Analysis Overview
Threat Level: Known bad
The file https://www.nvidia.com/en-au/geforce/geforce-experience/download/ was found to be: Known bad.
Malicious Activity Summary
Wannacry
Wannacry family
Deletes shadow copies
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: D6FAAFAD54CA9F560A4C98A5@AdobeOrg
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
Executes dropped EXE
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: OpenSansitalwght@0400
Reads user/profile data of web browsers
Loads dropped DLL
A potential corporate email address has been identified in the URL: 9E1005A551ED61CA0A490D45@AdobeOrg
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: F207D74D549850760A4C98C6@AdobeOrg
Drops startup file
A potential corporate email address has been identified in the URL: [email protected]
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
NTFS ADS
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Checks SCSI registry key(s)
Views/modifies file attributes
Suspicious behavior: LoadsDriver
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-14 11:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 11:35
Reported
2024-11-14 11:53
Platform
win10v2004-20241007-en
Max time kernel
1049s
Max time network
1058s
Command Line
Signatures
Wannacry
Wannacry family
Deletes shadow copies
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 9E1005A551ED61CA0A490D45@AdobeOrg
A potential corporate email address has been identified in the URL: D6FAAFAD54CA9F560A4C98A5@AdobeOrg
A potential corporate email address has been identified in the URL: F207D74D549850760A4C98C6@AdobeOrg
A potential corporate email address has been identified in the URL: OpenSansitalwght@0400
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2A33.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2A4A.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rxknciwttsoogz987 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0409.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0415.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\frame_divider_bar.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\min_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0000.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0000.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\installer_bg1.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\GFExperience\EULA.html | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0410.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040a.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0410.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041b.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\close.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\primary_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{A2940649-1D97-4405-8B73-98DC747F046E}\NVI2UI.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040b.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040c.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041d.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0804.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\close_focus.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\close_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\secondary_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\uninstall_btn_hover.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{A2940649-1D97-4405-8B73-98DC747F046E}\setup.exe | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\uninstall_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0411.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\restartnow_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\restartnow_btn_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0404.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0405.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\restartnow_btn_hover.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\secondary_btn_focused.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0816.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\DynamicBillboardPresentations.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0409.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0415.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041d.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0407.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0413.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0405.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040e.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0816.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File opened for modification | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\DynamicBillboardPresentations.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041f.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0424.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040a.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\min_focus.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041e.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\installer_bg2.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\Installer_ELA_Splash_bg2a.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0408.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\Installer_ELA_Splash_bg1a.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\restartlater_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\theme.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\040c.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{A2940649-1D97-4405-8B73-98DC747F046E}\NvInstallerUtil.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0809.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\EULA_bg.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041e.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{A2940649-1D97-4405-8B73-98DC747F046E}\NVI2.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\DynamicBillboardPresentations.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0406.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0411.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0422.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\RunDll32.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 139929.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 163867.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\RunDll32.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.nvidia.com/en-au/geforce/geforce-experience/download/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffeba1446f8,0x7ffeba144708,0x7ffeba144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe
"C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
"C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe"
C:\Windows\SysWOW64\RunDll32.EXE
C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {069CC7D5-7746-43C2-A705-CF3372DBD4D7} 1780 C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8008 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d4 0x4a4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8391155549893093623,18205048256696570463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 165271731585124.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rxknciwttsoogz987" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rxknciwttsoogz987" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.nvidia.com | udp |
| GB | 184.28.198.187:443 | www.nvidia.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | static.queue-it.net | udp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| FR | 18.245.175.6:443 | static.queue-it.net | tcp |
| FR | 18.245.175.6:443 | static.queue-it.net | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | images.nvidia.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 192.229.220.191:443 | images.nvidia.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.87.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.queue-it.net | udp |
| US | 8.8.8.8:53 | store.nvidia.com | udp |
| US | 192.229.220.191:443 | images.nvidia.com | tcp |
| FR | 99.86.91.46:443 | assets.queue-it.net | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | smetrics.nvidia.com | udp |
| IE | 66.235.152.225:443 | smetrics.nvidia.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us.download.nvidia.com | udp |
| SE | 192.229.221.58:443 | us.download.nvidia.com | tcp |
| SE | 192.229.221.58:443 | us.download.nvidia.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 42.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.134.249:443 | r.bing.com | tcp |
| GB | 88.221.134.249:443 | r.bing.com | tcp |
| GB | 88.221.135.48:443 | th.bing.com | tcp |
| GB | 88.221.135.48:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 249.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.photoshopbuzz.com | udp |
| US | 172.67.219.72:443 | www.photoshopbuzz.com | tcp |
| US | 172.67.219.72:443 | www.photoshopbuzz.com | tcp |
| US | 8.8.8.8:53 | scripts.mediavine.com | udp |
| US | 8.8.8.8:53 | 72.219.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| GB | 88.221.134.147:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | fixthephoto.com | udp |
| FR | 99.86.91.54:443 | fixthephoto.com | tcp |
| FR | 99.86.91.54:443 | fixthephoto.com | tcp |
| US | 151.101.65.181:443 | scripts.mediavine.com | tcp |
| US | 151.101.65.181:443 | scripts.mediavine.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | 147.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geo.cookie-script.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 95.85.19.25:443 | geo.cookie-script.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.19.85.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | forms.aweber.com | udp |
| US | 104.18.36.205:443 | forms.aweber.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | privacy-center.fides.mediavine.com | udp |
| US | 151.101.65.181:443 | privacy-center.fides.mediavine.com | tcp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| DE | 3.64.233.99:443 | exchange.mediavine.com | tcp |
| US | 8.8.8.8:53 | keywords.mediavine.com | udp |
| US | 8.8.8.8:53 | certificates.starfieldtech.com | udp |
| US | 192.124.249.41:80 | certificates.starfieldtech.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.233.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | a.opmnstr.com | udp |
| GB | 143.244.38.136:443 | a.opmnstr.com | tcp |
| US | 8.8.8.8:53 | api.omappapi.com | udp |
| US | 8.8.8.8:53 | a.omappapi.com | udp |
| US | 172.66.42.248:443 | api.omappapi.com | tcp |
| GB | 143.244.38.136:443 | a.omappapi.com | tcp |
| US | 8.8.8.8:53 | img.fixthephoto.com | udp |
| FR | 3.164.163.88:443 | img.fixthephoto.com | tcp |
| FR | 3.164.163.88:443 | img.fixthephoto.com | tcp |
| FR | 3.164.163.88:443 | img.fixthephoto.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | i.imgflip.com | udp |
| US | 104.16.71.101:443 | i.imgflip.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.71.16.104.in-addr.arpa | udp |
| FR | 99.86.91.54:443 | fixthephoto.com | tcp |
| US | 8.8.8.8:53 | cdn.cookie-script.com | udp |
| DE | 65.108.188.9:443 | consent.cookie-script.com | tcp |
| NL | 146.185.171.17:443 | cdn.cookie-script.com | tcp |
| NL | 146.185.171.17:443 | cdn.cookie-script.com | tcp |
| US | 8.8.8.8:53 | 9.188.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.171.185.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 172.67.15.14:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | 14.15.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.44.142:443 | va.tawk.to | tcp |
| US | 172.67.15.14:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | 142.44.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa109.tawk.to | udp |
| US | 172.67.15.14:443 | vsa109.tawk.to | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| GB | 88.221.135.48:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 85.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | awas.aweber-static.com | udp |
| US | 104.18.36.7:443 | awas.aweber-static.com | tcp |
| US | 104.18.36.7:443 | awas.aweber-static.com | tcp |
| US | 104.18.36.7:443 | awas.aweber-static.com | tcp |
| US | 8.8.8.8:53 | 7.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.129.140:443 | www.redditstatic.com | tcp |
| US | 151.101.129.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 151.101.193.140:443 | styles.redditmedia.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 151.101.1.140:443 | w3-reporting.reddit.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| GB | 88.221.134.155:443 | www.adobe.com | tcp |
| GB | 88.221.134.155:443 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| US | 172.64.155.61:443 | adobeid-na1.services.adobe.com | tcp |
| US | 172.64.155.61:443 | adobeid-na1.services.adobe.com | tcp |
| US | 8.8.8.8:53 | geo2.adobe.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.155.64.172.in-addr.arpa | udp |
| GB | 2.18.108.135:443 | geo2.adobe.com | tcp |
| US | 8.8.8.8:53 | prod.adobeccstatic.com | udp |
| FR | 3.165.113.45:443 | prod.adobeccstatic.com | tcp |
| FR | 3.165.113.45:443 | prod.adobeccstatic.com | tcp |
| FR | 3.165.113.45:443 | prod.adobeccstatic.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| GB | 88.221.134.155:443 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | 135.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7d1.scene7.com | udp |
| GB | 88.221.134.185:443 | s7d1.scene7.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 104.18.32.77:443 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | wcs.adobe.com | udp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| GB | 88.221.134.170:443 | wcs.adobe.com | tcp |
| US | 8.8.8.8:53 | sstats.adobe.com | udp |
| IE | 66.235.152.225:443 | sstats.adobe.com | tcp |
| IE | 66.235.152.225:443 | sstats.adobe.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | 185.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.32.18.104.in-addr.arpa | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 132.108.18.2.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | client.messaging.adobe.com | udp |
| FR | 18.245.175.84:443 | client.messaging.adobe.com | tcp |
| FR | 18.245.175.84:443 | client.messaging.adobe.com | tcp |
| FR | 18.245.175.84:443 | client.messaging.adobe.com | tcp |
| US | 8.8.8.8:53 | server.messaging.adobe.com | udp |
| US | 18.213.158.126:443 | server.messaging.adobe.com | tcp |
| US | 8.8.8.8:53 | 84.175.245.18.in-addr.arpa | udp |
| IE | 66.235.152.225:443 | sstats.adobe.com | tcp |
| US | 18.213.158.126:443 | server.messaging.adobe.com | tcp |
| US | 8.8.8.8:53 | 126.158.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 8.8.8.8:53 | www.everestjs.net | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| FR | 18.164.52.69:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | zn3n5vyia1vy8b4ly-adobe.siteintercept.qualtrics.com | udp |
| FR | 52.222.169.111:443 | cdnssl.clicktale.net | tcp |
| GB | 23.214.134.39:443 | www.everestjs.net | tcp |
| US | 104.17.208.240:443 | zn3n5vyia1vy8b4ly-adobe.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | pixel.everesttech.net | udp |
| US | 8.8.8.8:53 | sc-static.net | udp |
| GB | 95.100.245.165:443 | servedby.flashtalking.com | tcp |
| US | 8.8.8.8:53 | pt.ispot.tv | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| GB | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| IE | 54.154.254.145:443 | pixel.everesttech.net | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 151.101.194.132:443 | pt.ispot.tv | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 3.163.248.4:443 | sc-static.net | tcp |
| GB | 23.73.138.211:443 | snap.licdn.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lasteventf-tm.everesttech.net | udp |
| GB | 184.28.198.178:443 | analytics.tiktok.com | tcp |
| US | 151.101.194.49:443 | lasteventf-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | 69.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.134.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.208.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.254.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.248.163.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| GB | 95.100.245.165:443 | servedby.flashtalking.com | tcp |
| IE | 52.212.141.141:443 | d9.flashtalking.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| IE | 52.208.203.157:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | tr.snapchat.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 162.159.140.229:443 | t.co | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 104.244.42.67:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | c.clicktale.net | udp |
| IE | 46.137.111.148:443 | c.clicktale.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.pangle-ads.com | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 23.44.129.58:443 | analytics.pangle-ads.com | tcp |
| US | 8.8.8.8:53 | 9212252.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 9212252.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 9212252.fls.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 9212252.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 178.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.141.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.203.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.140.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.111.137.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.129.44.23.in-addr.arpa | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prf.hn | udp |
| GB | 5.150.170.6:443 | prf.hn | tcp |
| GB | 5.150.170.6:443 | prf.hn | tcp |
| US | 8.8.8.8:53 | creativecloud.adobe.com | udp |
| FR | 3.162.38.103:443 | creativecloud.adobe.com | tcp |
| US | 8.8.8.8:53 | wwwimages.adobe.com | udp |
| GB | 88.221.134.147:443 | wwwimages.adobe.com | tcp |
| US | 8.8.8.8:53 | 6.170.150.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.38.162.3.in-addr.arpa | udp |
| GB | 2.18.108.135:443 | geo2.adobe.com | tcp |
| US | 8.8.8.8:53 | adobemobiledev.demdex.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| IE | 54.154.143.167:443 | adobemobiledev.demdex.net | tcp |
| IE | 54.220.46.44:443 | cm.everesttech.net | tcp |
| US | 8.8.8.8:53 | adobe.demdex.net | udp |
| IE | 54.220.46.44:443 | cm.everesttech.net | tcp |
| IE | 52.215.4.125:443 | adobe.demdex.net | tcp |
| US | 8.8.8.8:53 | tag.demandbase.com | udp |
| FR | 3.165.136.55:443 | tag.demandbase.com | tcp |
| US | 8.8.8.8:53 | public.adobecc.com | udp |
| US | 151.101.1.138:443 | public.adobecc.com | tcp |
| US | 8.8.8.8:53 | 167.143.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.46.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.4.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.1.101.151.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | helpx.adobe.com | udp |
| GB | 2.20.12.102:443 | helpx.adobe.com | tcp |
| GB | 2.20.12.102:443 | helpx.adobe.com | tcp |
| US | 8.8.8.8:53 | helpx-prod.scene7.com | udp |
| US | 8.8.8.8:53 | 102.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cc-api-data.adobe.io | udp |
| IE | 54.77.72.255:443 | cc-api-data.adobe.io | tcp |
| IE | 54.77.72.255:443 | cc-api-data.adobe.io | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| GB | 23.214.140.11:443 | munchkin.marketo.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 255.72.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.17.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.140.214.23.in-addr.arpa | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 360-kci-804.mktoresp.com | udp |
| US | 192.28.144.124:443 | 360-kci-804.mktoresp.com | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 192.28.144.124:443 | 360-kci-804.mktoresp.com | tcp |
| US | 8.8.8.8:53 | 124.144.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apponfly.com | udp |
| US | 23.236.62.147:80 | apponfly.com | tcp |
| US | 23.236.62.147:80 | apponfly.com | tcp |
| US | 23.236.62.147:443 | apponfly.com | tcp |
| US | 8.8.8.8:53 | 147.62.236.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.apponfly.com | udp |
| US | 34.149.87.45:443 | www.apponfly.com | tcp |
| GB | 216.58.204.70:443 | 9212252.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.wixstatic.com | udp |
| US | 8.8.8.8:53 | static.parastorage.com | udp |
| US | 34.149.87.45:443 | www.apponfly.com | udp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 8.8.8.8:53 | siteassets.parastorage.com | udp |
| FR | 99.86.91.65:443 | static.wixstatic.com | tcp |
| FR | 99.86.91.65:443 | static.wixstatic.com | tcp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | tcp |
| US | 8.8.8.8:53 | frog.wix.com | udp |
| US | 8.8.8.8:53 | panorama.wixapps.net | udp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | udp |
| US | 34.149.206.255:443 | panorama.wixapps.net | tcp |
| US | 34.203.173.1:443 | frog.wix.com | tcp |
| US | 34.203.173.1:443 | frog.wix.com | tcp |
| US | 34.203.173.1:443 | frog.wix.com | tcp |
| US | 34.203.173.1:443 | frog.wix.com | tcp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.229.49.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.206.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.203.34.in-addr.arpa | udp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | udp |
| US | 34.149.206.255:443 | panorama.wixapps.net | udp |
| US | 34.149.206.255:443 | panorama.wixapps.net | udp |
| US | 35.190.43.134:443 | tr6.snapchat.com | udp |
| US | 8.8.8.8:53 | app.apponfly.com | udp |
| US | 151.101.65.195:443 | app.apponfly.com | tcp |
| US | 151.101.65.195:443 | app.apponfly.com | tcp |
| US | 151.101.65.195:443 | app.apponfly.com | udp |
| US | 8.8.8.8:53 | firestore.googleapis.com | udp |
| US | 151.101.65.195:443 | app.apponfly.com | udp |
| GB | 216.58.204.74:443 | firestore.googleapis.com | tcp |
| GB | 216.58.204.74:443 | firestore.googleapis.com | udp |
| US | 8.8.8.8:53 | 195.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | europe-west2-apponfly-prod.cloudfunctions.net | udp |
| US | 216.239.36.54:443 | europe-west2-apponfly-prod.cloudfunctions.net | tcp |
| US | 216.239.36.54:443 | europe-west2-apponfly-prod.cloudfunctions.net | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| FR | 18.245.175.16:443 | static.hotjar.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | htmlgw3.apponfly.com | udp |
| FR | 18.164.52.95:443 | script.hotjar.com | tcp |
| CZ | 185.219.169.32:443 | htmlgw3.apponfly.com | tcp |
| CZ | 185.219.169.32:443 | htmlgw3.apponfly.com | tcp |
| US | 8.8.8.8:53 | 16.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.219.185.in-addr.arpa | udp |
| CZ | 185.219.169.32:443 | htmlgw3.apponfly.com | tcp |
| US | 8.8.8.8:53 | www.nvidia.com | udp |
| GB | 184.28.198.187:443 | www.nvidia.com | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| CZ | 185.219.169.32:443 | htmlgw3.apponfly.com | tcp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 35.190.43.134:443 | tr6.snapchat.com | udp |
| GB | 95.101.143.218:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 218.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 35.190.43.134:443 | tr6.snapchat.com | udp |
| US | 8.8.8.8:53 | support.reddithelp.com | udp |
| US | 216.198.54.1:443 | support.reddithelp.com | tcp |
| US | 216.198.54.1:443 | support.reddithelp.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 216.198.53.3:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | reddit.zendesk.com | udp |
| US | 216.198.53.1:443 | reddit.zendesk.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | theme.zdassets.com | udp |
| US | 8.8.8.8:53 | www.redditstatus.com | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 1.54.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.53.198.216.in-addr.arpa | udp |
| FR | 3.164.163.119:443 | www.redditstatus.com | tcp |
| US | 8.8.8.8:53 | 1.53.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 203.247.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.nvidia.com | udp |
| GB | 184.28.198.186:443 | www.nvidia.com | tcp |
| US | 8.8.8.8:53 | 186.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 151.101.65.140:443 | preview.redd.it | tcp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getintopc.com | udp |
| US | 104.26.0.196:80 | getintopc.com | tcp |
| US | 104.26.0.196:80 | getintopc.com | tcp |
| US | 104.26.0.196:443 | getintopc.com | tcp |
| US | 8.8.8.8:53 | media.getintopc.com | udp |
| US | 8.8.8.8:53 | 196.0.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | getintopcofficial.disqus.com | udp |
| US | 199.232.196.134:443 | getintopcofficial.disqus.com | tcp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 151.101.128.134:443 | disqus.com | tcp |
| FR | 13.32.145.97:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| FR | 13.32.145.97:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 54.227.95.54:443 | realtime.services.disqus.com | tcp |
| US | 8.8.8.8:53 | 54.95.227.54.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 35.190.43.134:443 | tr6.snapchat.com | udp |
| GB | 88.221.135.3:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 3.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.24:443 | r.bing.com | tcp |
| GB | 88.221.135.24:443 | r.bing.com | tcp |
| GB | 88.221.135.16:443 | th.bing.com | tcp |
| GB | 88.221.135.16:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 32.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 23.73.138.209:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 209.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 35.190.43.134:443 | tr6.snapchat.com | udp |
| US | 8.8.8.8:53 | www.nvidia.com | udp |
| GB | 184.28.198.186:443 | www.nvidia.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 81.7.10.93:31337 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| N/A | 127.0.0.1:53783 | tcp | |
| DE | 45.145.40.181:9001 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.40.145.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 23.73.138.209:443 | aefd.nelreports.net | udp |
| GB | 95.101.143.184:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 184.143.101.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_2180_QSFKVBAWYCSVNEFI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 489f3679dd2e58ad8b690338d31040ea |
| SHA1 | 00ca15796ce43520c56e40ba40624d0e2e9d9e81 |
| SHA256 | e9a93ba3a2759bee544a63bc7a235647770865282fc788a9c9f094818b781a16 |
| SHA512 | 8c1f0a155658d3b8a107eb53e186891678661478112f51210101da5da3f9e378b192f4bee386129c7124bb16fc0b36636e5144d7dc81b46f3f23166c38cfcbf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37b822bafe21976be40d58cce9d8f895 |
| SHA1 | 63fcf240e57394cab9f2f25a6d05ffef2bfabe76 |
| SHA256 | 07b0a62587bca3e3c97339921acba6ecdf6637f42d4eff5a97a2bee7dd829f61 |
| SHA512 | 5a92ac804674aba7a15c4d4d39e80c3db7f2f2dc4b17eeece39f5303aafce42cce58dbd4a6fc66182822d79bf949fff7988a6822e1b99f5c5deb27d8b99f20b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25065c51599f89471eec43baa1555888 |
| SHA1 | 589d113e632e7ffe6a47237bc43be373ab51db0f |
| SHA256 | 28b114c4fc314b69445e0d45b68cdf4adf82adae194565a649dddbdd71eb4f4e |
| SHA512 | 8074e7344d621ab4a32da76b5d8c73b31dd7869e9aeb9fb4b48d37787cb419ce963bdc898a94f68ce97d637deb4a56a6005b910e249fad7ce3e38493c7cfb68f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2854ab387bd7e51a532fca8ea7679797 |
| SHA1 | a8cf3726ca5ddf7144fe8f845f306e542f20faed |
| SHA256 | 3e7139ea8d42cf67ad89510a5af96a278a3f9da7195e4722676ab5d5f30a8da5 |
| SHA512 | 885bbe74191483198356db77ba72d0de0e6e0d4d65b62479b13369f6c499123952770ad8b2bfd4cff3f50185346da9be7c52b5880a53dde8faa326c35fff5a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a68009e6b81747237650587c95968dc8 |
| SHA1 | f9417eb9fa859f1cb070c5edc82b31d3792b01c8 |
| SHA256 | 9dc89058e993c92e39660a80d1bbfc17e969a356420b874866674f6859eb51e8 |
| SHA512 | 2fb246717368f67b5e22added2666010c51591d2350116f0dda717308b691b2acefb0d61410717a68895e902e40a984ba99c891f5e6a3a5f5afd995aaac5539f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d66.TMP
| MD5 | 99b86b7124a51708b8d8e0b9e4142d18 |
| SHA1 | 90994bcb156c81334b826e38b8bb8aa570f123e1 |
| SHA256 | 96f687412deee7eb54f4e2276e44459ad4520c56738a5e0e9afdaf5b6318958a |
| SHA512 | 8486a96bb67937d80a7d7f521484d40e0d23d73d7fbb4580d800f3355fa3925b501c7b4227f9507bc67de20a84d976c8b1c5c5524574fe4273da7fadf7860e49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 130fff10402869461a95652b0ac8ca3c |
| SHA1 | 060a37a81140d31d81f55d590f450b2a368cb460 |
| SHA256 | 031c9bffabdddb65895ece9d9a3a7939b4aae1bd91205409a84fc52c7c9b55b4 |
| SHA512 | 492586206de442ebc53976b78299689801660731585de618f6c14ea0d0724e402ee0711a72fc2f845dca1fd79cb352819ef54a9e1858c26fb05848b3115fcf1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b327965b48783eb8bb039a6ca5c704a |
| SHA1 | 4c9a4c23d027f408bca1e9519f989ed2d9e11677 |
| SHA256 | c0c75573cfc32896c24b673a7601fd899a3ee6db68a784bb464f3dbe7b14fcc0 |
| SHA512 | 229b3ce7c544f459270753c38726bf5f14b30e8563543f9a540d6bf602a2ab16d54d92bbd775c41616087b9a56924d5b12725ba04640bbd991792239891d2e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0a729f39ee3cb4fa77aa17a74b8d59e |
| SHA1 | 7685a47dcc23a399aa3f3a80882c2cd748d66a9a |
| SHA256 | cfbe2639b29744fcf76f7cd791c6ce057116ec935897a050a852d34cf95405e1 |
| SHA512 | 030ea30924500e4a0ece6965c05509d9d9ee1c33dea50cfd02a940d32e9a93e35ef3faa44dab3764eac9b885e432801492dd6507f75f50b034e962b1cd3dd29e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c6535f5213355414b29188ad400f8c6 |
| SHA1 | f5a582948394a3cdbfcf2bae4708042d1e7d2041 |
| SHA256 | d258af3c9df9e327545869ed8168d03b26ba35b541e09e600307049756192a6f |
| SHA512 | 9a970af0329259293a5f6c7bf0f937183e02361824ee9113223af6c5fd1fe04de5e751613b61d0dd50be115666d1e2e4ca1cf430bef8e2c591f493ea7a88dd61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84b31ef0cd2d2d9c00c22a590579168c |
| SHA1 | 74415557c578be84595157bacbdc40b201ef8683 |
| SHA256 | 0405befe04fe986407d0201daa648c3885a64a3d4e9fd8a98d387ea3e46eebc5 |
| SHA512 | 417111c6758eb817159255dd812ad1d22d460e3a1ad9e45e59811678573aa98eef2b78d744608d7e9456cca27fbabc52cf58118695af1f55447c15948d64dc71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 01be7f87dd15ede771d5e16f3517b91f |
| SHA1 | 06e8359cb52d3be16c8ac70d6d9ee96b9e1e0748 |
| SHA256 | 58dc174aad942cd86ce97d44587f448ca72c04fe6bde3687483ef80720a11e55 |
| SHA512 | 5074d4e75eff8f33a813361a98e59312c224e7781d3f774607d69348bfb5783d8a8bdbc4a0f066875881374bdfbc55b4dbf2eb7eff69bd8058dc8498da03a537 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
| MD5 | 103fd60de31cceb0290f948e30251259 |
| SHA1 | 518e799ebbabbd02c477e0507ffd26f46e81d789 |
| SHA256 | 76fe28cb93ba6b84b4c9342cb91fa9e2bccb0a05a1b01cb1189deb5c5a6f990a |
| SHA512 | 7cf90a62c3a6bd7da1ac6908b8335e619b75950a0472680caf0d7f52dc02e6c4ec9e785187e8830846c0311ed6f0fce43cc2aa91e159b7b61e1022206d5c14d0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\NVI2.DLL
| MD5 | ea49d013810bfe52f6528b25394dd04e |
| SHA1 | 5466bdc97d372b3558a9bc504e0f54d1bd1df2c9 |
| SHA256 | 416f469906d931c519576a78aa33b180a8339696d1522757503ae6bb17d6999f |
| SHA512 | 53a414fc76f5ef7fd0b3024743a3e5ce166fd96956ba1b4b2fee4ffeda0ef4f03cd044010a690440c1db9918c0a0382fd713cd93643c1848a5e5d48c965cde52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E
| MD5 | 48f52b6fbcd3888d089224f142c96a77 |
| SHA1 | 01e0725e009bb8d84dcbf858e3c5d8d32bd71a4a |
| SHA256 | b691fad901c138534f8086d9be68515b19d65612ef1d3f10199d57ee5541e5e4 |
| SHA512 | 33bc7388c5e3e70089710df847aa7ddefc4025402a1f9768f9272114e88868c49db8e02ca5ecdf9840de6a289c2e924cb253b942feefceb40c24bd2cc36cf7eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E
| MD5 | 82535423075a5009c0feff00be3b4538 |
| SHA1 | 2b23f68de17d1ef43224e1dcbc793ce4e5665944 |
| SHA256 | a18d89097351aca8b9622b01a4be52de5cac965517bf0138914f53ab97c06466 |
| SHA512 | 32b2d6b0570599bfc9c143635d500833ed4b2e8f57ed4e3ee62258a9ad888b4ec39e8b1e24d84dee93684d853f1439776d667a916c428cf286b6e21e9e29664e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 50c2acca85675897b36b7b4be3146abf |
| SHA1 | 73f0c48a8fb60ec92eba17c7a901703234cd0f8f |
| SHA256 | 0463055a40e90c7b44ae7273a2480f8fc5ac657eb7cdfd2f1d7e44129ccd5e76 |
| SHA512 | 1902e8b97988e3d68b02047d68686bf3c68b36e262014f0b40ef920d066b83f21fbbaca5ec3b3c37c961fc06ee39a2fafe42a896d54f1a4fc748a31d71ba3e61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | f8fff158405074cc0ceb65c5481dde7b |
| SHA1 | b053a234eeb62342e05781d81cd61a51e28637bd |
| SHA256 | ee64e2d63bb41fe0597f826171184722ce9ec1dc5b0dbfc20d103cc2891cc9d1 |
| SHA512 | 2799d91218b3521d8dcfa20a0b1ea2d935597712d5098023211a22cfcbeae988ef64cf300f45904ce78a1c8e1239d7367c949f675b5512e903e91c69b002d736 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.CFG
| MD5 | 32f05780f1b774277ac1291b62641b4c |
| SHA1 | dbcd43f93499924955caece5c940bb52c9b328ac |
| SHA256 | 0696c34e2195eddf3f5a3925312509cbaeff36d6a94fd5ddaefa2277a7ce7f87 |
| SHA512 | a8f198fa706cdc689063034d9a0dc433cbb84cf57bc9b975e57c9180651af3239d0c274eb2366f549345801f130517b37e55609c5c227ee65ec6733ff1f6b5fd |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.cfg
| MD5 | afb01b092306d419dc1fb0affee49319 |
| SHA1 | 29339afc46baec22001c58a71d3793e74d91b39c |
| SHA256 | ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5 |
| SHA512 | 1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.dll
| MD5 | eb381ed3cdfc1b46f17a2fda9417cb16 |
| SHA1 | 9c2da62d753504dfab5caf9877516be19010605c |
| SHA256 | d5bb892509e97d2dbca6720dca40187bee969d3b0631bc8a9c079ee809b30e5d |
| SHA512 | bf569e4732ef50e4c387396f296a41a4fae0ac6502b4b9b8dc381bce48b3fc76f79200682e7997cc3c73a3b3aebdf9dbf03a5b425890c2d12440dfeab280f8f1 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.htm
| MD5 | 5ca3f9dea84fa4ad9360ab943605d7b9 |
| SHA1 | 3990d86e8930f8db0fdc4c16d43face59393bf61 |
| SHA256 | 0af72677221bad8f8b562908c16466ee2344e60bdda10e99402e5c15f6aab75c |
| SHA512 | b298737cc7d5677d6aa73b7348edfc3f821499c30407218399f5c6131f1b05b20a253b1432d38d97f66819d8f8f894ea507d81752fdba07ee0964c8417b3b738 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\json2.js
| MD5 | b9894150338bed779444832aa42952fe |
| SHA1 | 03d32ed753d0b5c93c2e5c41616e57941a88bbbf |
| SHA256 | f31e9f571b47b21946f49f4465dea0c1460d43e6aeddfbb42a787d4a260217cc |
| SHA512 | f753589d6469ba90df67e3869ba05c7ce2779e5b0b80cbed7cad6f16f22c6a4db984a9d5a1341f31b00fd7aa2263dc05a10c0b54ecfa837140a209422609c34e |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm
| MD5 | c5828bae57eceb2b67d4e02baad1b553 |
| SHA1 | baf245981722964d2cd560e9e95b5b56e636f490 |
| SHA256 | 707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429 |
| SHA512 | 22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\GFExperience\FunctionalConsent_en-US.txt
| MD5 | e80ea621e18ecbd92e30de029088954f |
| SHA1 | 3ef8b6f8db4a2847955ca94eceabce917324d2f3 |
| SHA256 | 68797508848a6d0d2b8ec5fb887c43d7a22daf63e3ab4ba3e9659368538e151e |
| SHA512 | 7a649f071bf78eb348ade431f365b5a96fb59bd85863d2942088855f08afc30469ab63289914c5d4d89d1115f1e93dc9461fd0bc8eec103826a0dd196f8e320a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\EULA.txt
| MD5 | 26f0afd7a3843521a432540013e06b92 |
| SHA1 | c1537ef4d740e1e3862fa1d87dc4a4b46dbd4f68 |
| SHA256 | 0bd7a95de056fba436c333ef8df870c37f7ef04229c73cf62eaf67a662035fb3 |
| SHA512 | 3052b5437e90d293b9dd949d6ed10c28284d99d1dff5be1da9710b84386cdab667d93a13ece9e20af2c3829ea9842806cb2387750702e021d4e8b88830a66b51 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\theme.cfg
| MD5 | ed3736737d627c389a1bc8c8797b7300 |
| SHA1 | ec7c79c5ea2bc0381b85c166e136dd9eee4bf9b8 |
| SHA256 | 6db7a6ef35817aa12540be07aee25e18322e6573d013699134e705e875be5ad6 |
| SHA512 | 1b86bda45a427d321ee0594525c1ab08610870919e2e3288ab1788e6d1b3cbf16657791f67233f62e7f1b88d0948c3b9383c085917d6dacafec81a8def6cc092 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0405.ui.forms
| MD5 | eb0026ac03b9b0b1d8dbd42ba261300e |
| SHA1 | 3e45d731046a507986da45f89b576b2b664e6413 |
| SHA256 | 36ebc97d7dcd1edbb6de89cd4aba6375e9c1cc9b940239a68de825307a1f2599 |
| SHA512 | b358cfaca27e1d393cb4877d1f6597f5fc0c0cd7ddc41899207e2fd590742fcfcef8832b1afcfbad76fdb794e8c9b0b868631ff4503b32e70b329fe2bf1f257a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0406.ui.forms
| MD5 | dba64e3cd8775660e9c57b7164b9721c |
| SHA1 | 35dbb5b239d3a6cb438ecbada0301ed456ff4bef |
| SHA256 | fad9bb64495ab479fc6db7a0b94f8535fa07d62615f9170b8aea4914d7950e3c |
| SHA512 | da07be3babd74207fb6ec453424792220cd9c8cd423f6e56c879a85d172415efe53d20d4b6e8d758f2a5b696bedd7ac5d01579958c05c5b7b48276062e81b4bb |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0404.ui.forms
| MD5 | f19b05d0b03ff5e15b3d452f1e1b7fc2 |
| SHA1 | f99dbf38b7e9ddee61b1f518cad3fb16313e4473 |
| SHA256 | b01ef781c96e3f50a45a3547c45d1837bf59adb86c27e328c1e654fa19ec2daf |
| SHA512 | ebcbf848d83b1456696abb26c343aec43c8d2063eab078e4793e87ee5ffdd9163acbf2df0e497a8e5d7e946ac65c4eaca12f5638c15f49856f0c09b2e055c906 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0000.ui.forms
| MD5 | 8bd78d4a249f4f50a16d3d126ecc1a06 |
| SHA1 | e2cd578565d0e2260a0864f085758cdcbbd6cae2 |
| SHA256 | e9196614efd22409b33eab4dfdb53a7ff72ca8e14aeafd1bb81c0ef78ccc33d2 |
| SHA512 | 20755171f77a5efb1fe23bd06740449fe725518b09add9b02cf35892b033fb180cbcc521538a6841600dd7ff5b88a7de2d9be283eade1417434eef196818e706 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0409.ui.forms
| MD5 | 250cf87647de675423d2b414b8dc846f |
| SHA1 | 5ca9e6920b0757a1c6c2fb070c42b1bd4b34ae0f |
| SHA256 | a2b3a2f20cc164ee22e9a0ce4fbfaac8db288bde8efa5c3c8ca567be63bc0782 |
| SHA512 | f46f785ff4be2249a5094c8e8d46d72f1d850674e6a66abeba50748302079e7c1f58948d63c7bf4954dbc53c545823ad3ba33ec2e1c0f24974775df18bbcafe7 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0408.ui.forms
| MD5 | 0b4526aba732f7adc94988e3958688f8 |
| SHA1 | bc6152e96c25fc705c93cd58edc447cbc9f11646 |
| SHA256 | 9a0c91051e16b75a630a76b39c04d4dacb07ed00522e67502271ef378ee43d97 |
| SHA512 | 500792a8e1b2f945789d1313966c19585d0de96bddc43927778b3b4a82f1b421afeaa9dd369895f30491ff1c91ad9ac47b942a325a28f97974d79e5d7e47ec98 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0407.ui.forms
| MD5 | 225a52850bec8d8116d7e3bc63c0f125 |
| SHA1 | 160d5e13da644d9c0719dfa45486b47bc49bb8d5 |
| SHA256 | 917d491b008d0c2c7e46ee47e8862cd8a6b2a6a85545773aafab168e45e63138 |
| SHA512 | 0a41c91e16d36895ec3902d64dd9a221e505675b4346b978c4bea89310c9c5c5d4dbaca97f5a9dfa59ab7312e9f090bb31ded20eb95676780b7cdc823789b106 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040a.ui.forms
| MD5 | dbaba2d9738a8082bb14ed49d3457c27 |
| SHA1 | 3c5c72dac5002302a68b014ce883ea4212efc3c3 |
| SHA256 | 60467876c5aa7251d5ff2213c0666cc9e98f4680364f9aa1328dc861a173373b |
| SHA512 | e63de26dd77ea309b88472379ba090a0d125959a67c674b1e3235434ec7f35d93cf5558ed525a8aeed106782135d39b6ce3c3d74f461fd598161df5a70e083c5 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040e.ui.forms
| MD5 | 63d190e0428028c156d9e3afb86acaa3 |
| SHA1 | bfc715bebe016a650560374101b694c8ca32d8e9 |
| SHA256 | db9eb7d8440c99f474a775d79bcc0864b06ceb3bc38feb88aec4633d471f8886 |
| SHA512 | d03e3aa27c80504b0c6ce4535a68f0dbff9cb1a23d74f19f04e21612a845b5536fa0bccff6a3430e20007980a0610c321f8eeef736ef67771f3dbd4727d44877 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040c.ui.forms
| MD5 | 531ba8817b5cee98021f856e91548b4b |
| SHA1 | 549177d0b7a57b5356b6bc717def28a0a122db7f |
| SHA256 | 44ca9ec4a300ce5e623af6e75060b467876eff5e190ad2bb67e9cc580c94c639 |
| SHA512 | 519fd13a367f70d40d9ffec0391cfd8ee9acbc22731cfad06c66782c2c36524c77233f0f3e4b1bfaa24754c3a4a4aa78d03fd35c81ac8291b9bbfaeca6dc4d86 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040b.ui.forms
| MD5 | d09be4479fc55ef8ef9e5d06c1923ac1 |
| SHA1 | f69e0108bba8ab99903fa709faec33c89d7ee983 |
| SHA256 | a6e40eef7e43546e98798c142cb55df1158a5fa0678274174a74e1dc6e2a51ef |
| SHA512 | e640c93fabfa4ba64069f1fa7d034edcf568d514b31af346803f260578f3f992954c2289363d033b888061e67ff0b66a89710c8cb10b3d083e9aca7f5589476a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0411.ui.forms
| MD5 | b1972e41cca36507162ec6bad898eb9a |
| SHA1 | 7e9648e7400b6a294d644e47058c56506357afdb |
| SHA256 | 396062f65a35b0f2b1ad18a24eadad80a45f176a22f429c3fdf74dd63c3bf0fc |
| SHA512 | 584e31f3f080a3c074e878f6d014e93a659c8091a0b57b6878743a4873a6d4497fe274e01b6debcdcc9d3e45d7fe2d122760468b88e01cc1841ee9ecf44142b0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0410.ui.forms
| MD5 | 7ded8c36d661275ae1bfa62be7a8590a |
| SHA1 | 5d30c33dcfaaf54fe690427389a811d45e541972 |
| SHA256 | 73b414fe68ac63499b7adc50d089b9ed619492d66e2bc7250c24c053ecccd93b |
| SHA512 | 69576c3f68d851190eba4acfd3f604e40d2367f13de97bcf89bfcb24173f326549deea37fe1e822e2e0c0997917a7cf725ab6c798f693befa61dd7697edc6291 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0412.ui.forms
| MD5 | 5d3d1e8e7ee6e4c6210e1371bf07e373 |
| SHA1 | cf2ef27699a11a1024bbbbc80dc89d29bcf5a5a2 |
| SHA256 | 93562da1c41718d3a1ace7927a5f5094f2fc841cc74486d17be2c2df4cd37a51 |
| SHA512 | 84f7a6ec2e2765d927209b10544114718119a5445f777668ecff3899eb0800d97e0f1d8fd3f58faf32d64be029044c345721d73706984c42c63ba2722ab13c98 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0413.ui.forms
| MD5 | da335bac10b0a70623a06b1dc0a2b47b |
| SHA1 | 45f7a3b2843d181611c7b2088fcab3476089dba5 |
| SHA256 | 451f8f5e441f59d7cc6021c1b378af32fd9d149aebb8071b25121e1822f5102a |
| SHA512 | 7f2482a861b9accd4ec9938a469fa22b3cc53cb24066eb5adf834651fc55a28cad036bb49cf05859ccebffbb4c39fcbf33d073d977dcc3964475b7647dc9b11e |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0416.ui.forms
| MD5 | a8c883aba0d620f4799b46ada0dcdd95 |
| SHA1 | 5a245988b85705aa841d882dbb80d5accbbaa96c |
| SHA256 | 780eb94645ebb9ae7eeb6a67097fbb02d8c7c600d1c0159048061845d26fcf20 |
| SHA512 | 4eece1890ed1c76af66b67b7835190936404414f65baebd9edb9a0e8ca5cd8d98272732bcd8c63be0d9f4dc34e703cdf067c830bedca12d31c4758ffe84e9bac |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0415.ui.forms
| MD5 | 910abbda8bb821d40c993e125876ba6a |
| SHA1 | 344895f2c5e5b448aaa9d313a1763c610511bb4c |
| SHA256 | 5d8ebe8031875c473d5d424487ad4738186c654c6fc577e3fac929e4123c61a3 |
| SHA512 | 0bf7c1f1264aca3a16f1e47b32bf79b2d7cae8ec448e8d0afbced2cd99d30e180021009115e29571046f32741b3f6cafcbd11aed9981cae888b5dc56268b836c |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0414.ui.forms
| MD5 | 502f71862c4325ca9be01fdbd88e6f7b |
| SHA1 | 5f5a463ca238c3a177943c68cf698134ba6aff5f |
| SHA256 | b7151037d63b5d6735f097b0967229080e4a035bf1f447b5aef3b026dec04021 |
| SHA512 | 7fc6d38092bb08ad510e80d6c12bf9b30c428b948494b0821fb0cc02e8b978a588cf63f23f6f4c62234ac432e1f3e2cc5ae7603e647bb2141cd81d6bb66ab4ef |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0000.ui.strings
| MD5 | 40daaf261dbe301aa4e72a994e524b10 |
| SHA1 | e366ca1aa25c3cbafd54a6bdb344ba48e651d5e2 |
| SHA256 | cc29f5ccbc467a4c0d88560f01d07ba5337e3560259b87ebc75e1859752f6b30 |
| SHA512 | af67cb52df6c06c81b1c656e6a2f6d4c993569bfbcec1930563ada54443db19d6574b1236f9b37c4e5cf9ff143689411bd7f6f786eecf8afc906bc729fcac66a |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041f.ui.forms
| MD5 | 0ec99902be52015af431c5ae3c4771e6 |
| SHA1 | 1c480887e6c68b8b78af3fd6e1666b4b57aa8205 |
| SHA256 | 0217bb9330b0a287e3a54b3017b298989e6bf54b5783142b429b239399d3dc07 |
| SHA512 | 5b154e4273ce8436c458c74e652e619dabba2ecb323d92867d1cf918ee1f1b144323da1deb0bb756972d56b4cbf264228977464cfd74e9c15173b94480a2d36d |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041e.ui.forms
| MD5 | db93990873ebc8e8cd8942ded7012a05 |
| SHA1 | 35af342fa9618ff83d9db17f6379f94f21286a6d |
| SHA256 | 7e68b78351008e37ca52cac8c1492382e78a4b1f787f18948bdc6787bfcb2889 |
| SHA512 | d70947fedc5506057a2fcfde13f8c7c9dfd872bbad0522606a1fb189a32ddd7e36116bee0f755043dd0ffae67092157fd2577a923f9ad40f068c53daf15c79a1 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041d.ui.forms
| MD5 | deef2b89bc203e1b2e74d7b0dea91e50 |
| SHA1 | d5c2c8b35f23cdc5c4879aa172a1e119045150fd |
| SHA256 | 2079232ad4415058fb5e76e5b01826dadc7fba5d3335235cd261962f5dbe8135 |
| SHA512 | 7b59e3b56d1883606b6e3fe26bb5d7630b3c04bee97e132ecc089b707b4fb7bea659294781549afb742d306a19f7b3f6f839bc6d35b40ad36e43e58e1d77b3d8 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\041b.ui.forms
| MD5 | 15a6724d0f3b4a534c50556f9f2eb60d |
| SHA1 | 70ab1b3983459741c4e47b295996fb995dd6e61c |
| SHA256 | 16ca1b05ac680b26d70485dae87707839cfb7de81e6b1cfab144900398ebaaf4 |
| SHA512 | e84f4cbf8f7a019d7cd1d60da5afc00acb2e8243a2223c567a8caf54607d660e7d8b3b30b0264052a4a0e57b8cc2daa9ed94adc24ff02551724e15f9f3e32127 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0424.ui.forms
| MD5 | 02ecd7b34fb868252c8aa0f1cf43c382 |
| SHA1 | c5297b19453e93eac6f54745999d844fbed803f7 |
| SHA256 | 4086211bac4a28a935b04191e3087eaabf74d158383d51d08ef69b630eead613 |
| SHA512 | 2de2f54b1a8fce6d44cfc1332a7f8b2a4f13fb1d0eeabcc9164f677da4c5e1f1b1ce4d9ce1d32411f2dafc7aa98cea4cdac2bbbe29aa49acb2542536398b4494 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0422.ui.forms
| MD5 | 31dfa7512ff2c4a7bcd06580fc513167 |
| SHA1 | 31c2e9da1c99b717d574b6181d718dfd066d6698 |
| SHA256 | 023f5fd178a5f60a928b600e44f3216ebc3993e4844ffbfa049d39de1f469219 |
| SHA512 | 60f4896539349eea1f2d4c87ca4ab767e4d12c47bdc26eda3e7b9a1687236f672f4c105cf27d5ec5a3b94f52bc317794507346e16fe7f38546100a19491bcd5e |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0419.ui.forms
| MD5 | 081557c35b9a7f3c1d64e364f2796c69 |
| SHA1 | 37c5bf5a4da5f37b9ba70b681d5dd2241b72fae1 |
| SHA256 | 827847d57981847c9d15f2f356f37fc2660deb05c1ddade9cdb399e2347aefae |
| SHA512 | d776f1b3643922208955ba485b4d1a70b75eedc02059615d53b9415a04be74b0a193384dd67181418ea7ba0f06611d67f1e8b963d266db422fd42c3f249c561d |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\0816.ui.forms
| MD5 | 193bf7bf99febb554a2edf4a1414c0be |
| SHA1 | 11e58e8493b4c1e09d5f2236c4ed02bec7c3a309 |
| SHA256 | b53a19c9e2023cdcfe3b26f3bff6286c44acbc87b6c736e616615645f34d023d |
| SHA512 | 0a7b9e05b4877789d6228afa481c16ba399b8dc9ac0616ec796871851af3af27b8f11a97da83258df06a1b5e2dc94a9ed36001d00570d96ad4d4829d9e1df251 |
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{A2940649-1D97-4405-8B73-98DC747F046E}\NVI2UI.dll
| MD5 | 8573f64ff65810e83822d1bc62deeeef |
| SHA1 | bb880e087c784698937ef683e12f72735c7aa88e |
| SHA256 | 713daea7f59e8dbb2952d35ad29e38d6cdcca6dfa2fb83d797304ffdc4fc08d6 |
| SHA512 | b920b6b70e39b464112ed55f4e8355bf342a2954719393ca2569c8363919e4d472d34af2013207ab9eb3e440a404b7b2ba4ec254e3f2c115e95f638c56d47140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a3be065fd01f411e351be978806dbe0f |
| SHA1 | 725580b3858325f4fe2993a0cec97616271e5687 |
| SHA256 | 22608a401b8406b909ffda926bd98d93d743ff693dbd3a130009d8ce38b18d73 |
| SHA512 | bc9f5ddb49d4f109a4e02b206c4fa1748bf49add608442cd3cb5d689962f5f6f7902f62f7efc649e40bf4ab044377cee684ec6b52b6359c7ad60c1497a9b5628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d41064c6339a3b997178f5805471ae3f |
| SHA1 | 6be8e3b041dd98e1bfad9bf3004594f925383cd2 |
| SHA256 | 6d57b7e8e86ebea5b3055e767a60b7233dfada618b122acaf109bd47f0e4f29e |
| SHA512 | 63524897b960f8de9ca68571fc404c652df54b31f56400141864685f54716042b74ab822ab8691160bcff4a86ba104f82c1b13cd778d7d15e57af83318286474 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\secondary_btn_enabled.png
| MD5 | 63674adabbc82d7b1f79f06f6fc790f6 |
| SHA1 | 2d12cb48459f52d6f981ed9b264db63f237c3d10 |
| SHA256 | 0827749e22907f0f732d2fcc4f3b73ce73986d61704c8cac1f6c737acc4b6aba |
| SHA512 | 7e625f7f7ae3119370dd61e82bf89fef5111e037f653652328b39b6798a5c71c8250978de6859982f4988c4ebd8b31b546740f079a03a6edf7f79692b64fecf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1ff9f8fca3b1646898e4d88a709a775 |
| SHA1 | 334a39bbd0eff066996d933f103d4f5151230d65 |
| SHA256 | bab179dcd65a365f2b4e1a5c72808ee56c805121e0c851b4bae53633d484b7f9 |
| SHA512 | 28293c5808f9317c1996c79453b2594cde7f9360470e111846dbc9b7b849766c8ca4e0d3e4f59d8141df9a6b392834bdb8bf0310e2c3e96bcd0c7c5eff1176ee |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{E6DFBDC5-88D1-4A06-B7DD-047094F2851B}\secondary_btn_hover.png
| MD5 | 00e9167f523be89ac9fcaea7612c6bb8 |
| SHA1 | 0484077c6775be036d49ccdd5f0e1fb2bce35739 |
| SHA256 | 0516f8ca19e93589852dd6419ac8981a3029f6fe33b93bafc43113deb23150cc |
| SHA512 | 3a8708a720a1aeb28a13485ed6b44037d517dbea9781e2b5571614f37d69f953559c63c158c376f4d39d29ea66098454512f5954f256e74a20fb045a5089c595 |
C:\Users\Admin\AppData\Local\Temp\NvidiaLogging\Log.1780setup.exe.log
| MD5 | f64ef9526779e6d871ebda640db19f60 |
| SHA1 | 4e7a7c5d6a3d9a6a016430c1187aea26d9bb2658 |
| SHA256 | 00051b172d81e29c1f9d215feb8eb67555e28d3967fafc0e5410ad9c2da9ef1e |
| SHA512 | 39bc4f7fd33167b71381b52d37ce9e3e5b1dbae2c16c83d8c853f6e0ef836a29c21f619c9c04e159a98aec0adf4a3317e7ac352d0bbd9fbe095aaa9949c70a5b |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK.h
| MD5 | 9c940cd0757452c460d0aeb3c2ec4565 |
| SHA1 | e8d5f1fad7c885b57230ed0add3f419328a0a807 |
| SHA256 | c10f10e64cad3d94cd771c0e4654664a1bd7fbf0bf7fc44a94e1e548fba8589d |
| SHA512 | 9d0a1277c10f1694f5f4d4ec2e961c35fa92aacc681b7e0e2cdc6c991af58fd9d2f14eb564d43414c523c1ef233b37d86b97ff15b5f52f7d3f0fc35cbc5683d5 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\data\configs\OverClocking.json
| MD5 | c84c8de82a29c5ba589c10dc63180d28 |
| SHA1 | 24f57e28fbb9cdbc3b88f049aa7a08f6ad425dfd |
| SHA256 | 5cf578ceeb96b03fb5970440a1dcb6d81e71ea71819d3834fd0d6c4246491f00 |
| SHA512 | b5a80e81e3683b5667730ad226acdae1d7309f0b58b9c2f0f32f0bcbd0f65a13feba3efe20df20358f8dedd621d76d536c06ba403a38b08e1df14942723badfd |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Public_Debug\FvSDK.h
| MD5 | 7fe2ec77049357ffad14eaf8abd437df |
| SHA1 | 8514dd3a6bd0a38ef9b1cc70b801553ae88105cf |
| SHA256 | 3533e4624d8e78b7f928caf75d3168d8001ba4d43da9799b9b4c914398ca88db |
| SHA512 | 95bce5879c6e067deae17d6251f15dda3b930af49d54c19bfb742cb2c06cd8f03cef81b6a403ddeffd7fbca6c5539b85e5f1805d9e673cc47dd9951e89bb57f2 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_pt-BR.htm
| MD5 | 3e7b3e08433904539b279bb4dabb155a |
| SHA1 | ac85c924dc03881895a7874f5f374705c9c15495 |
| SHA256 | b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b |
| SHA512 | cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gfn\en-GB.json
| MD5 | 1b58466d8277a8995919792cf1aeae0a |
| SHA1 | 20878c202fcf1fd8521a28185364bcef5416dbc7 |
| SHA256 | 4761d8beeec64836e9228839e4733b75e5b81b5f8317f3c0ec878888def24dc3 |
| SHA512 | d2ad29517606ce0019acd02d038f879fc4c889e12e28140f61ac480e81a0c08e545736ca7e30ec2cbdbd8bf1d58dfea529e588dc423243e0062cdb560f912761 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\settings\en-GB.json
| MD5 | a6f257aa67c1f69e78d6c3cfea1eb7f1 |
| SHA1 | b1de507f66d00698060b4dd7f90a2f3ae61eff13 |
| SHA256 | 2671bf7cfe5c8ad730a0d5802c3df59c3686044b21257e627ef92c0bdb56888d |
| SHA512 | 54854b42e14f51b56e87dafbba0bb7ddacb1f90f54ae7e083967f84492820c4cf461be3096ee4acf1757c91bf35809474924e3a69450a57a88160c55edef4bbb |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience.NvStreamSrv\amd64\server\steam_appid.txt
| MD5 | 9dc952af111a394709621878f61ee0e4 |
| SHA1 | 51208326f336f2f385854b155cacfa7db382e3f6 |
| SHA256 | bb663ac530c6c35408549e04bdde97dd02e1b992dfcfb8931b8f0fab093eb01a |
| SHA512 | cef375f95fdd20464ed4d1ab37afedd6f3b5fa237e0758114328975ea0d02e3a73132741e46c680e226e12e7e7fb774fec5bf0eceab36948e7595a63346aefe1 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gallery\en-GB.json
| MD5 | 052a01624414c50764a073250c229aaf |
| SHA1 | cb688e592361cec76b153feb21752e424365a7f1 |
| SHA256 | b27d4812afafe6486744541e9507cd2a7b5fa2e555f0ae0c182f9a55acf9ce9e |
| SHA512 | 934f270a97cc80da912a0405b11c548a66039f3d71cca25dfec826252f9319cdf30c6135177a8c4ea95dfecc886f3c41969f402b9880dce31a4a87f99ddc2f29 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\friends\en-GB.json
| MD5 | 6aeaf4074175998af56ab41703887ddf |
| SHA1 | d75bd9419f54bdc2848bbcf13b2c9988fbb23538 |
| SHA256 | 384da424c001beaf39e830f3a32ac1c2679dcd7180af699a7b4eab8d50256324 |
| SHA512 | 37c7006107a00fd23160142bb4e91c576a3b12df652ed2904a26634a976de20c54b1953edf8cb65cedf8b6807c28d647ff34a4ba4a3394569301ae3b6c6d4594 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_on.svg
| MD5 | 6651caef9950b720310186155508c746 |
| SHA1 | 3db8b9214d51e04e4b2877f4d9a93ef43378c791 |
| SHA256 | d1f1de2bc50f3b16c32cc385dcb7704ee773d01c146c96ce104b3935be6ec0ca |
| SHA512 | bf5941a4333427d60f4240b6213c8cb309e948419759cfd607ac2756f589d13411962122eac4d134d89946898072c19661275d92c4c3818094c641c38b80e600 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_off.svg
| MD5 | d519afb343fe93a00a7988744e66f3cf |
| SHA1 | cf423cec31c952a5b316bb5f59a4fee4953cf92a |
| SHA256 | 6e9005614ba9f7913550e56166eab66bbcd192521ac64cfcb53efa29b6f6994d |
| SHA512 | df198d85a2a52ed554d28e9bd254396f1cf19cf341aee68be6bc43bc049f1298f47b96698e28bc7a48d487ac79218deb28e33c15eee15fc70c1c8f02838965d6 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x86.pdb
| MD5 | 0cffdbd3724e7f8602d1dcb4453acf6c |
| SHA1 | 1b6d2d0fd50007de6a38fae060e7d7372209a3c1 |
| SHA256 | b1e13d492bf614d253dcb9bddc15fe24f1e441b5bf05e1a6f366f0024dd49bcb |
| SHA512 | 69e68c367822f3ba9b150a7b1bd59ec9c5e85bd0e350916ba65b5155b1f6232fa5d732e2ad0e62bbd1e72aa33453c1501c6cb233074c83de25e80455f24be7f0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x64.pdb
| MD5 | 3a3983769932ab1f67a878e78a9d163b |
| SHA1 | 843d10d56dbf5447a2267cfde2e073f7200964aa |
| SHA256 | efee05283211637c81ec18b060a2f7c65147bffcbcc0a819831e9b5abc01ac4a |
| SHA512 | 122808c20b823b9c4bdb1f8e91dd6da83a7461f59a93499bc7f69466b62d7e8ef6f7047443b9749798915511a656742f16706922df034350483e0e646adc47e1 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x86.pdb
| MD5 | a49a0fc4671c4da86a25a6ab23e49f6e |
| SHA1 | 2876da1ef800b834c793c88a07cde1840d344767 |
| SHA256 | 255f531439ae0826a1a5aadea1cc5f1c09fd4d79d098815ff7e276531c535f8f |
| SHA512 | 217808a9c5aac0f08303250aa59cfe801933fba97ac58e8dc4185dd866ab6f1c9a570a34549ed8fa33f1711fb937281a76b711f452564576c4f43ad640462a05 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x64.pdb
| MD5 | 207cf3c7b9cc61d67a3d87fe27067cc0 |
| SHA1 | aeae841e0d4f1d5b7a980812828fc186c564607c |
| SHA256 | a391ce11ee2667e701014212f9b02a69e5ad4bed50c4b184164e5aeb64b8dcf8 |
| SHA512 | 4da274709cfa98932764968780b28708243a5d404ef57125a54fc1b231733ab2fd7cbf96d560dbc42a0aaa7af0bb777cc72b401a92550dca8ba33867f5a424da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34351ffa0c6e53fff4d91aaa1744c97f |
| SHA1 | c01b3101768f19f95ee14515f8dff96cce7ddfce |
| SHA256 | 37cb9d4e7783cec313868359dab03b31fd09ab13596d6c9def4a83f629bcceb3 |
| SHA512 | 9d15fbe805002e39538da8007f6fd7ec08de73877b1751002e8bf6d9ad4705f6b4a65062a6ce186cd1676bcb416cd895a640c2f3d7c7dff92cd6f38b5ab8b2d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f25a.TMP
| MD5 | 4c211535e6dbb62db87b46d676251d3f |
| SHA1 | 8bc7338b661e3523d6cfa5a08cd1d54dddd070c0 |
| SHA256 | eedc5cb2e0c9636a9ab113d56b8e1e12f86e6a53f984c3391c43a591b13d4d97 |
| SHA512 | 43155779d1b43981a8130cee271239a860390ee116ce1c5ecd661500a3f924caf36ceb02cff3f0f5e38716e46e1908945a7c22008114066c6cd83a857b810114 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 113084d4ad253b5ab11470118c172645 |
| SHA1 | 732a266d4f32091c2ae12cd3ce5208d05fc9868e |
| SHA256 | b9cf05b0217645a9fb2dfe9c9e2046a2be7e830141429931e186c6f58231b930 |
| SHA512 | 128e3ea8fd9bacb6ef32dee69de1cdfe11a1f44814da4a6e691256c60c3ed6e567e762add2e84b96c337b3619f2b60d1a17ed809b7f0a12c1241abd394d48e53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 219110464285e9fff23c22e3a81ff096 |
| SHA1 | 83face85ac97b1ad99ee695a47e615107c03b415 |
| SHA256 | bbe8dd08f655a6d5c452a5c9de53a7638572084c136ed8cfc722c4ddae6bd4ec |
| SHA512 | a6a23bb46d3b692c60a12d4181df811eb1491187edaea1b3eb38caedaecdfeadb155d1f2afbe86a0db343d97ce4f0d09ddaeb6b8700243d90a3554e338e2678e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98c61db3ee134b8747e097e2528ca9ef |
| SHA1 | e2eeb1f53eea5f72c65f104d18755ff4f2871a34 |
| SHA256 | 93d84b9baaa66598cf6902369788239a6c170828b03118d4e6dad3a76587952c |
| SHA512 | ea15256e237ee30a27c00fe347dc316c4aa2cca99b93b8a2305cf2ef9eb950eaa880f078ec1734dc8abaadeb230876c6d32c059853ac2cb390224db1a2037347 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a50f981d8a26c41f84437ae083606cb0 |
| SHA1 | 97264e2ce133bd05ea1b2e8173e542181c3abd08 |
| SHA256 | 1bee081c0683e41e86aa9fc761204c9c766170b587099895ae6a00846e0b7413 |
| SHA512 | 7c6bdc53b214153d0a28ec2fe8cc1def6dd119a6f2fc9855449040764617c8e32740c3a81cdd43a5b3c2c4699df8021d556e60aa99d7d2260fd99a6c0df9c41e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3b9a6c2fb250526c6f8a891937f9f1b |
| SHA1 | 401554308172a8c6a000769ddceb543fb0e57ebf |
| SHA256 | 20dc7ed9efa5c0fec0ff762493c20b34e31462c77a46ad47bcd427947c45dc9b |
| SHA512 | c5db99b9b1b5cc435df96c7e948cd144d608135d177accb3c7894f45d6d7970674372456ceccc4cba15f44aae2365e150f04db930bc45ad5eba354a7ce1dd181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078
| MD5 | aff502bca77d61ea4fad83623e259146 |
| SHA1 | 34ac85b60e85203b453913e45d4622c3f9afec11 |
| SHA256 | 89f790ac7febd1fbece973ecfd3c783e9ac884bdfa60eb74edaf60e30f1f2e6f |
| SHA512 | 44c5148336bb67dbf756f59ca25c27f134bde9c1710340bd77cdd29859dda952ebc42ec697ce234ffdd60661158c050765ca700a41cd8db1939ef5544ba4b798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072
| MD5 | 141ae100280d5b48315663931191e08e |
| SHA1 | e61b9224c3667dec83719b20695a1bd4bc223a73 |
| SHA256 | c07df2a0acf9471bba35b547b00d1c4aa65363f4b52b78ee630c4c9ae9ad82ea |
| SHA512 | 7454ab0b01683e11391555a1e17ad58c31cf16eb6855ff0d73737b035217f5561b70df1795d90f81957591f8b6a015cf582b4a40915b3f64acb72b95dae5f5f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075
| MD5 | 4e126ba75349af6a00e7bbe37c56241c |
| SHA1 | b952d361234b33f44205df7cb1f944db6a085bce |
| SHA256 | b4b3a45eab666921cd6d2ff65a51d4d529a971d3441f2fabdb0413f8614431e6 |
| SHA512 | 31e139242299bdbfb93fc6a4f623b9d005ef89a50325caf32c07c5604e9a5d25e209c15299e76aac641792b0ddff057567e26a5c5fa00139f15b6888f5f6a7d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9adce124acaa66d466628d946e8b6e8d |
| SHA1 | 5c8987613509939a1735627d158525b7aa49b6c6 |
| SHA256 | 784ee2c03377b25986da07f8818862edf62e7824682f5b1bea3de7fb4c791d1f |
| SHA512 | 216728b660df7a200bcf7a61a7c67205e43106bbbc24aba0651369daff9628eb8299411a4a62a9c737a362fc78e8eed28b1be6d700a008ff4bb6b3b13fa6f300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt
| MD5 | 281adca13bf5bdb46c975a499ebf025a |
| SHA1 | 908439b3082d6df6cd600cd568a306d93d6f5737 |
| SHA256 | 65eb5e6571bebc4c4a235f0d5d04851583575f47a2071afcba7eeccef13b675c |
| SHA512 | 86df621733a1cfb2d58eea71aeeada9b6a9a3ae7ea64e0f83ab73737932408ead4f86c85a7507ecbfa5e6087f67bd7549b78645b682ef8c71567016130ec3009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt~RFe597778.TMP
| MD5 | c88545b86dd57f8bf93cebce669b4fee |
| SHA1 | 7ff4888947b71a14b42bcb98492759ccee9750b8 |
| SHA256 | 68aa72aaf8cd2c9681e90b03722cf7ca3a80b682ee7874022264639c45faceff |
| SHA512 | f7e99dca80feed934dd5d2021f9caf28a4d9a01850fd236d7b85dd67b7193e8d0adb86213e933316608b4360f7a1c3c1eea5ad1dc11f7f28500b63ab44e25add |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c
| MD5 | 68d6c90804bdba744fa22e066be2430e |
| SHA1 | e597da08c01960939badd56eb18d993b40f57a83 |
| SHA256 | 4bbb14e56ddfc63012f4b89c44d1fade26281f5e00b340ccd0431fb29f4fed5d |
| SHA512 | af3d0b68f938ab7d8e4e3e5eb611feafc1896803903d7f4f91f93478176d185c4fb8cddbf0587c187cdf2418343f61e2009740b50259d022b51a87ae8988420b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cfce1e81685f6cca2f079a5995f6f04 |
| SHA1 | 07571f94fb226ead39dcc5cd3a66f5a5ed03160e |
| SHA256 | d2a79635fd73eabf1196ccebf1fe7d70915c10ddf0c01b5df4a7cfbd3e1ea834 |
| SHA512 | 1d911ab3e465f5b5e2a05ab6a80b32e6caec4381ca3092062e61abdaf01069786784ae391c12f3d2314ddaaf8a1e5d1adcb5074a2c427ed81f5bcd333f765acd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e54268cec735fe464e5f2a5044cdf933 |
| SHA1 | 7766fdac09ce47664930e2bfacc92a180c5c12bb |
| SHA256 | de86df333f3b2ca1b4751af91e3106fea6cb51f8c0b8d8ffd82bb5529cbe1fb8 |
| SHA512 | 617c723ccc8641b9e2e7a8e9b3c3def3b2eab18635b748242e2edd72fc95692998fbb561fb15f39ff087bfacc374657e927520eaea5e371963d1fd1025fa4664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 770785520cc794cf6619af5fec4a3d1f |
| SHA1 | 747be0a0e7b280f2fba1686e5b9f6329fd3ac9cb |
| SHA256 | 31e8a66505af97caf4d75b3dff2fe47af1a6f92c0853eff7bfbcb6b150d4fa06 |
| SHA512 | 6fcba79e670997bc10cc877474d2b032d253c6bd17b9991274fccb22bf6fc271065a198a4186241de13b44f480aa698cb26770847e3dabdf55c00f3868a69d07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1afbd5292dbd5308ba13a9ec4137e55 |
| SHA1 | f1eaca318a053c7d1bce01c7997c922ab2b25154 |
| SHA256 | c747f6ac5fd05a402473ec85b0c647a6b64cfe11428880ac9f446b7efafff84f |
| SHA512 | cb98f59fc25b68f7298e41d2ff6da3bf3bda8fcc9f4cd0f8e556524c36ce7bcce3980f91c61c7cd5a2764e626c6895446fb63348b1641558b497dae66ea26db4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt
| MD5 | 33a397e0c0a39c5d04a577cb21d05835 |
| SHA1 | 2e10dd572c2913b4f389241291b8934c3dc167ec |
| SHA256 | eb8c25f7bb9b834303f4662b3aefec4c3b09f920c34a96da5ee8db18075ebe93 |
| SHA512 | eb42c3695e68ad58d2f0d126e05697a9bd3c5d1c2a927b1409fd1bd2023dc08da3781621f86ff345a6a4a57d3460186b00b01bc09b9175befafb53b5b39d8e2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 1e66446d9615b9522d589ce2b3ad63ac |
| SHA1 | 09b5cc177e4157b408a3a967890816ef67a61c29 |
| SHA256 | 32863ddeb3a1c682ff36ccc5527d950b098bfe4eb8f7522fb0b2b483a86045f9 |
| SHA512 | 9e9a485e9fce3cf5f34497c928cf1b357655d8b5d12d4c8340a0c0cc0a1757f47233bb4f2fae29e548a0dde8ffac27db58781a3c64c1eeb11b05676726e3c40e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_creativecloud.adobe.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 451c226b282668afb97a19ebeafe9804 |
| SHA1 | ece86a044a57b6ff2f796f08397268c410e91b97 |
| SHA256 | d25d3f0718f33b50cd0dd43782f4defd2d95ba1d3f8370c0b6452fe8db49d227 |
| SHA512 | cda5184c344dfce0615629424e7e59b1b14f9dc42e7798df34adc58b8ba9d6e40094e19b0b2495a4635ea51086fdb7fce40e486abccee4e6528e00d8830ab24c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8e5d307db505365b8ebe334f476fde48 |
| SHA1 | 7f4b0df65239e1aa6e448c59cafcba360d6e4d55 |
| SHA256 | 91cfb70e859a245cc95dd8f5fcbb1249edaa65b0e66b0eb4512363f2b916b5e2 |
| SHA512 | fabe7091defba14a35ab35ce6a802cc78efcf36715ae1487b0e9b05c443790370b525ce2ed0319526d9845075e262842d345bda6fe8be0c1c4d12cdbccdc6751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\48de2e72219e3150dfb87e96741a52c7cbf9b97d\index.txt
| MD5 | 94299b14787580ea72e947bef9bbda7d |
| SHA1 | fbf35aa81cbe28aa00a790b140831e54acb9a3a2 |
| SHA256 | f5038b320f65ac4789a822e8625ef9c7deb6185f43fa15364e7cb9a11c701f77 |
| SHA512 | e1dba8019ae3dc79d65d34256b424cd12aaa5275a0509e235e8cbbf1746ea0481be4a106f0592f43d86e438a6f9d508d12b90f5922627e1a1c1e358a0bb5f972 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\48de2e72219e3150dfb87e96741a52c7cbf9b97d\index.txt~RFe5a04b4.TMP
| MD5 | a9e2ed95e522b896bf01136a21e4f3ee |
| SHA1 | c860a61d0a3014484566a66ced1ad77a469b1393 |
| SHA256 | 677413b5ce68c8911d6ede89892a128b5d5689fe8e8832b873e6e280b6d197e1 |
| SHA512 | 79a26cbf3075d74ce3a1c259969e1e98f265645126f1db93f37f5fc3e0b4b611e3fcc88b66e14a6707f212f229d6912b7257cb168c6c61fd71087befbd1eaf22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\48de2e72219e3150dfb87e96741a52c7cbf9b97d\552acb78-eef0-4f96-a835-935a45321a0f\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093
| MD5 | 420d091a17f50b11bd0118987ed71f07 |
| SHA1 | 21f90b8b28237fb7f9b5c5869eb4d400da9b7c6e |
| SHA256 | 452e5fcdd4c68667221ea32641128fe0a05d194ffabfd1bef84194caa06daf83 |
| SHA512 | e27dde1f781f8885277d1b801d038a90f092d214caceba565024252fdc8203a593a0cdd8e2d97d43a9240dc671181ac84daeee1f2903db84b16809b49fc4dd7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
| MD5 | 8b2772600ab45f28ea4ac1597de2c5b2 |
| SHA1 | ea8dec79503b71cd988b6b9a4ad39b6863051a70 |
| SHA256 | c9660278914c958ab04ed035abdb7088d8ebe91da81f8cbd7a26839a212933ff |
| SHA512 | 8e780a03b3785fbd22bcf746dab20d597eeb936348b3b38dc60c14a1b6b8a036f4b49901e82a26252861a4b8dd94d007555be93b7fab7df9ac3d9291ff05fdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a
| MD5 | 80b361148daa1f36de8b512b0c5fadc3 |
| SHA1 | 6aef9e2f21e9ec701f10f1027689c50e99ed7872 |
| SHA256 | ffaf64ecc4beec7d6247a2e82b55f3a3fcbb2a1a684afc925259ee63d81fa0d6 |
| SHA512 | 06c1b31a66ebd716957c5f300a00c8f5613e92c1645527af524b9799dcb70ca04e4e69834ab7e72b8dbf2d18835752b68bd7deb9dcdbf28edd32497ed605a36b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098
| MD5 | 7de733615719e767edbe790e12fbdb39 |
| SHA1 | 40de8b9522befe9515db535e3c5c44721edaddb0 |
| SHA256 | 707f70fba426d23ba303bf01bef69415b13d66fcbacd13481488a2c0cd0afe15 |
| SHA512 | 2b8c4f6a9d808bb6d9023071669ed1ef6fc9cf7138052c5ce7989d733c70ce9f5f4ec174831a04291ff36c7c7ff77476f903c0ab38f869ecc5a7e847c16e8980 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
| MD5 | c0be5270382e0dcf5dab1a8487395fcf |
| SHA1 | 11488973e895296f1fc3f67fdedc367fd9980b06 |
| SHA256 | 25d8db9f039de9ac267a62aacb4530240971160dc76de432596bf9755371e5e2 |
| SHA512 | b2caca372326098127a28d1f95d5c342fc8f5cd4c6e16ad10195a925152d73d372074cbdc15fbbefadbea68190cee04752d8abe782812bd809d34ddf97f02584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099
| MD5 | 5d3fa737ebe6d3d11052ebf8c46548fc |
| SHA1 | 1a4d7514523a44a20584354b8d60035317e8f5a8 |
| SHA256 | bc49ee9dd2b2c5cfc434b8c6e0d20522444b615f035b89487051890d4690469c |
| SHA512 | 9d13ae5e502a4958444e87ad818d9df2e0d0934848c9a0f49e540cb72b607bd6a1944fb4a90fdf4bede8090abacd67fe2b8fdd0de7f4cc924cce53d12846fcf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58ce9f0c57ac7446_0
| MD5 | 868cae8c92c477ed90759567616a1ee2 |
| SHA1 | 5f014164b8c4fdf890078e12208daa59b7b24444 |
| SHA256 | e42e924e4b809d7d3b15da7d412f23153ef38787016703d721a2d73b88298655 |
| SHA512 | 31c37b1df4021c054cf985b51e71923793aa7346c80b636798ab7f5afb6ee055c8577bac24e75144904a0223beb6fa499543156001edc22fd4342b82345f6bc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16dcadac28858866dc038b2400522207 |
| SHA1 | 523b3db0e47c3897af097017254f9d1332b585a9 |
| SHA256 | 1b9a327068f5b5fd0a366001fbe56b01254bdf1081804c65f3b91823f16df663 |
| SHA512 | 72c7f25850f5af16e49fcd1fa616e583bbd5bf09689a2f5a88c7c5bebd15860b31c693ef8d4e9a7b122c8a883e0a863ce17c0d6bcce5025c070fda0012ead44f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b1a6dc3c45bd40f22e6851984e3c4e30 |
| SHA1 | 76b3e724893938d7e7df680873651ff29040cf3d |
| SHA256 | 85ee2c71f2eeaefbde0728c331274f7d1b34081ddb3302b07ea4cde4e7df8ccc |
| SHA512 | d82109472aca922a70fa0f41fd1af45af5a934c52393499103ced96c06a42d51ca584e879e606450a87a2e2fdbcb6b4d8138024580b84cae298ed21e422fab7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f
| MD5 | b35d7b6aca1fcdad25b98e63918e8b0e |
| SHA1 | 939b345feb801eaef3b59ffd77029b9be076d543 |
| SHA256 | 7eb7d71f8ac33eec386238c7651743b77e448e7a733f5ea5ba2496ca9e3411f1 |
| SHA512 | 2acf85cd24e45a11e55455de3a25083f4fcfc2ae51ca6ed9e80bee3bed41951f4c42140b97b9bcf154a8d9db7c55dda0dd57fdc17db579c52f7db9888d5db857 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e775725b93b5e404ee7d1964be417dc |
| SHA1 | a570ca1c13b452bb344ba6847d424bbfeb4d894f |
| SHA256 | c922352461eb825297265e9b6ebf9f4b52e5f011d057be1cc8c1147695fee08a |
| SHA512 | a5455936347885f778c5e9a3744e4cb7b15a501298a487d8bfb00359194689d5b3d4f2ccbcb2dc58cd0236a7e855672485fdca041f66b4568dbfce845dd2c334 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1804e506c4dae1cfc35bd76d1d0714e9 |
| SHA1 | 2efd352c2d930d26d09466b433849cd4f0b6692c |
| SHA256 | b0ee6e352d8ff5351373b94a04458753f3733ab21abc3351d380d0622951e32c |
| SHA512 | 27e8205e4b04bdc2444421fd267cc4fdd53179a96a2cbdaa0189da08da2358ccfea14664441a84101ceb67c58539679e181194a704f39958e7fb3562051ed384 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\48de2e72219e3150dfb87e96741a52c7cbf9b97d\index.txt
| MD5 | 45e4eb28e5bd7819108903c0d2d2dedc |
| SHA1 | 64d773c0719f4a6938997ff714c5202fbeec8263 |
| SHA256 | b25d262061a3f3b750960cb51a9a1e6865ab30de6adadf50761e9a475ff358f9 |
| SHA512 | 99dd8752041aa2d3dfeee0823f07aec952a9228f99b4a7ee2c3684b3e86ed91fd17ca7c657d59ae34ca0bcd68323fd61a6b533e5a2ef9e5adb8dda33a4872e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | efa3ff56a7d8a45a27ebe076d4abcef6 |
| SHA1 | 2c8201f8512c9b9da8d6bcdcd3e8e0de3ed4f699 |
| SHA256 | d3949d7399c1bbc601814b0d4806b9f4ba15cf4c09c81b9487c623f611abc0fb |
| SHA512 | 462ae6f192c496d567deda0566e3e9866e54bf0bae8c4eac2880999b0d16a3e5a116dec114e979ef028cc0f215d5c02c7f27814ab8222dfbac0f63572e62b48c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6061877b17f73a8b37da970b47a71bc |
| SHA1 | 804888960645e7c9ead224748cb9fa9d0d9aff95 |
| SHA256 | 993468279cfd794503d04c27a91ced10095f2d6eb40007458d7a81782640b2ad |
| SHA512 | 2da5aa05bba6a3efd7d9339c940d5b298866cbf8118d8964583ef8e2af8e41ae01385d6ee082619722bae01995931e786882050cab872b76b3ffbb189a70dee2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 001a099df00335786fb5f8a8ab8b764c |
| SHA1 | 215c83b0794feed71bc2cccbd289a0dbdeaf3a9c |
| SHA256 | 2c84d614621697761e23a2615dd31d479ae7cc26ca802c7e34bc4fe101d79370 |
| SHA512 | b06fbb591eab9cc76e084be6988af5d712b2cb11d34c8baa06ba47df9306859a3078baa691e24f3cf0331f9887ec23a7904d144f565a3c0d622889a45444c5db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5c694e78f54384b68623182ec963a1a8 |
| SHA1 | c342f6238cd61e6fecb088348a815b71d8af0fe4 |
| SHA256 | 58246da735be91ca9fa284aa4cc0332f6565e1c1bbf28217e857bd9ffc52f183 |
| SHA512 | de827564b87c4784aeae3029383e655ee8572372bfcc045486637f8712eb1c4e507d8c5a74aa9cfa2910ffe25e0a6ddf98ca2847dcdff883eccd450297c5a293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 96fefe1256bbebd5cef692977abe7ddf |
| SHA1 | 2d7a1606adaae307d86bc1efff3b48948baa1a52 |
| SHA256 | 61cfe2d0648a674ef2eedb012b82074163d6be2eded0412c9271a135d0472b4d |
| SHA512 | 3bcdaf064f1533c251a8a9e68817d269b4e00137ac820cb5f5b66d2bfb41c065488ee6e09c354e3b07338b5975207b66641b1141637a7a258fe876315afca5a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ac97d4367dbfc71f3f4f6b283daa658 |
| SHA1 | 6d24037299855c75886bb0891527c06191e76097 |
| SHA256 | a6b15f5524ae74ad3ff6d6371e898374b3147c33e4f3f4a7e13be8a225f803c6 |
| SHA512 | f5df565de49a3d0ea7087fa5a47c0f2b16edb306f1c73813f891a18d5b3dce61165bf40f1185bb3d72d529cb2fe651659bd28d7e028fe031b240730148731d25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bbca7755ae291359ef6970920ba691a |
| SHA1 | 69eba9b1bf3586e0f43589dedfd0e69a1bf7c5fe |
| SHA256 | cc3a79829e3c265288ecd591e8bcfd4905d6980d9cc88546ed8910344c0b8625 |
| SHA512 | b565b75200edf8194d161f4169ae24a33305d2521f12fdd04ab4e15775b9b1fca84c8923a13534bce7e557933e178f1848a47fc6a58ad4d24e3f6985e5304985 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cb1abad9bfa870f5c194b7dd2971720a |
| SHA1 | cea2c93225a4f2b0f09abceb621ffdafd17f863d |
| SHA256 | 8e7c1067322e9da758abf6de4e8fe1fead13b033bade571c99be7e8af6163c02 |
| SHA512 | 26021d885480a7bb4156813638c27b4bc3d1e2b28bda374d2da8768d7ea979b05c7ac63da398ab8733298076f012c19739bb513885dcb0fd857cd022a4635d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3a3cd36271adc6823194090262bc113c |
| SHA1 | c5612182eb14892c06879fe5c2115054ab98e9ed |
| SHA256 | f0814c66c37f02cc1ce7d3c85dbe4ce7d4a46c1c5c8f2b31993f87ccb88a8ff7 |
| SHA512 | 04c009b0bb253259977e07663234326a9c4e41d02e9fd0a30a370891866faabe11cdc895f436d0f0d5a2d57c40df9cf06123ec234d3b54941871cafc17efcdc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22a797916d1ac8effcbf2c4f9fd17000 |
| SHA1 | 78d179961e3a745c2d4b8995778c14b5573ade72 |
| SHA256 | 1d7458560328751b6ab11b6dd3ab8bb7bed009ab64744380a304cebabffff693 |
| SHA512 | 0648e7f62fe1da26649315c805d31b1be4e9ea1ddc13b27dde0f5459a054e0b06f49b5d4217e84dede45ec1b3d8f3e30eb690b9e28b862bbd6b009e6347e9614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 391a41463ec9639110fc54f8d1a0af9d |
| SHA1 | d5c2b5adb0d6aaf270fc4877ac31e7b85eee7acb |
| SHA256 | ecf046a0c202109d004f14b8ab2b944f5b5eb9564619a2e3238b709254c99711 |
| SHA512 | 6642d62e3e6a54ed49c41d99324d9253e84bdabaf3fa34ad07d46c451b8c424413f0c1bd66f24e4bf9937c1d307c77a182d88b1836fedf1602dbebdf90e16575 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0aa002896f7fe2b3448806c3006c263c |
| SHA1 | 7c4af49fdf045c96cd7e3cd6150640d89b3455dd |
| SHA256 | fd80f03c5be31226fbae5e6a0527330ace907649a89f5fb5de83eb77d8a8b8d2 |
| SHA512 | 8bc878db597ad7a7e47bffb0417fb14b1d53dd862ce4894c5e09bff5b03e247a30dc9d5f9d0b9758012490226cbb430feec67c3b10814e15d4dcc0936e26071a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1b140a3cf45f009951cd3887f24cba54 |
| SHA1 | f2bab2de8396b58c19a8783a6698f587062bc077 |
| SHA256 | c8062329d02ddea0294961565d3d736eed35fafa47b6f8edc5e1fe38f093c436 |
| SHA512 | 129e57c9ea4d5c0b9cfd4ae2139081869ca8345f46312ef726e0be7dfe325a1f5089fb5a2f7f7194f8cd55a4099608a9c33f2eff912cd95d2c3b1e101bd2854c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 727378a59afa579af1a2e3c44e312ac5 |
| SHA1 | 76e9e682217ddc7acfec5388ebdbf2ff52999601 |
| SHA256 | 4c8e60af4c18d52a8e20c5b7d649956344f9b934c349aa58fe95165fafea4ddd |
| SHA512 | 34678c84db86ab3e286ed12771a1101bbef3d6f8dd5aafb87d5c66a18d2dce0f19c674acfdfc979da6efe39469e3a0b2f7881557a55be85c3ebac5a68e952ce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3701145549c6f64dd9051942c34c71be |
| SHA1 | 49809f6111d33ee53f116bec9452c8732daf993f |
| SHA256 | 17a9c5dc262882c9ec38873a7df1e59f0e16e09ec1a6c137fcf866104c10c7e0 |
| SHA512 | 40fc6f27932481117fdfe5d3ea0a1944fc03965c4b7b081abee283a97df95723f4c981459ab204168fd85eebe01386aa07c62855f5263882d5287babd2728178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123
| MD5 | aadb776c79565f022c39154fa5d905ef |
| SHA1 | e2efae768c525dd3cbdffbb494b26d93321f4f01 |
| SHA256 | 4acd04fcc0e27a8686b2cc0e3b9ee4c63334af4b4ef0643144db019ed9eee655 |
| SHA512 | d77e9c97152621f75de15d54da22005943b6ba0f25cf5e1d12652e8db3454e2ccb176a647acf7ed134aeb830d2cb2c1f34135cd5777edad0130431b87963d312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 834f553078bcc1d3e259ce2704e73e98 |
| SHA1 | 9c0871d31a0dca5a59662c2169bf4f8d685f34ba |
| SHA256 | cd60f7a0d0fc42beca181df2a0accefa0aea8e0dd0c8013adb5ca0a16ab648e3 |
| SHA512 | 75caaa742bccf14e806f2336c48d32f6cfaece46e9a16f2d2fb490b93e4d40e294dcdcdb17098386a314dca41278b481d5e80d7a068dff86f215fa2c168c7159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000122
| MD5 | d989f35706c62ce4a5c561586c55566e |
| SHA1 | d32e7958e5765609bf08dcdefd0b2c2a8714ce34 |
| SHA256 | 375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716 |
| SHA512 | 84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011d
| MD5 | 3cc114267819b31925a623abea011b79 |
| SHA1 | 70876958a1dd79b7b027519b722227a548f204f8 |
| SHA256 | 5317aa8ef6320ef0e87ac761fe842d3bb0eaa17ce28076dddcbf096126f7ed8d |
| SHA512 | b5c9e6b785a3fe8f33f7ce7836bf025ce3240928c386805f932bdb96ce5e7f106095dffc40231e550859093e017aa21922ed259014b19985aadadf4e6bf85325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011f
| MD5 | 2854b57c7722418346abe11c86bec755 |
| SHA1 | 3365b1aca3db57c7cfcca5a3b755ea4de16fa901 |
| SHA256 | 2b9e824ff1e2901db4186155e7fa234273322f0f92c30a8c9da7468e32e14ef2 |
| SHA512 | 278a7e59174d28e0884e30246f0d52fa0b3dd9cccf0906acc231e074ab068078530019c1f46b5515a6910983691e3ce9c100fdbe6d5a0c06911360ea23a7122d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000120
| MD5 | 9d1d7b0ee4d096261c43dda196ee8c50 |
| SHA1 | 6745f9f8e9552f4790f8c421376643d91c91c62b |
| SHA256 | c7d7f542b69b22607a756f480dbcb31713b09cf1b027289270b1bf4cf4a1c6dc |
| SHA512 | cf1542f0569c886a100748284d0a94c7a25d4d558d7376768d8bc5fadf2344459deae86d75700b819d2acca9964532dc0818b50e858fe438d3f24eebbab883f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e
| MD5 | 2bd9138e063a2e2a23f1e9f9af7f42e6 |
| SHA1 | 7b9565b058deadbb88031edcf12929989f123242 |
| SHA256 | a40b7fa25689c4273c9e786eae93da3e22d628afb620e9b53907b8fd1fb173ed |
| SHA512 | fc697cc9b70bc8c17c05ceda261da8639cd752a1dc8caa5e85f0faa6ec6a8335ff5b42f4359fe98479ac930e1446d71df8bc6feb4527295479db1863863b378d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\998b406a1cc0b81e_0
| MD5 | 114fe3f3993b2b4d83ed5018216c62ef |
| SHA1 | 4121a2ec1cc05bfc1e0b0e68a0b6c77a6f06d0c9 |
| SHA256 | 59d825ec4688f0b6e048bbcc75d2a8acbb242e5fa2585c2feebaddc6d6c9887b |
| SHA512 | c0b5e93a2f48729ca0983fafe30c4cdbad4356a1a5c28e01c843cee3f8fdef993c98df6ef3753259486bcf2183595f1c0f4dee5406bef5841a06119077236edf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7ba38fb3bdd166ffcbad24bf7998e29 |
| SHA1 | d23427ac7889d28cdcb3aef59df69fd932736c6d |
| SHA256 | 08ad35b2d49392e7b4e0e3ab5064285bbf7fe7f484490945eb30ead4d7808029 |
| SHA512 | 3718998379658e921fd5b5e4aadf916ccc907f161e6b4e02a53f7905ade0407bd7d4d1415663f1210a0417a2fb53b622b91644327d334f16ac68e3375b8b15f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 813e6df5a6179aeecc361c61ac060d73 |
| SHA1 | ad4ae0a802ca066d0cfb8ad52b0b25c7c79542ec |
| SHA256 | b6f1142cdff824084a1941096b345133bed7369e795b9b52d0e42b0422696474 |
| SHA512 | 4a7b0f56146dc1c0e47488dd7ebc9cd27bd8cb05949d937066cecf7022af194783f19cdd72a59f1c8f21c1a0b0b3c60e312fc49b0c1ff53d980f801fb4f70b4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da08cc38d17df4937a9a1223b1ca6e01 |
| SHA1 | 5f58e9975fa6e5faea7871dd1ffee831f6cee9e2 |
| SHA256 | c1da6627470d25bfd5a70d02cdaf07b576460eea664663dbb682f43c806d9703 |
| SHA512 | a62ce9b9603a1319214365b1ff3d4476341fe26dd0a6cb836196703f474976dc9ed62971c98b7d61c4b1de2387a1b7cec6933caaa07709cf632d70b9167037ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5fd0f79481f1ae484c44d9448611c7f6 |
| SHA1 | e0cb46bcce92629c5ea34d7d0f66b4d3d71d146a |
| SHA256 | 0366bbfea657113e13152cd5de011b62af615dad7b93f2ebd6fc5e034c3ced07 |
| SHA512 | dd220393dee3fa4e88a71ce06090bbdbcbf2da26f4c69d72fc17efd4dda567221709ff5294a9a8b20a3c3617fdeb0d137dc0d5d101d5c13c513e95149235fe22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 2227a244ca78dc817e80e78e42e231d7 |
| SHA1 | 56caeba318e983c74838795fb3c4d9ac0fb4b336 |
| SHA256 | e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24 |
| SHA512 | 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 0ef81c037915f392e47c9edb5a07f6d9 |
| SHA1 | afa30374a5cadedb3ac20040afbe9aecfe7b47c5 |
| SHA256 | 499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e |
| SHA512 | e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15d66968f19aa19298be8f8af54ce416 |
| SHA1 | d2d66d89c4cb66dbfc5bf93b172ac5f07cd03caa |
| SHA256 | 795024cbf9d91dce48de2787589a852724d8818279edcb25ac9bc878346cb7a3 |
| SHA512 | 10c4baf10cefe5b059a7bd1d5e2cb9ce8453033f9f2288b123aa605c352bf92f48bff7514675458d856ffae68dfb883ad450d931e2a7df3598c345f2e7fe4bb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f83b24994df6d1633ef4046da8277a53 |
| SHA1 | 6d99470816a85062087c2b2aa9c9c15b1583cc5f |
| SHA256 | 53cc42c4b9046f4f5b085f81cd3bfa55b8ecde42ea18ab3bcd4a50e3a6a5866e |
| SHA512 | f938b9fc5ae3830cb2a5da1b91ca72220c7c1ed19744a23ce55be906d41f085a58c681e57d146c459cf289a1ab2c41ce85a8dedd46771185f0c0354c813c26c6 |
C:\Users\Admin\Downloads\Unconfirmed 163867.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6989c9a3bb4ea4276ced963c1291f02 |
| SHA1 | 56bfad2780501a846159745ad9f9f17d7ba82105 |
| SHA256 | 46a119c1365b2dda9b0cdae3460fd81338a7b66bfa030866c99b914fbe7b88d2 |
| SHA512 | d3650576b840f629ee17ab59bc6c23696aa238f55ff4f6200e4d805319d9b8ed0b84146855b4fa3e36228b312ebd126220041f0f876b935f3820fb7494ee7341 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a62324cd2604b166b45b5c96bafae1d |
| SHA1 | fde5ae5b85360a522dff4476554cc237a9130d27 |
| SHA256 | eb74cd8827b7c8060d5ef3534427c3e0b1ce7bd894b983bb9542ce748a30763c |
| SHA512 | b02e098048baada30c88feabaf3c067be45671b4627c02b881f2dd87fb7705435fd09a21e8dff3837c23c1330c1616cb03a109284d2b117663c2472d7b96af87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 17b8531a153125dfcd7376f934ecd18d |
| SHA1 | 70f8d166528052a88c065ec5d1ec092e9a89ee1e |
| SHA256 | 29541d45eba68941d7d5a1771c4c8091747b46b5839d4e196fb486681728ce50 |
| SHA512 | 48682c92a4f018dd6e74aeee40c1b1826839514bfdd6bfde63d045c9c9e9c8f9dcf9222a5e1570d70a3102aa69afd0213bc7f09f3ecdf89036e7b22de7b6fdc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4e6cbc61e8ad0264d37507dee1ccf464 |
| SHA1 | b5e90cadf0c10eb260f9f4c3aaf01ddafefc8951 |
| SHA256 | f4154145654b96d035f5453be6b1e0840474d14bcf7101d8f0cbb851175e635d |
| SHA512 | cb214ea49529e17304263df023e8e45f4b7d4af5a243b990350a08f58338e87c3c638496a959361218482ceb21dda74a5cfabc8e0644000212882060614c75a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 43327cbc557126830e1b86c1549a2860 |
| SHA1 | b016aa9880b4def7604ca94bc5f23302b97b0624 |
| SHA256 | aa1d5728cbe1c5e56c090781860d51580e41fc2883989960ce7727c4fee45486 |
| SHA512 | 76db4729ef330adcab2f9fcd22e0523c65fc6f612d7f2975f4c1b4a2b57077da2bb67dbac080e21853e9e7d293acd2c52868a7fb85ad4e0900a4fd228f5d07bd |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/844-7834-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | a0800359de395b2957ac204b3ff06fdd |
| SHA1 | 3543ec1b8503fa0dfc222a1f7874b1319e9fbcbc |
| SHA256 | fc676f13622ca390c5cee9094fdf5d28d76c8c85e6152d62f2ebb372e4469282 |
| SHA512 | bf73d6eda7ffb8c86ae88d0a02ad321ec1a308a07e4d2a98f29473fb28f55f69cbc462877c40ae041e68f0e0fe0a3ef67473d50b4d4558dac70f753da273de56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d4b7e1020f0142809cbc1515020b22d |
| SHA1 | 60ed5cf27a3f2b9776702b7f8009cf9bf63ff0f5 |
| SHA256 | 25d399756ab50917676e5da2b8fdc95b09cc9e9282fda5bfd2d5af1df0e08d0a |
| SHA512 | b2e963131361c7bfe600b0af8a7d7d1d847393abe5cd8fe7dc32d131c850abeef4cb428e649910f97d00a2a832c483dbbcdc3cad157ff9fd42a20cab55b99508 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7dc8a7bd05e39d2160552df3a7a15b2a |
| SHA1 | b76bacbc622712c05de00a15e36e5a42bb2a3875 |
| SHA256 | dab2f52f1cad167024dac9dbce77d20633dbb796cbdf3fd1f327ff4692fffe83 |
| SHA512 | 2a42b962968eb9315419e0eed9ae34171ece317444e8dc88c5a8c95c1e173694b1ee5961e452da05f75aacdea582ff14f89b3e2cf3e560fffaf3f1c1472ac6a3 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4016-9251-0x0000000073E60000-0x0000000073EE2000-memory.dmp
memory/4016-9253-0x0000000073DB0000-0x0000000073E32000-memory.dmp
memory/4016-9254-0x0000000073AE0000-0x0000000073B02000-memory.dmp
memory/4016-9255-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9252-0x0000000073B10000-0x0000000073D2C000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | e5c726affd0b644d2f2b68943c8e3bc5 |
| SHA1 | 8636978cf0e5a39c0fb6f30f3789dbdc97f38038 |
| SHA256 | 74a41823e96c8e91b24b7e3c18d230eaa70797c0af63f5ffdda82f90fb33d1f8 |
| SHA512 | 34b76a9a32f8a85d250c7f5f41b377bc0a6432b424bb1e96d5f3287a1e4bf2703435edc86479e102fdf079471b9abb0b3f987f07c877e5fe8cfcd33728c1d424 |
memory/4016-9296-0x0000000073E40000-0x0000000073E5C000-memory.dmp
memory/4016-9300-0x0000000073AE0000-0x0000000073B02000-memory.dmp
memory/4016-9298-0x0000000073DB0000-0x0000000073E32000-memory.dmp
memory/4016-9297-0x0000000073D30000-0x0000000073DA7000-memory.dmp
memory/4016-9299-0x0000000073B10000-0x0000000073D2C000-memory.dmp
memory/4016-9294-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9295-0x0000000073E60000-0x0000000073EE2000-memory.dmp
memory/4016-9313-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9329-0x0000000000910000-0x0000000000C0E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b607e62597e5273bfafcc8550e7743d |
| SHA1 | 148c3d425e4957f76ac61befc8001a14b052e215 |
| SHA256 | 3713a9552c52886b41dcd1d2da652baa602aeb86345f9a96af662a1bf1f2b8ba |
| SHA512 | 27e63d5052ec953759c511707ece1c34e0de009c1574b5270764ecdaf0d61931c613b93e258f19fdc32e0deff33c309187001f78074d2291cf6ddec3cd3a4d5a |
memory/4016-9349-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9354-0x0000000073B10000-0x0000000073D2C000-memory.dmp
memory/4016-9404-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9413-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9418-0x0000000073B10000-0x0000000073D2C000-memory.dmp
memory/4016-9421-0x0000000000910000-0x0000000000C0E000-memory.dmp
memory/4016-9426-0x0000000073B10000-0x0000000073D2C000-memory.dmp