587923fbf183a7c2b35babdf65734423b4a52 |
| SHA512 | cd1b37bf3091a44f4d0aea7ffe502f64a6528f135998e1c3dba41fc091d73ee27c6525f1484f955b16e22945ffb6fb2495c647cae4d818bd952951ae340815ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a0ef464159cf14fb74efbe9decbc4583 |
| SHA1 | 2604ed208a7d1be83dc0a021982820238ccbb4ed |
| SHA256 | 380fe8d236d478fc008f26cbf199ee779dbe2d7a5df2921c61d257f79a9360cd |
| SHA512 | c78d45e05251f4a7e28136a751252cba32ba977cdaba3444be10d0b07e5d42477c068085829dc6f2300471f831f20dfc0da6b9bfb57e3080170c209d9316ebe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 0ef81c037915f392e47c9edb5a07f6d9 |
| SHA1 | afa30374a5cadedb3ac20040afbe9aecfe7b47c5 |
| SHA256 | 499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e |
| SHA512 | e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 407490850a11d4ddbfa8cfc8ca4b4134 |
| SHA1 | 4a4ef50edd7d20ee11ee064a2ffc4f6ec7929d8e |
| SHA256 | 76585e2caa825e3e419d14abf626b43897ebc5ebad8eadebe23fa51bec943555 |
| SHA512 | 49db102c324cc21339db0e9a0119cfd8281d881fda7a8e7098bf967151eee8b51d5fc4b9ebe4f2aec63c6c0960230d784e9c4cbba51260ca289618cc61e10ef7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0aa7eb62f6e0036b35dc26d11f039b35 |
| SHA1 | bd6fb93957b47fbd874bf4ba5704dd003fc09e65 |
| SHA256 | 25894b7875f3b0d9f854cfcb0e86ca04effbd4a8f050a90cac64d89bc271a51d |
| SHA512 | 2df2e1b9df5d9773c0b199deb142b7e443d68d5e3cc3014a85df69a6273e0d4eaa94ca4bcaa3f5c2c1a45358b891c2513374d63f03e42474fe4ca2d2b6bbc6b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c05458b-3b30-4166-9e03-b5da4459b93e.tmp
| MD5 | 72a8ab06a9c0e8a5c57ce7a22929a27a |
| SHA1 | 18328e03dcc990672a9f9ff2277631e729b60414 |
| SHA256 | ce0f12b7d353e8269a6727f9c533df80621f0b545533d210664042a3c10cb6a2 |
| SHA512 | 68904d09dfb77a1dbd2efe07c983a3b8479cdfc130e7faaa1780af9f12d976a0fbc254d5fdcb3ef157091405a8284713e76d87f53cc5e3b83b560fa7c1446889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 07c1b97de5c54707533eab8d854e8f6d |
| SHA1 | c7c17005580c6ffa276c9fee6015406364169f0c |
| SHA256 | c290fd85b8d55d003ce348e1ad178d37d1744293f42981d093ffc44c2e0cb517 |
| SHA512 | 3b470051fa2d6745b7b7df855e2acb169e85ae6dbad91a002530d8194b27ffd06f5916b00ae20c7863ba88588eb70ebb2c31e2a34b86bd0206177df301feded2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | ceeb814bab0da3562b33344de8e5a372 |
| SHA1 | b5eed9180832cf5765cd58857118ea553932bf29 |
| SHA256 | 14d39e6c38691ddb59951108df87b186e5933010426c72c1ee82166cdad0169a |
| SHA512 | fd3f90e2fd92eca692559a41868290aa9bbc5504222d20722cc505ad3e4c2a154dc5bf8cc637eee2d25f8be2c967bbb9012a93cd4fd7e6a00433fcc934f0ee1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | c67ee59476ed03e32d0aeb3abd3b1d95 |
| SHA1 | 8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b |
| SHA256 | 2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3 |
| SHA512 | 421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | ce98c3b639ff53e62db72824806a2f32 |
| SHA1 | 4ebdf1ac5041a2bbfc736eee17784a24a7b2fdef |
| SHA256 | 84a942b9db6aba18b48f01a3e866b3ebb2b064655dc61969fa0f4d5e70194844 |
| SHA512 | 078c00acf0ec32dcd849d9f65405d3be8b7cffd8b42acffbf7fe6c6ffaf7c75be299cb10bece3768606db21765d2296cfcce334ad94a12b9a46bd65720e7c696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 0b1cb53525eea7989fc36cbacf716980 |
| SHA1 | 233f374a68a3b2837780a131f2d3373ee0697c17 |
| SHA256 | 825e558ea0411a6f745aef7a50996961bfcd7f08e07eb7b2da6a56758dda1332 |
| SHA512 | 7da444f8ea3825c173583c3db3313b0ddab86eca470b4129924a786a706357fdf67ca766979b998b33ce9b30ef802ae5219aef1c45296b532e14ee0f1d97032e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | bd946ba0bf15acbe12f52f126ad40dc6 |
| SHA1 | dc1bc60049a379d475857867455e91276e18d835 |
| SHA256 | 279f3edf35641367a0a2c89fb3fb58d2bbb0f51b18116197c4f3b91196b5a8ba |
| SHA512 | de491d6e54da1070f2e50390a672cd85c8fafd2f93d76880bebaf64832face6c6baeb28fd215057854cd736e97581373a9913e64227c4d79403c4c69a475b932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | f4a9a0abf7ed940419adeaabba6b37c0 |
| SHA1 | 01cc6457224deec29303633b3dd8cacbac184aa5 |
| SHA256 | 8b4dae3ac3068eb8c85e6f93c6eb3660ff9f5e867abf171fe44a8407d2fd5871 |
| SHA512 | f2d3689d9eb7d9cefd0db065fac8413e261d3d480a7ce9dc4ba53325ffcb1128ab966cc80a3daa27ad2e997d1dbd9785da7ad81857854022948da883ab19c708 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 573171f37ef3b1e2e9f027a0efeec296 |
| SHA1 | 10afc06abac9c1a5ae3dd14b8f6f71c701e72005 |
| SHA256 | 0a3f3852831f4c54210ef4fa161472e962595208c4394a54c26f704a29feafc5 |
| SHA512 | 93ffd9f39f42d6f743527d1dcbaa6936704a5273d73755498a7a9363042a05e19da7b14ceb8442fd2353c786aaa9dca3bce44a3eaae7aa0716f382dff20915ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | c54bd82b99adab5b5ae3ac15c344cd41 |
| SHA1 | 2e8c6336d1986478c64cd08bae05783b96ac62fd |
| SHA256 | b5f9b7a8f4b33a53920b67e9b27c25b28b0da9d7f2c6cd2885f68893a8fcf231 |
| SHA512 | 6ec6d936db29b9cc4e88a47c56a6e6986f448837a0f26c174d955c4ec1dd29493966698dc6b0bcf1e7ed62dc64cf52ccf5a00f89bfb5903d2d3d78e0c15963e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cec87ed3f875259496a285d33c95ccac |
| SHA1 | 40e993f02ef7131d174ab62deb5c59e4d19c2143 |
| SHA256 | 3443a8d8c56881de68595255ffa56a705ea4f20cd231bd20d64541b1d5010c93 |
| SHA512 | a1c1949ca3e94fee157a79cba9ec2ed0ab5faf13473dcc6fe469612ccd65b50e55fafe7fd02e2f79572191282692848ecaf700641e5285cf096d510a0789fae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53a1bec115a9d2f208ec7a2a72c11cbb |
| SHA1 | 4fb5ad136d0c2993947153585dc7310237c27f08 |
| SHA256 | 767ab2f89affac082612f729d4230084032678407290620f851958edf2e60441 |
| SHA512 | e5708f099660851afa32de8262e0343800dae45c09910b68ef4182948da91e35f62dd7b14b51686635dfc68742a5f43a6e2deeaf6566fe0654a008b7fbae94cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 888ff4b486490027a042fc38999778b6 |
| SHA1 | d45d68a511a6743145abf12d5573c729ad1fb5c1 |
| SHA256 | fe0b6a9221a4c1313451da3c20f7834e759a9f07ee486a7d58515b2085cac3f8 |
| SHA512 | 2967b5889be5153f53f6f92e31f5ff6ea9432e67191a0949064e1be857300934767e9bedd44c5d598c3ddb394814bc950f3691eeccf07416a4d2729619977363 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 134a54ceb33e832f4094a70a5a02cfd9 |
| SHA1 | 4af4001d7cea069db14da9da856801aeb87dd036 |
| SHA256 | 01e39ecbb282f9165fb0ac60d5ee2b270e8316bc89643e9a043ec781dd3a5706 |
| SHA512 | 959af83a536f7509ab92848f55354b90cb844e6414b66c5d82b17693830d83b7b5dad854ac7937b98d2fd664337e3476f7f5929e6e1d7a3a08a58a02b1a86f29 |
C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip
| MD5 | 914fadaee197d1f71082a7bd95e042e6 |
| SHA1 | 3356ffc83b5edb82940a04ce067d9e7ae7fd248c |
| SHA256 | 07bb2b15e3e6a2711ab2290c1f4a10f89ce193657e64f4e92190b7139ffec6ac |
| SHA512 | b9aa1390283b3003b264531ed50edeeae1922f25dca5fce0bcbfd5b72815ef7040fa8c024276e234286b76f46a4c69292b45b8250679f686f329ed9edb042026 |
C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 754fb659a83398e401843b5aa591d05b |
| SHA1 | eafaf53d6869dcba57a7b0a8aeafc6b2b223850e |
| SHA256 | 0bbfbfb22361b8e07d4e3e353b83662bcc199a042e5c60bb1975af1f9d52911f |
| SHA512 | 7c2166689665a117cbb4a329b4e17ba58cef7eb83fc7483a0e739ff8fbb2c52ed0f11a478f9f4ea5e00d973ac9a9f88fae50b935ae97417d80822d3da11f9331 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e79b224e0a147b09822810355ede658 |
| SHA1 | e4895faae4e56f2cb595b2b3c232ff7860ef48b8 |
| SHA256 | 72b37001a1cf867a785a7595a1512dc9b866a37271286ea642d3a769d7afe1ca |
| SHA512 | 54eb403dc86a98e7b973932cc9c36f3577f720710f9b090001b2744333b9d55b6c3abe6f934cc64f43b12a5f5759552b0ca1891b8c155c1e7d1cf12a1ec2c9cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5cb0b7441ddc7b4ed981a1516c6b1c3 |
| SHA1 | 277842cae4ae6354ffe24f08f81fbae7f7c23576 |
| SHA256 | 669d0ff58b4493ef0f60dc802d6a533174c4b05195d5eb024957805cea9ed37f |
| SHA512 | 0bd918c8a28ea5faa684c33c8e6c78581bea8f5281a98756495c664623b707b1c37b4253227e5df4d2a6da2ceadbc6c84d1fff057d164c26dc9c9b336996e957 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f4294e90b7ba5d5b9d268b4b4ab6700e |
| SHA1 | 93907a9e618d2d5b34d3ff90e4a85c9b7408b985 |
| SHA256 | cf5a9d33baefa248d354782338ec97ab0bb95b17d688dfbda745502b0e6aaa4d |
| SHA512 | b670b6b596693021fd5ea00efd74e0a8d940abee47c84b01be55987e7347d8b6f756a16706d49f0b4dca4ce5cc10ef0a7112dfa4ec031bd963d352b53dd93909 |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\6331.tmp\6332.vbs
| MD5 | b893c34dd666c3c4acef2e2974834a10 |
| SHA1 | 2664e328e76c324fd53fb9f9cb64c24308472e82 |
| SHA256 | 984a07d5e914ed0b2487b5f6035d6e8d97a40c23fa847d5fbf87209fee4c4bbc |
| SHA512 | 98a3413117e27c02c35322e17c83f529955b83e72f2af7caaaff53099b583cd241cec95e70c3c0d6d440cb22cf0109d4e46dfda09ef2480427e9a9ab7a4c866b |
C:\Users\Admin\Desktop\SPONGEBOB_IS_WATCHING_YOU 5.txt
| MD5 | bb6d68d7181108015cd381c28360dfc4 |
| SHA1 | 192c34b9cba6f9c4b742f2b70d9731b8ba2ac764 |
| SHA256 | aea8fb9235900760ac374c6a4a10fba62c2a0ef5bea2dd7ef4db70fe55e0b317 |
| SHA512 | e3d6bf8f6ae16daa235e2bc7ce64da5a76ff0155fa89942a4e9d3f10ce70229e081c5029a6b67702a6b14000f62e6c9188ba394ee7183d0667ddac9e0224f3f3 |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe
| MD5 | 33bd7d68378c2e3aa4e06a6a85879f63 |
| SHA1 | 00914180e1add12a7f6d03de29c69ad6da67f081 |
| SHA256 | 6e79302d7ae9cc69e4fd1ba77bd4315d5e09f7a173b55ba823d6069a587a2e05 |
| SHA512 | b100e43fb45a2c8b6d31dd92a8ae9d8efea88977a62118547b4609cc7fe0e42efc25dc043bac4b20f662fab044c0ba007b322c77e66f0c791cc906eafc72fb95 |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\tools.cmd
| MD5 | 397c1a185b596e4d6a4a36c4bdcbd3b2 |
| SHA1 | 054819dae87cee9b1783b09940a52433b63f01ae |
| SHA256 | 56c7054c00a849648d3681d08536dc56c0fb637f1f1ec3f9e102eace0a796a9f |
| SHA512 | c2a77479ca0aa945826dccea75d5a7224c85b7b415fda802301be8a2305197276a33c48f82717faddb2a0ac58300f5b849a8c0dffb5a4443663c3dfd951d4e5c |
memory/4792-1400-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6330.tmp\bg.bmp
| MD5 | ce45a70d3cc2941a147c09264fc1cda5 |
| SHA1 | 44cdf6c6a9ab62766b47caed1a6f832a86ecb6f9 |
| SHA256 | eceedadfde8506a73650cfa9a936e6a8fff7ffb664c9602bb14432aa2f8109ac |
| SHA512 | d1bf6cdade55e9a7ce4243e41a696ae051835711f3d1e0f273ad3643f0b878266a8213cc13ca887a8181981ba4937350986e01e819b4bb109330718ef6251149 |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe
| MD5 | e254e9598ee638c01e5ccc40e604938b |
| SHA1 | 541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d |
| SHA256 | 4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63 |
| SHA512 | 92f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\mainbgtheme.wav
| MD5 | 1b185a156cfc1ddeff939bf62672516b |
| SHA1 | fd8b803400036f42c8d20ae491e2f1f040a1aed5 |
| SHA256 | e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36 |
| SHA512 | 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7 |
C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe
| MD5 | 7c92316762d584133b9cabf31ab6709b |
| SHA1 | 7ad040508cef1c0fa5edf45812b7b9cd16259474 |
| SHA256 | 01995c3715c30c0c292752448516b94485db51035c3a4f86eb18c147f10b6298 |
| SHA512 | f9fc7600c30cb11079185841fb15ee3ba5c33fff13979d5e69b2bae5723a0404177195d2e0bd28142356ff9b293850880b28322b2ce1ff9fe35e8961bb3f7be1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1eba1e1c29e953d210247db03f6682ae |
| SHA1 | 594ec42d45d24877ff8d5e06f931a42a05ec34d3 |
| SHA256 | da4db13005c528cd6bfbbda6af13a9d6ccbd117fe91bd77d52c18874bf8c49b8 |
| SHA512 | 2a18902b0a43180607dcc51831c7c2eaca1a6ea505d0c80160e4f91aaccd02448dba057a4a6246e02bab595b3df3c307e6e9f5cae013fdc634874cd543ae9a56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b0d1865a38961b7e8a7109b0a628a31 |
| SHA1 | 61deaae385a97db030061401d247a11dd3f91867 |
| SHA256 | 6cbbd165436166b246f112f585a0cd7b0a0cd6d320dc56b775e4e4b59d39e528 |
| SHA512 | ac120ea36b6cf2a98b331945ef904d2d2d79b6b7f48d82f2f120246ece83687f9db67d50bd96e51e84cb5248e9896758d2f21a17a05127bf96791bfa86d024f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 290b7a704b4885d12ba96d18798ada4b |
| SHA1 | a3e32cefd22424074b6facb841914efe9b9baf39 |
| SHA256 | 7637e084cd04a63193a06051cab9b5c2ca71056a65094e0440c1ff2b4d227780 |
| SHA512 | a9d99cb346320914b8b4925c69f90203ef8f1c62d0f08fe8c83c1e5cd2b9710fe73f055e359ebb6d7131214487c6a299a1f87ca60ff44033d7801fbb32f8b9a9 |
memory/4992-1444-0x0000000000750000-0x0000000000772000-memory.dmp
memory/4992-1448-0x0000000005720000-0x0000000005CC6000-memory.dmp
memory/4992-1449-0x0000000005210000-0x00000000052A2000-memory.dmp
memory/4992-1450-0x00000000053D0000-0x00000000053DA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_D231F1DAD7D84B67AADEACE18FBC4AA5.dat
| MD5 | e0ecfbecd87c2bb6c927231fbeb65e67 |
| SHA1 | 930ba90982287d0d6934afea4508dbb49355036d |
| SHA256 | 7a7cf2273e04569145c2b49bde1457db70fe527265cb4812c7f88a51facf739c |
| SHA512 | e44a7b55183aab95043a515c5c335a2e00274166e03723ddb16fcb548158f5673608d303c348038bac41efac5564115aaf73d4cf10a0de9414d2a175bbfe2fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2d3a85a3d380ef707b402d93f812839 |
| SHA1 | a911a1a981414ae1180140a3109d19dae13e9720 |
| SHA256 | 92235701a743f669b32ba2fb8666f8b0281eb1c47cafec2ada1ceab9541312ca |
| SHA512 | 80200f037b9534fe3874569bc4fd87146d67fc0bfdb52241aa93ead58b525cc6a3e0f2933083c787b1dfdadeead4488f5416a705ebfcd3af758003b3615c343c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a741d3fad768562a8592ef81d41064c |
| SHA1 | 67dd64f58d4d5a83818eb2a2aec0381fa35f1ba2 |
| SHA256 | ce8203c8ef129ca7c5d9b7a893c4d238e559adfb3649e2982fb1bfd25fb823c2 |
| SHA512 | fabb11f2704bec5677c6017aa62c2bcfeea877fd3576928cc388e0c5b41e8085a5fd60cd04420f25822cc1289016ea907209d806c47437cc15973c7d6c037b6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 59d330c657843f1fc7dd12b54c155c06 |
| SHA1 | edd716ff7ac95da596c27832b2281a92dd4a5c36 |
| SHA256 | a991edcd292711d71b1dfe1f5f3fa1fff329f568662d9e0b61b1b182b7927635 |
| SHA512 | 0ccf114fada310e364ff18f32a42ad5485d67994185ab59f78e2e677677e5e956ca5f9d21eecf8ebe750b0c12784f0e919c9c5f190b88b4f7da38b3a7dbe7388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2d3cc4dfca7b94cc23ef1e0f9cd49e3 |
| SHA1 | 948305ab38c5b26b32cc9bae33da22e7947fada4 |
| SHA256 | 1931f306141692f5c6ac0c611fcd8ed11dc249770d4cd677eab6e0980fdd6d37 |
| SHA512 | 7c7401d350d9ace89f90258dd6f3fab03df313b0c24954639356c840b98c439cc5b0f613109760f0d5053c3aea77bd5f1dc317084d41eb2fb0ac239730247c15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092
| MD5 | f47b6a12139e868b5744680a7c0bcf1c |
| SHA1 | eb4041dabe302221f056ae1ea58c7e5da112d96d |
| SHA256 | a4bd19b7c0f8a43c4321c85bc23c956e2871040f252cfff76b1b497bc728ba94 |
| SHA512 | 0415a966c921e3dd89892686559ab5d06278ae29182f2d27c6320957e63007ac5964c0cea0cecd5f33e80ee433e3ae0b882760e15bb196b9d85d117d3c5fd1c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5
| MD5 | 9756aa7e947179e9eb681904eb0a33be |
| SHA1 | 212f64d38b5074ab32440be97d36a2580f36d20a |
| SHA256 | 8e93da82e7c5fd3e577e84482f8a9f759452ad802b41fa8b03688ff3fcb64097 |
| SHA512 | 9c0de8f7708e4418397e2738addcedccfd02de1cabb8102be0122e370ea55a350a70cda1d0099d7af8c7d3e994851c0877941ca269b06bcb6c7f77f9da234609 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc9246278e54b0bf2bce4ecb1c64953e |
| SHA1 | 7fff124c7b511ddadfbbedd8b9d9f4d62d440f5d |
| SHA256 | 01fcad41c1251946c8a7ee69234bc6d6c405167d1aba8e4526ac928538a7e726 |
| SHA512 | f06bc13a461607389d9a6d389a3d9da58935621d9ef61c206cc78ae98f023acf6bf03b15abdb612c61f1594f21e27f92f26a2d8f80993ca349607fd168e61fb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af
| MD5 | dee46781c0389eada0ac9faa177539b6 |
| SHA1 | d7641e3d25ac7ac66c2ea72ac7df77b242c909d3 |
| SHA256 | 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642 |
| SHA512 | 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1ec42fdabd50674c9da149ef603c872 |
| SHA1 | c4fd62d4279741801628a33462b439f86b2ed878 |
| SHA256 | 8333281c286094062d61f1feee2db846815d71427dbf1ff1d8b256323eab403f |
| SHA512 | e504167c4b80ca528c93cfbb274fe6cc350dd5762a4877a6a007f8178aeb3b099272db02c8a3c54ea6fcb2756fed53ab3b1912d5fcee37f300baa676d4801fac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bc
| MD5 | 5b9c8980823dac139da68f41e2947303 |
| SHA1 | 2d950568a2e5bca5dd7fed1a5944394dae8e99f1 |
| SHA256 | bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257 |
| SHA512 | f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db
| MD5 | 68b3d2c4ad0a08989723996b48cafee3 |
| SHA1 | fa776c002791fc47e19e9b4f26fb6aa60c0ba822 |
| SHA256 | 5e61ad6e0fd70bebb944c7545df0664d4191d91b136cbf402c1f407ce49fd714 |
| SHA512 | c4004f3e02794633cef68b175220a0dc4e116f2ca4fe3cf6e11cf7ce1e6a674b58b504a983decc3a60e30e2ba7bde6a03adb2053bec02752fddcc12b325c70ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da
| MD5 | 777a63c7bb73394365962e8e0fd2dc01 |
| SHA1 | 2ca4ef52bd745378018eb30180ffa208a76b5c04 |
| SHA256 | 10a7f1cc102eed344c455765969891f8c4ef071626036419fba5f17fa42810df |
| SHA512 | 986adc9a20bad40f8cace5dd9af3c3ac58e2fddfb30363ef61ef51d2493e603e28241da0144833eb62cae3c2d3fd2a38ba0a4822f01eb890cf58c7d7febdb8fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000de
| MD5 | cfa2ab4f9278c82c01d2320d480258fe |
| SHA1 | ba1468b2006b74fe48be560d3e87f181e8d8ba77 |
| SHA256 | d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e |
| SHA512 | 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d31acbb8a519fc58b08cec4010c641a8 |
| SHA1 | 0f0b76425da692df1e5dac5ab2e49825ff38b804 |
| SHA256 | d1c1809b775c55986f6a1578cd22205213540062dc2c5ebc5c1402f7b2945072 |
| SHA512 | cccc562fc8be8c029320d1eceacf99fdeea1b4c7ee48ec3d6d331db390b2c048804b31b306a13c71ed575e33955248d934284b3ca051260b16014f1444bcecf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b6bdc323cf217c9060100b975bbcf2b2 |
| SHA1 | 047a615fd71e02ff6519baaa9227782f944d3fac |
| SHA256 | acb4527310fe0955da66f3a31220f3b401620caf5fc4eb52c6dc84a637d3394d |
| SHA512 | 0014e0e8d454fab1d2887c8860a6b6566fa94ecfb7e9a7dead290a8d2555e476f27c8ae0d911071dca1e4a1b810a5e70fd58aac3249925de97a1adfbb7fca6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07654efe44aaadeed859396775f1c2ac |
| SHA1 | 577de8d1704d6b0d23123fb5fc81be1a55a141ad |
| SHA256 | eb8c078301450fbeb928ee7b8e7aeb5d523ecb179a8e0d8310316cddf5b8bba7 |
| SHA512 | 8e6a98ae64c33c60bd3a3d44e9679564b97a9ca07b6bc3e46cb15d158951d9af57f0136d9f1f9a11583059223c0c9c945076ad1d2d918d56bef862e12662c47c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ea217951c6095a25b772a7aa65539c7 |
| SHA1 | 319c1bffa06b74c6691d081e70c20c9252fe9ac0 |
| SHA256 | 9c83b306fbb940b294aea3f94c702b8c1da860a88ea9fe49c0c7ae5c10e6fda5 |
| SHA512 | 60245d6aa320b65e0a39bf7baf09ca4798d363d4c32d3bc2214cb8f59ae553cc04342683614bf8575b6ffa73c25336cba4f068a303bc2c9bdb9f6550cd411a16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 676a2a934af43d976eee0ddec7848445 |
| SHA1 | a28a10be7f9c4ad5edc1c8953191a2b21341d2f4 |
| SHA256 | 00691f53c12f0ae041788d2947a4d435efffb8e567bc531e476dae629eb8c50d |
| SHA512 | 3668ed6de34384bb913e59a19f7c388e89711d51920bd67769433aa7fbd91d2e719ab64cd8acb04a2c0d300c4fa9b14d1159b45c0c9805a6a31c73606a9ad3dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c3698.TMP
| MD5 | 705fde1c2125bfc2c0f3a2ae4e9ae614 |
| SHA1 | 18aee79aa578c5819c2ba270a82b59a96e3d0d03 |
| SHA256 | 5a5c298bd82007bbb4354667f2ef4116704f447d3ec4af5f9da822102c220bb2 |
| SHA512 | 348c0dc9c6c0418cffd3c9c8468b4c72dc6211c332217e3f475db09b0658d772f541f774a43686f6bee0ec6fa3a7c7e308df9d1f70d9b2ef2f564fdc6f589ec3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e66072b1848bf8600e0f0f4c21f5b89 |
| SHA1 | f3872e1e9b2f5ea2ad2e4f6da01fbb2eb636f3ab |
| SHA256 | 56722ab18665cfdf4e799d6e157f201e7bb6ab38b8b2eebe0248bcef146a45ab |
| SHA512 | fb7e2fa7a729c8cbef6ac980ef37dc048d1997e35d2dc97f28ede62a7c9ab3e5acb918f94c6b78fe1fb89cd6d7111894843d92c179c0433dd913760e4d0a9195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e888a69bf3b1a92c343f97414f521dc7 |
| SHA1 | 14ba1ead9816082d5354ec2a95b59e67b6c838ab |
| SHA256 | 964665ebc926887cc5e5728d122ab7b68bd18c73c1aa57b754079a0c8b6e4ae5 |
| SHA512 | e89e89fc589a617d7d390346fd98355f9824e4ee6ffba814e94fbf82f5db94441a5420afddc39d3eea3e28622bdca957416024676166bb5f3a05946354da3584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e4
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 833dd400e75aa0d5d737619868e262c4 |
| SHA1 | 6fbe5c4118fb6ca360584a95128ed4f4b93e59e2 |
| SHA256 | 0501ac98101b95df2b3ff4d053fc52993ef9138b541a0021d648e7747986ebd8 |
| SHA512 | 52e5fbbdb01941096c2f9079dd392b7a6cd8fefdd296fd0560a6d334b3aeb3f72884131ebda871abbdd8d5f3238cf7731838353d253c1a939ae76f3b6eeb3e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0109dc56b6a6820eb2f4e92a434f04cd |
| SHA1 | d4a1df5676fb74016926c244b8662b0ea0e4ac6f |
| SHA256 | 3148bfb5b618dd0496daaa4c676eb46b2e7de82b2b69bff87dd04fd3b7e2f36f |
| SHA512 | 893bab433f856e1cfc1366919c79ab06b6fd47b552e3565ac421bbb9d7375c745c013a59c8d5794db2898df3004561593b159c06afd5ccd53fb59c48864199fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e9f7061ab26753916dbf513de198c3e |
| SHA1 | 806202b61657d118679cfb1c8c2cd68f088340c9 |
| SHA256 | b1b5524d7070167a3c86bb72dc0974f84c0fb21f6e9fd8594648345d36720ecc |
| SHA512 | 20c8302d522713bcaf524b54199db151527c421b7c187537e2e8230bd3a895a06dde87de5f11b205048d72911752281fb695fe1b72220bb23a400c7651648220 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f03768b51159dfb2692fe49e29aaf3d5 |
| SHA1 | d9ba6245ecebcb711fd6368e92781767f1bae275 |
| SHA256 | f97a5f8f1ce8f006d16592c6c3b65f56e3c86ed0a685bad804bb03d92e4b14a6 |
| SHA512 | c52c36bcebec094e2b7caa085d55dbb78fb30c0d381c6274c4de062373cd657c0e376d20e99af1c08a1f705f0ce834765508a9adf647c5b63f07ba469099236b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b99398a329956a25fe1d86341ae3727 |
| SHA1 | 417aa75804f3381c11f4605d2c27a858b9e0146a |
| SHA256 | 593ce4b85c353edf947c03dcc7cc36ea5809cad59c3de0e4735f4b8607dc5115 |
| SHA512 | a52c8eb6b56907370cfa53b169a705a86bf20b99f6c66119c55a0cc804c01cbc694f5c4c017e471670e0384f00dfd5da6c2c024ff5aa31d47464d792a4b3720d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\37bf5475-8973-42db-b7c5-e90c0f9a89fe.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55a0e9b5a6dff622b257d4b9505f3e87 |
| SHA1 | 3020f032ccf808d9edfc7ae667b05e65bdfb2c21 |
| SHA256 | 5af841ecdd96f1d36fd36e8baaa7743386899924859b9d8167154d5376fd9db8 |
| SHA512 | 388d8ee51cb974276dcc6d7880b03c6e64505f947d3af3205e35814641ccc7f3d95b46afac397a397ed357fe63af3d878b251c2292738edb5598c30b8ace1ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ae0a25773d46fee3762cf3d774c2460 |
| SHA1 | 0ed030ccf61a81f5aa36676d18d53f17cac8f25e |
| SHA256 | c165ff86c3c66985de08b78f0858a23957af42aebc267bbc491e4da825d78fa9 |
| SHA512 | 1a894c2c88fe63fad9f95367515c1f7388c705a112d7ea272e8a1d68bfc0bdb7dd0368fb48636913b2da419ae15dbc44a98f11f6df8781674cd002905a10e494 |