Analysis Overview
SHA256
449328e0328f0bae0b9ff4b024f1b013f7ebc38baea394fa338ac0afbb697f16
Threat Level: Shows suspicious behavior
The file HWID Bypass.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:51
Reported
2024-11-09 22:54
Platform
win10ltsc2021-20241023-en
Max time kernel
97s
Max time network
138s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\HWID Bypass.zip"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO85BF6AA7\READ THIS FILE PLEASE.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://slothytech.com/how-to-bypass-hwid-ban-in-any-game/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7fff8b6446f8,0x7fff8b644708,0x7fff8b644718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2617922223879779078,3309936335653006245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.revouninstaller.com/products/revo-uninstaller-free/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff8b6446f8,0x7fff8b644708,0x7fff8b644718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,318617097807230392,12967450167228212479,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310 0x2fc
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | slothytech.com | udp |
| US | 194.1.147.17:443 | slothytech.com | tcp |
| US | 194.1.147.17:443 | slothytech.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 17.147.1.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.convertbox.com | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | cdn.convertbox.com | tcp |
| US | 8.8.8.8:53 | app.convertbox.com | udp |
| US | 52.21.30.103:443 | app.convertbox.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.30.21.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polyfill-fastly.io | udp |
| US | 151.101.193.91:443 | polyfill-fastly.io | tcp |
| US | 8.8.8.8:53 | certificates.starfieldtech.com | udp |
| US | 192.124.249.36:80 | certificates.starfieldtech.com | tcp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | fonts.bunny.net | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.revouninstaller.com | udp |
| US | 146.20.152.114:443 | www.revouninstaller.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.152.20.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | consent.cookiefirst.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 79.127.237.132:443 | consent.cookiefirst.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 216.198.53.3:443 | static.zdassets.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.53.198.216.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | consent.cookiefirst.com | tcp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| GB | 23.64.26.128:443 | f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com | tcp |
| GB | 23.64.26.128:443 | f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com | tcp |
| GB | 23.64.26.128:443 | f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com | tcp |
| GB | 23.64.26.128:443 | f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.ssl.cf1.rackcdn.com | tcp |
| US | 216.198.53.3:443 | ekr.zdassets.com | tcp |
| US | 8.8.8.8:53 | edge.cookiefirst.com | udp |
| GB | 143.244.38.136:443 | edge.cookiefirst.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| GB | 146.75.72.157:443 | static.ads-twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | vsrevogroup.zendesk.com | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.26.64.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 216.198.53.1:443 | vsrevogroup.zendesk.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| NL | 13.227.219.28:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | widget-mediator.zopim.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 46.51.152.146:443 | widget-mediator.zopim.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 1.53.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.152.51.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 66.102.1.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 156.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zO85BF6AA7\READ THIS FILE PLEASE.txt
| MD5 | 5215db1dfa2fbd6c443e91999d9bf7c4 |
| SHA1 | b11266ce8546c9a18b006e216c937b0b7c8c8fb5 |
| SHA256 | ac1724e71a8010b0189879e440e0398d73497867e6f73de19c68cd36f1ca0862 |
| SHA512 | 07ac1fc75d92d2d63d9daab63af5a0f24b047ab26e26396a566178cfc26da6ae7470e8e6c7166c09fa3750e45b3a1a3befad3460906be6796cf571b7c48b77f0 |
C:\Users\Admin\AppData\Local\Temp\7zO85B88E28\Updated Step 1 - Follow instructions on website.url
| MD5 | ef9fa18d6d49e92eaf2324b0d014813a |
| SHA1 | f68a93434a8829909bb047bffb57b8271121f78d |
| SHA256 | c7a9eb7d13feaaccf24d3cc3a591fe47dbcd1b228bd287c75422776aeb71a4e5 |
| SHA512 | 5c44360313ce713b3fceaf1a16de6ce66fd2f567d225f80b813f88125a0e3bca21bfd0f4b3ad2a083398778a2183ac2df3e629f5cd57f46215db4e8fbc618b22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 557df060b24d910f788843324c70707a |
| SHA1 | e5d15be40f23484b3d9b77c19658adcb6e1da45c |
| SHA256 | 83cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b |
| SHA512 | 78df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c |
\??\pipe\LOCAL\crashpad_2384_CVAWTKTKWQGYOEIU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 843402bd30bd238629acedf42a0dcb51 |
| SHA1 | 050e6aa6f2c5b862c224e5852cdfb84db9a79bbc |
| SHA256 | 692f41363d887f712ab0862a8c317e4b62ba6a0294b238ea8c1ad4ac0fbcda7a |
| SHA512 | 977ec0f2943ad3adb9cff7e964d73f3dadc53283329248994f8c6246dfafbf2af3b25818c54f94cc73cd99f01888e84254d5435e28961db40bccbbf24e966167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 952a6e3cbc50f011cf2f04c9470080ff |
| SHA1 | a0d6a2509af73e523c970f6e4351861bde63d6db |
| SHA256 | faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f |
| SHA512 | 7955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39a3fe419416ceea6b9bb59de3c379fe |
| SHA1 | 9cfa0f8138c92a67f9e01eaff2f15921287d57b9 |
| SHA256 | a0b62c0aaf2f495d06576aed6c8f965f96cf77954fa1bd00b727361189b92aa9 |
| SHA512 | f815c2b2cdb4abdcd4249009db13d011551ed5e4054a15efa6529ccb203b746c2b29a23d4447814cf795e0aa0f16e228a9b7cbce42b7ea00301f1c4e132080ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7a3b4b85e6331c72a73ff030e58084cf |
| SHA1 | 1e74b35884b0c889a1d61ea26dd653c5c76ec639 |
| SHA256 | a4819034a79fbe739abb1a9b224dc4a04a31408b14e7bc26cf6fb4760f67ee2c |
| SHA512 | 27ddc9c0093d4af9ecb245024b4023dfa160120a477c60897438b9034b45a55ea93c14d37f8827d60807a7033e70657b87c6457859e0122adfcb4f7166b48335 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e97f6220ebbb76d73512eda5b198c948 |
| SHA1 | 22de56025f112acdb744b7bb7d5a8211842e173d |
| SHA256 | e1c99f2d2ac5767dc3f27b07792bee0052f66affffb7bd0cc7547ea822583985 |
| SHA512 | 289772c77f71ad193e71815539720d9f2eb0a35a2d6ac026e63085a1451c80dff9a54a265cbc8a4cc2ee3de4e818d59268b06af8457a5f48de485d629e60690a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7a806934f7bca4788fc7921eaf4d5d3e |
| SHA1 | d37f97db91fa5ce4df59e7916298bf41ca0d1e95 |
| SHA256 | aa073afc7ddf125c65d224c181755d8bc7028a061fd8fe8ea1a60e172a3e5e68 |
| SHA512 | 762071b24b21b89c1bc48e4d1f7294b54f95a55d5dcb8757f4158f5b818c2607b59b5f13f4d2910f2d03cd4024ca0b28de7fde9bdddf63f0221bec243feb0d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f63c58ca00d852cec4276dc8b8765025 |
| SHA1 | 72b6fef7cede30eeee0720af6e2d649dd20e472c |
| SHA256 | 22fcd851e113201bff0f8e9415b2d07046fbfbd62ede5e376b39809b42c5211b |
| SHA512 | 5fa6d7aa3d56751c1dc5afcdaf664ac0f1589ac8b4ee7b05a4bc1d99f87a7774770d9dd0ff035cbb246121a594806e46b7656c3df14af623d83de424e0f91da0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584e88.TMP
| MD5 | b047e8f0a6bf79c7909d11880aef2eb4 |
| SHA1 | 30475844bd91e5dc6729491fec14f61b824e3989 |
| SHA256 | ec56326eae88c0d4137140639c9b0648bbefa4efd4304be662e62546e35b7332 |
| SHA512 | 337a35143b9803ba631ad7329a9bfc4b2b6a51a32e76649dd44c62ecc52005b34f751be43768c5839cce218ccd9a5a08d8b018cc9456774db55f9928bf389fd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f45e36662e06a4f037d46857a6a71063 |
| SHA1 | 1bc8c5228749185d4c38dd695c8f2042a1235261 |
| SHA256 | a07ab330c8790a01d72241972c4de9d1a2611a2ef6d4d1bde6c4afabad0c1be9 |
| SHA512 | 7b306b1533455999862092b9aa914d284ced1a8fe16a3476dc569865813ccef18820c78e7ca21236ce045d7c4de06a6737ee578ded5e666f7c257bec7faca305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7ec974d6450b1d66b1603b4d8ab6f311 |
| SHA1 | a69718ede5e64505d611081ce519c13bf1874c71 |
| SHA256 | c8f35daf396d3857417f59817d58bd0d546a726b6d8a00a8a1c2d158623a721c |
| SHA512 | 9a524e266bc6b297d510d791445a6c014684c7d583037e2e40c8ad5e886e49f843662afc3c39cc9c82ae9d165e0a9ef3345dc800eb0655ca70b0769bf207bd2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 56c26709c8f5236e8179e46e500fe815 |
| SHA1 | b5b337648d48ef8ce973f6fcf27f31facfe5ef30 |
| SHA256 | e8af05dde6a661cc49b177467dc8bccad7227aad60b3a654dc13fa1b8ac676f2 |
| SHA512 | f8fa180c4caa06cec5d98909ee0a5d44e0d5ccaec295c1e4914c1d23dbcc56d16290966e103bfffa151836216b4da59ad668d7e23fe78cd785785d5f37a920bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81566b88fdd6fde918e66335bb3c6d72 |
| SHA1 | 355dba7997b56e37e25e9589763b6a0089afbb65 |
| SHA256 | b9c0fd262b15076fff268fccebcdb5f616a271b0558ba682d3a03c5378210fea |
| SHA512 | f33c7e6231b81d2376b30e34843f864a554782bd30ef7aa0d0e5bebb0a35fb246f232b988dc11eeca11e181ddcf1d5d52693178d79b26ed9be5471a9bef4269e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f4672fb47dff4327151aa439881d473 |
| SHA1 | 5370ebcaed29e40a9f6b4a026697e886b274c0d7 |
| SHA256 | 0249da8bae0596a81e8183578610fb120b7e6d9367c0de83ed66f9d50f768e35 |
| SHA512 | e1bfce82e1095d3bf837f0a52c2903ab1abc05b2a7fd66351230bc60d6b8e9c3d58ec25ca658b6981de6aa61808a8b58af4ec5c10d38fc8747d36c3b9c514be8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\7zO85B27D48\Download Revo Uninstaller.url
| MD5 | b8af8aa3d0d8003e486b3f952bafbaac |
| SHA1 | d452237651cb4b04ea8ade827cbb3512f69c0f9d |
| SHA256 | f6db928c42771e18d7795dab63dc991ec8d3dc371e8b4804d467f65ce11c607f |
| SHA512 | a34972401cca357962507ac28907ad83eac902235f52608b77a1ee005032bbf5f76fbc65a2bead1d5cab85ff867641926a281a0fb3df145282bbd93e8de49b7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 469c6f6a3f76aed4d977255005d3e1bb |
| SHA1 | 05bd55fe7e1b51e4574a0a3b708f7de6e4914643 |
| SHA256 | 80ad3b8971c937d0277c5a8318ddc7aa2e0186103d01204da40c8139fddee50d |
| SHA512 | 83d64b92341594dc861af2f6cdee53c783275c5a209edd65cc29d7ee62a7666cbe7100908014691b3b2cbc899abca76827ef04eff56ba787573ecbe90d2758a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
| MD5 | 3a05eaea94307f8c57bac69c3df64e59 |
| SHA1 | 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8 |
| SHA256 | a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e |
| SHA512 | 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 76104f0f44a45c7753b4b453ae9fae53 |
| SHA1 | 84fb98272f9a141d60f243815c259af10d5e545d |
| SHA256 | 050efc773f2e3b3ba1e6b758c46dd5265368693ea78b85af7a58dc11b9aa3b0c |
| SHA512 | 1eca36fdc7759213c52dbe059bcab99ff4b4294f38da0550c773e946480a74a91c3e70b7f058043167b0615ca2f7cec2696606759ba4f45067bcc0c03fd857b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375666357434462
| MD5 | 1259061672162f9ecbc2e4adf97b1d63 |
| SHA1 | 53c74d46c90a2f243695cd7f861475572ae9ad4e |
| SHA256 | 8792dd0d4e408583a31bc6aa287125d8a2bd1cbed1e966bfebd57b1892f8045d |
| SHA512 | 4eaf23b6bc2b31f4ca270a2b25a5663b4fa0b8770539be2feca8db9125854ea3c14555d7e36744c310cbe13310eb080c4fa4ab0cc32f75c889d1b7505a9553b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 745cdf6c461ec11560de99b63184c65f |
| SHA1 | b1d4abe19bb069aa031f57c345d2b897c448dc66 |
| SHA256 | a706f8671987f4fcc342c8cad52b56ffa7b44d8d9301a8252550742fdec07924 |
| SHA512 | 1a0e3e1d7531bd4a364c6b6f1a655ad595e21a79f4c2be0de5160e3845ce57eac87f8dd460ddd4863c2d8a64c1b16e927f63823f09dfb173c513f43a0a4e097f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 63d6fe2596fd91a299a53b6d9ed2af9a |
| SHA1 | e0243ea0e550c40b88f870b54efa924ee6abca92 |
| SHA256 | a4341d82d6ae9c8cbdcd1d7a3c3ada43e59e50f1dfd731d6cc2014318682d5c5 |
| SHA512 | 5cfb124b2e8a6648e3bcbda4cc2b18c7032c2cc4700e5bbeec2b466bac162cee76dd71362b49b72953f62dd9fa0ed41795a8cedc9503ec412f0f01754fa462c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 0b7d7763d0597e1d5b2ffe2eb82b86f7 |
| SHA1 | fafd723d237ac936c6a653a126836f2613eb3cab |
| SHA256 | b8418c372e04c4a9a26906f8052b3a4bd9876129380d867b17027d694f9434f7 |
| SHA512 | 7a1c3c26b1700dd38c02c20f1e1f127c0cc2faa620d1817dad8b8330bb97775da9bfe458f5c19844373cf448a85172cfb905e947e4918f7e70f57b0147a9adc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | eb661e0b67eb2b93cf17a3d373255872 |
| SHA1 | b4602aecfac72eec7c9de7a1b327f9017b2de07c |
| SHA256 | 4559ff28ff8436ff5030289dd65f109bc8c531cc44f2800531f803f5b3b3eb47 |
| SHA512 | 3f24b0c1cb94baf4918e3c2a7f2576fc6f7344a78fc96105f84548517cf7545fc924eede0f6901c9b6159c121ec346549e4e7e9d94e09ce2c7bd28a8ac1a55f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f9b62e550bab8fbe0386f17d7b03220e |
| SHA1 | b3a9912065003f3083c67ca6cf2ee47204551377 |
| SHA256 | 61afda3d967a13aac9fa4172805f218f7e841fd58a9a9ac20f96857e8c91bb70 |
| SHA512 | 671ed8ed400201699b21ba3ff9dbb9edec48763c8d6a061e81de4d67c34189dc1987545e6689ce446e6709d33ec9a796d1a7d569245f2306bb35053db6e712ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 6eb25f112c53e1ba64528e4251f6d406 |
| SHA1 | 3dd61d5ae473cdf7b328005ff5a3e45c795e99bd |
| SHA256 | b0779079465ad023f11f1a334f9f871deeed646be06723188e2b8e40757a9886 |
| SHA512 | 2a7af04b0006188be405e71cc276049f8504434b69afe4bc3d06d41e47ae079c05a6a4036205d335b602cf146331e2e5716fd8f40866611c1105c1c21f7fa32e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | d0ec5a48811f0027ec0ad486441255cf |
| SHA1 | 8c40ca0578d5917099a008f2caf056a9310c20d6 |
| SHA256 | f550af547d22d3277d85b9b1c3e28622f8542cfcf2e71d3402f1e273e9e6d8b5 |
| SHA512 | 2e9eb0033f080901a26634426cab7de868f74952c2590515ed44247d8545435f6f18217ff098ae11b530c9be043d688851d44b563c4ffc3115e598261f574194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 17ebff18323d4fdf8488bdb21594aad2 |
| SHA1 | c9fe4154164360c6aa55dd3c62f2306922692abc |
| SHA256 | 18fb261baa1a4d7877190902179f73748a04226e655f4231f45134fecc9d01fe |
| SHA512 | f4d8e7053400d4d963adf2cc039745e124021e06c2e183309c2ceeafa0a294e3d1129a5af8487f2f1dc7e1a13321f67a3799f7a4c69a8ef54664c6f5d44f605c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 8c90ef324f283ecdeb93c8a2f9fd95f9 |
| SHA1 | 688579f915a91b55cf1c6c380cb8156ac4adaca2 |
| SHA256 | b7765f9061b27af2af00c105d7b26fe859e74888ade409d8584fe5604b0872c6 |
| SHA512 | 2300bb84da066ae0bd7cedbd4f5711774982b6a31a7b75bea1ae96eadb4d64e4674aef4dc8d1d7122e6c83b32446ce23f55b794b8f6768246de0e492bb958de3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 84828f7078fbc533e889b2a2c5a6c814 |
| SHA1 | 1bf4684207f1863b8f93ac8c38dd2b0b6f3a0b16 |
| SHA256 | 0ed14f35258c93b0a7f145fd63de202529f267a080c124b6972315b10b70529d |
| SHA512 | 8d1b326a9358b9f003549b9e15e12fa589ac1ced82e8d96b9e38541a6633264934bb73b68ada1827ad568aaf38c530149ef0fa7c4ad028fa3b67e97f240b545f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
| MD5 | 275f0e8f5938d6f04fbd4afd3caaf324 |
| SHA1 | ceb74e5ef84b29d1a39c4ff37d6a60ffd201f4dc |
| SHA256 | 0e1196a785a060dfee099420862b575dd5d95a9d7521da542594c5e0aa9d6568 |
| SHA512 | 9d19169d1f1ec0c81c18c292cb5c0316ef98c4758700bbe801e6445601b1913261153770b04b4f6b3008735718614359746e03c3590c42820e18d561c6515909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | d9f84c8cf73422f2ca07d7e7462b9534 |
| SHA1 | cff6e092bf5bf1f3f47b7074847e204042a881ae |
| SHA256 | 5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2 |
| SHA512 | 1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fb1762616f4313d00948413809c7a8c |
| SHA1 | 18c136fe65224f0c9c166f0eda35464ccd26c679 |
| SHA256 | 8f9af5d4224cc361c4ece079cceb90cd44c1a576fcfede755deb8855e61903f4 |
| SHA512 | 98d0c07baddabb59a84f11605d491a25dcfb90acc315cd56aabf9942f0d2099238d83c342f935ec27b9fae1bbb3c11b454cd678ef05ce7dbb396be6f84f134ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 394b85403f1582117c2c08d9644f56f3 |
| SHA1 | 0e88668e8c167b5e1f0ff6c51396088dddffa4ac |
| SHA256 | 9c1757125b58b31d37cf203d66db73a7c51fa22e533a24c3ba7b722f8cf19b7b |
| SHA512 | 33f4593dd1236e7bc8dbd043eb4d8115f472dfc6a4e4ccb5d01352869c478a54475964a914c1fce6379ed3e7c79b3777cc0e92a17879418201a923274decf864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 6801dddc348489c937fc998bd356022f |
| SHA1 | 526708b4d4fd339eb27742def3c7a45d8c2b4af4 |
| SHA256 | 321e06bb500cdbafd46891f82360b136dba06a9687127f1672ebcad3f38892ce |
| SHA512 | b520a26a7d60bf734deaeed9c7f4b9b9649be13261d1e17488281a6fb2ac138375a7273b0d598860f946b1adf37c63d294f0270d4faf5119baa0e5455e798ae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | a2459bf3c1579ce5d4b2deed5f774e29 |
| SHA1 | 89e461eb10b02701c4f01af7b0043643a65e708b |
| SHA256 | 9d61ce4d5366b336bb1bf82e7a32f9ca6aba334593bccd5feac6e388ae1e9cc7 |
| SHA512 | 35804f99974a64308aac363901e7aaa078bbdca16d532abc20244924ed01ac901016b4d709cb1ede1fec30372f2c41b77a824fc18abe0c75ce57d1712782a189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 221771bcc90449d21244255138509aea |
| SHA1 | c70397c04a481f86c0b0f18d13c1fc2bc13325b7 |
| SHA256 | 622c5bac08ac0f8a3502b9afe50390638a77ffa308f9e6479dfdc37c94e939e8 |
| SHA512 | 831c28b67b996184c436f32da37527255a5b61d04b77adaa3ef58ea0ae8316042023c2d21aa75c3f00bd922c01c9f21f2ca3eeaa77655edee61806adf6a815c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c2b841704cf21409801d734ed64775d |
| SHA1 | caf5cf6d36d4079568214780022b7341b4b963cc |
| SHA256 | 497772c6f6743b0a000ab854d2b62bd32da7f28ecbd5d01eff6a346fe3327156 |
| SHA512 | 70c73f610bf88ce094311e3b9a5e0cd2343ad16840a7682c7b9fad64866bbebdffe56ed70cb3d1abf30eb7b05b4b1d0e44575ab1284ad6dbb8e6b8ba4e5db6b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 9dc0a3fd40fe80d32cf419db5944fc17 |
| SHA1 | 55ffa667346145065156ecf6c361c1f6189a5610 |
| SHA256 | cbbad767c7403a4513a02ff38f79290b034ddeba77319c9ab57e2dcf637f53ef |
| SHA512 | 4081d34d9f937efd52f4a3b428978274b715cb32a2c13c58d0f469548fc3c6d96cd7865dea02fd47f4b4b3f5f6c7898fab51dda0afb395b69025f3b45a022fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | a37f158ca1b9c324b85eadecef2f5860 |
| SHA1 | e2d6bc8b2388204d20ab2208b1fe8066c26624b9 |
| SHA256 | 8b013077ba2254691aa07f009bafceba26d51ac7918cb4fa410769b5c0507f4a |
| SHA512 | 7ce4f09bafd3d31bbadc7672fd2e39dc4d1f328bb6289e19abc9f83bb5e4e059086bdc73f3672174b2b7637143e2b0ad2c0aacf36173ac815b0707647a3c1811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 2e19a9040ed4a0c3ed82996607736b8f |
| SHA1 | 5a78ac2b74f385a12b019c420a681fd13e7b6013 |
| SHA256 | 2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce |
| SHA512 | 86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | e66fbeeca52257c1f28f504b0a7d1ced |
| SHA1 | fb750e95cf6d13228de53653cdcd5ad1879eb1aa |
| SHA256 | db1e5d4c9a0c411e557215470daff81611ecdab30a4ad2b3a9ff4d7601923108 |
| SHA512 | 1f05b1eba1f073b8c9129bce668749df8b7244d0f2470c0b943e0e0339ea9089ec4dc3c87d21137162bc8cc6fed6a73e377cd1e61505dd6b6cf6b0dbfbfe2911 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | 25864712c3f945d0e071d60df6558518 |
| SHA1 | d14cba0806e1b582ec90aba659b389bd17e70ed6 |
| SHA256 | 1b47dcbf0fe572c80784fb63fa108c0d0bbdb06aed2214ab086855af9f7ef8d4 |
| SHA512 | 5a6b28226ab06e72e075f3f8c5676607b87eb04b48d2b63234506c604af3201dd9fe3a3864446bcaca9258aaaf910c685bdb12bd43aeada6513c16036fa27c4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | 039974e0d5edd93c64ed9f26bc8b3688 |
| SHA1 | 21f915a7a4e3601a258cf32f868b7a32c23f0345 |
| SHA256 | d6bc8cf9e082fcc1dd4f9203c1bc2dfe7ffa6745be918da25ceb9c00d2280813 |
| SHA512 | 75acb2ef1ca1b96c64605be7750466124beacaacb4c72050b8df5cae21daee41e0da4ca90ca8723a66b42f9ad547ca03f9c5d370bb63d7a52a68e7f7333fb54a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 417ee0aeb86d2fc810e8b416865ee025 |
| SHA1 | bf5af9482c324d892d997d2b867921d2e2623251 |
| SHA256 | 5a5baba00b28fc85db00c7f57253513397c4fd58090cea7d8666c16d11ea4c6a |
| SHA512 | 2de4e19c0b95c2fdd9185da256bb72781cbe3b3ab85811cf2fef2730621d0c42dca3a036686effd05ec48ae23105dd29f34e65457caba391b6d842cf2e0f542f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 70bbf1079398ea9b544eb27d58ad7f23 |
| SHA1 | 30ee0b65431bdf4a4d55d860f4a5e4f9f525c46a |
| SHA256 | 4312bc6ccd64434de1933063f54403a2f73067f045683c3c8bc7b1895c772646 |
| SHA512 | d183d08622859ca25346acc2482782dd60f4c40693f9e5a2a46b2a9ee9b84efa603db56bfaccf859370852f252de2e1f5e13c01a179f507470b99d154556e79d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4a5802b8eb2f7e618fababd095691bb5 |
| SHA1 | 62e022931ed6bebe06bf63ecf6459ad2cb4220a6 |
| SHA256 | b3c865a21530860f3692718b126ffaaa67f047e8da0d567c03eb7264741915d1 |
| SHA512 | dc256a8a1d506f553921ec05b8f4af183ac55bf534a5a1da904b58cf56f61d644cec2701b3f4523253feb518a3ec224fcd11d188ffc5c9cee842f2df6b95b250 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5677e0634c1a07dd907ec62fe4dc046 |
| SHA1 | f6011cd7ef28f564d7786338c5e21be3b6bde047 |
| SHA256 | 5e97a7917d66113659bde5590b2858a1b66c5bd5e285bebba831550f0cad834f |
| SHA512 | 7dcb90da0e252824ebc405ac1310e64133f05c6b80f494c3facc3498dfb34328e7a32b82fe33fb3a90ed144ad221981051fef23dc74b6be538b096fd6634206a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2cb3488a77bad30385f99ce443224174 |
| SHA1 | b287fa3cd382dc47b9309ed26192941d0795fbc2 |
| SHA256 | 841d397bc40c5c5888d100fdc58a4df6851528f7940e93552d5a643e51b7758d |
| SHA512 | 0a3732821d178e9713989aef42778bf74bb5790a988cf912b717bce4fbd1865e00f6a6402e7571e3b689ec68ebc02c3932b86de63adda5dcb2e7a66719e7b3da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad00d5cecee0d41a5ab5d73b162a2124 |
| SHA1 | 9d65972dbeb2860adee6da176906f5775d42e624 |
| SHA256 | 267b3e0003e899fdad9366af530a2c5e74ff54b8a3f0143f701eaa782e90799f |
| SHA512 | 4334bc3b9605a9a35a50991c8a7ad951a22e89fdd83cddf9892bd2e2d19fc6c690d7aef0760e8750f2dcfd49d3d11182ed3623622565658876233a182ae1640d |