Analysis Overview
Threat Level: Known bad
The file http://reddit.com was found to be: Known bad.
Malicious Activity Summary
Cryptolocker family
Process spawned unexpected child process
CryptoLocker
Modifies boot configuration data using bcdedit
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
A potential corporate email address has been identified in the URL: Robotowght@500
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Suspicious use of SetThreadContext
Program crash
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Interacts with shadow copies
NTFS ADS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-17 16:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 16:39
Reported
2024-11-17 16:54
Platform
win10v2004-20241007-en
Max time kernel
854s
Max time network
856s
Command Line
Signatures
CryptoLocker
Cryptolocker family
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\cmd.exe |
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: Robotowght@500
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SporaRansomware.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\US967-65XET-XTZTX-HTETX.HTML | C:\Users\Admin\Downloads\SporaRansomware.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CryptoLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SporaRansomware.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Satana.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DesktopPuzzle.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe" | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1168 set thread context of 5528 | N/A | C:\Users\Admin\Downloads\Satana.exe | C:\Users\Admin\Downloads\Satana.exe |
| PID 5572 set thread context of 5812 | N/A | C:\Users\Admin\Downloads\Satana.exe | C:\Users\Admin\Downloads\Satana.exe |
| PID 2108 set thread context of 4728 | N/A | C:\Users\Admin\Downloads\Satana.exe | C:\Users\Admin\Downloads\Satana.exe |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Satana.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Satana.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Satana.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SporaRansomware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Satana.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Satana.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\DesktopPuzzle.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2727955519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2727984869" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bfcfa50f39db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9099d8a50f39db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31144207" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144207" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013dbeb74f69550459d232b3693c378ca00000000020000000000106600000001000020000000b69490e795637d69f98072eca2b4a86a40da58fb24ff734e8da691c9b1cc2cd4000000000e8000000002000020000000a22e038658eef703b517b1cc5cf492b18ae2691f759f4e1600d9c67a85a5f6d42000000070aff53dc0a1042b9aca7391ae17315662269305156c4a8a57d7aa38594e7ddc400000009e5bb9ba1a9e7bc0301a5cfc81b31de47d06d696b0dcbe1ef70b2314809f69037d7309bf16896cfaddd2fc7e6967bf7fae8168d91d0f000275304e866eefaa77 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CE2D9B02-A502-11EF-BDBF-DA67B56E6C1B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013dbeb74f69550459d232b3693c378ca00000000020000000000106600000001000020000000a47ae7179114aa5e04be3b3dfa0a16374a551a705ced33f6a15087f2359b0664000000000e800000000200002000000029e58a30e015f1df729cb90d7d71ef2820edcc1973de9d305dbe9de44c6437b720000000f44c6e5030e23b8ba144fd695ecc5b034a7f7f79b88a0c7ec9f1453603379017400000006ead84566b2e59eb78ece5bc75038082cec6c00f0411e9ee358288e0980bf38e6ebd09f93be786cd782f5e2b313cb72160693c416266d57d02ed4e291d15728b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763353140971437" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 393226.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\CryptoLocker.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 796795.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 263328.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\28eb45fa-7ecf-3f5e-17a3-f4caf2c67a35.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\SporaRansomware.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 819471.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 139218.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://reddit.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5520 CREDAT:17410 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff865fccc40,0x7ff865fccc4c,0x7ff865fccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2216,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3716,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4776,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7300 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2d0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000224
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Users\Admin\Desktop\CryptoLocker.exe
"C:\Users\Admin\Desktop\CryptoLocker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {89d9cae4-be12-4c87-bd2251ade6a65a7e}
C:\Users\Admin\Downloads\SporaRansomware.exe
"C:\Users\Admin\Downloads\SporaRansomware.exe"
C:\Windows\SysWOW64\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" process call create "cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\US967-65XET-XTZTX-HTETX.HTML
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Windows\system32\cmd.exe
cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set {default} recoveryenabled no
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8088 /prefetch:8
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5528 -ip 5528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 376
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5812 -ip 5812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 340
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4728 -ip 4728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 340
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault26aa84d0h81b8h4948ha8e6h45a7c32e07fb
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3134367224153185454,16927773260135445063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3134367224153185454,16927773260135445063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8140 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\DesktopPuzzle.exe
"C:\Users\Admin\Downloads\DesktopPuzzle.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reddit.com | udp |
| US | 151.101.65.140:80 | reddit.com | tcp |
| US | 151.101.65.140:80 | reddit.com | tcp |
| US | 151.101.65.140:443 | reddit.com | tcp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 151.101.65.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.65.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.65.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.1.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.1.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.1.140:443 | styles.redditmedia.com | tcp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 95.101.143.195:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.76:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.202.89:443 | steamunlocked.net | tcp |
| US | 104.27.202.89:443 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.202.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | 18.82.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | rytransionsco.org | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | alsdebaticalfelixsto.org | udp |
| US | 8.8.8.8:53 | ukankingwithea.com | udp |
| GB | 143.204.176.42:443 | alsdebaticalfelixsto.org | tcp |
| GB | 18.244.140.110:443 | ghabovethec.info | tcp |
| US | 104.21.81.106:443 | rytransionsco.org | tcp |
| GB | 143.204.176.120:443 | alsdebaticalfelixsto.org | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 42.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1gpi088t70qaf.cloudfront.net | udp |
| FR | 52.222.196.29:443 | d1gpi088t70qaf.cloudfront.net | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| GB | 54.192.137.68:443 | loaksandtheir.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 8.8.8.8:53 | 29.196.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.169.67.172.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | 96.144.214.23.in-addr.arpa | udp |
| GB | 23.214.144.96:443 | www.aliexpress.com | tcp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.ru | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 2.18.108.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | fcmatch.google.com | udp |
| US | 8.8.8.8:53 | fcmatch.youtube.com | udp |
| GB | 163.181.154.244:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | gj.mmstat.com | udp |
| US | 8.8.8.8:53 | 132.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hd.mmstat.com | udp |
| SG | 47.246.110.44:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | pcookie.aliexpress.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 47.89.80.233:443 | acs.aliexpress.com | tcp |
| GB | 88.221.134.169:443 | time-ae.akamaized.net | tcp |
| US | 8.8.8.8:53 | 244.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.110.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.80.89.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download131.uploadhaven.com | udp |
| US | 169.197.82.27:443 | download131.uploadhaven.com | tcp |
| US | 169.197.82.27:443 | download131.uploadhaven.com | tcp |
| US | 8.8.8.8:53 | 27.82.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamunlocked-com.disqus.com | udp |
| US | 199.232.192.134:443 | steamunlocked-com.disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| FR | 13.32.145.81:443 | c.disquscdn.com | tcp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| FR | 13.32.145.81:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.145.32.13.in-addr.arpa | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 34.233.138.108:443 | realtime.services.disqus.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | a.disquscdn.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 199.232.194.49:443 | a.disquscdn.com | tcp |
| US | 199.232.194.49:443 | a.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.194.232.199.in-addr.arpa | udp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 35.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.26:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 26.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 184.164.136.134:80 | tcp | |
| US | 8.8.8.8:53 | opxdwgdooxfghx.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | hwyhcacrbqfbmc.biz | udp |
| US | 8.8.8.8:53 | iytkafpntalnmy.ru | udp |
| US | 8.8.8.8:53 | jojgaqhhilwjmo.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | kqejxvudbudvdu.co.uk | udp |
| US | 8.8.8.8:53 | dfdfpurshwfvmk.info | udp |
| US | 8.8.8.8:53 | ehxinafoaglimo.com | udp |
| US | 8.8.8.8:53 | fwnenlwiorwete.net | udp |
| US | 8.8.8.8:53 | gyihlqkehbdqkr.biz | udp |
| US | 8.8.8.8:53 | amepqjhgrnyauk.ru | udp |
| US | 8.8.8.8:53 | ncfcqrnaexxmtq.org | udp |
| US | 8.8.8.8:53 | bhonwttvdndmse.co.uk | udp |
| US | 8.8.8.8:53 | owpawcappxcybb.info | udp |
| US | 8.8.8.8:53 | xoihuqihaaidch.com | udp |
| US | 8.8.8.8:53 | lejtuyobmkhpbg.net | udp |
| US | 8.8.8.8:53 | yjsfbbuwlampst.biz | udp |
| US | 8.8.8.8:53 | mytrbjbqxklcbj.ru | udp |
| US | 8.8.8.8:53 | itolitmdsdvvdf.org | udp |
| US | 8.8.8.8:53 | jxpkscqcfataty.co.uk | udp |
| US | 8.8.8.8:53 | joyjoeysedaibn.info | udp |
| US | 8.8.8.8:53 | ksaiymdrqaxmbu.com | udp |
| US | 8.8.8.8:53 | gvsdmbnebpfyyi.net | udp |
| US | 8.8.8.8:53 | hatcwjrdnmddpu.biz | udp |
| US | 8.8.8.8:53 | hqdbslatmpjlpj.ru | udp |
| US | 8.8.8.8:53 | iueadtesymhppj.org | udp |
| US | 8.8.8.8:53 | oquabnajcptjlb.co.uk | udp |
| US | 8.8.8.8:53 | cgvmbspwfudntr.info | udp |
| US | 8.8.8.8:53 | qifyyxmflxtist.com | udp |
| US | 8.8.8.8:53 | exglydcsoddmrw.net | udp |
| US | 8.8.8.8:53 | msyrfubkkcdmsu.biz | udp |
| US | 8.8.8.8:53 | aiaefaqxnhmqbe.ru | udp |
| US | 8.8.8.8:53 | okjqdfngtkdlsm.org | udp |
| US | 8.8.8.8:53 | cakddkdtwpmpri.co.uk | udp |
| US | 8.8.8.8:53 | wxfvsxfrdfbwwi.info | udp |
| US | 8.8.8.8:53 | xcguddsngwojwm.com | udp |
| US | 8.8.8.8:53 | yppuqirnmnbvep.net | udp |
| US | 8.8.8.8:53 | atqtbnfjpfoiud.biz | udp |
| US | 8.8.8.8:53 | uajnwfgslrkasi.ru | udp |
| US | 8.8.8.8:53 | vekmhktoojxmsf.org | udp |
| US | 8.8.8.8:53 | wrtmupsouakyso.co.uk | udp |
| US | 8.8.8.8:53 | xvulfugkxrxlju.info | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | nrlkchpbreldrg.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | bhmwcpvueokpqm.net | udp |
| US | 8.8.8.8:53 | omviixuebmxgif.biz | udp |
| US | 8.8.8.8:53 | ccwuigbxnwwsqc.ru | udp |
| US | 8.8.8.8:53 | japiposdepvwrf.org | udp |
| US | 8.8.8.8:53 | wpqupwywqaujqe.co.uk | udp |
| US | 8.8.8.8:53 | kuagvfxgnxiapf.info | udp |
| US | 8.8.8.8:53 | xkbsvneaaihmxu.com | udp |
| US | 8.8.8.8:53 | vyvgtruxstiyah.net | udp |
| US | 8.8.8.8:53 | wdwfeaywfqgdqb.biz | udp |
| US | 8.8.8.8:53 | wtgeaiabccucqu.ru | udp |
| US | 8.8.8.8:53 | xxhdkqeaoysgqc.org | udp |
| US | 8.8.8.8:53 | rhaehyxaffssoa.co.uk | udp |
| US | 8.8.8.8:53 | slbdrhcyrcqwfm.info | udp |
| US | 8.8.8.8:53 | sckcnpddonfvmo.com | udp |
| US | 8.8.8.8:53 | tglbxxhcbkdamo.net | udp |
| US | 8.8.8.8:53 | cvcumlibceobgj.biz | udp |
| US | 8.8.8.8:53 | pldhmqxofjxfoa.ru | udp |
| US | 8.8.8.8:53 | enmtkcnqjygjgh.org | udp |
| US | 8.8.8.8:53 | rdngkhdemepnfk.co.uk | udp |
| US | 8.8.8.8:53 | xegsasldopyugf.info | udp |
| US | 8.8.8.8:53 | lthfaxbqruiyoo.com | udp |
| US | 8.8.8.8:53 | avqrxjqsvkqdnk.net | udp |
| US | 8.8.8.8:53 | nlrexoggypahmg.biz | udp |
| US | 8.8.8.8:53 | kdmqevnjdtvorw.ru | udp |
| US | 8.8.8.8:53 | lhnpobbfgljbrb.org | udp |
| US | 8.8.8.8:53 | muwpcmsykonwrj.co.uk | udp |
| US | 8.8.8.8:53 | nyxomrgungbjiw.info | udp |
| US | 8.8.8.8:53 | glqordqlpfgigm.com | udp |
| US | 8.8.8.8:53 | hprnciehswtugj.net | udp |
| US | 8.8.8.8:53 | idbnptvbwaxqng.biz | udp |
| US | 8.8.8.8:53 | jhcmayjwarldem.ru | udp |
| US | 8.8.8.8:53 | frlyqbjaatffx.org | udp |
| US | 8.8.8.8:53 | sfgktjvmlxxyw.co.uk | udp |
| US | 8.8.8.8:53 | gqjjxlvmolxcv.info | udp |
| US | 8.8.8.8:53 | teeubtiyapqve.com | udp |
| US | 8.8.8.8:53 | dcqquvytxntct.net | udp |
| US | 8.8.8.8:53 | qplcxelgjrmvs.biz | udp |
| US | 8.8.8.8:53 | ebobcglgmfmyk.ru | udp |
| US | 8.8.8.8:53 | rojmfoxsxjfss.org | udp |
| US | 8.8.8.8:53 | jvtrrmltwygbx.co.uk | udp |
| US | 8.8.8.8:53 | kxovmuvoinxmo.info | udp |
| US | 8.8.8.8:53 | kurcywxglqyxv.com | udp |
| US | 8.8.8.8:53 | lwmgtfibwfqjv.net | udp |
| US | 8.8.8.8:53 | hgyjvhbnusuxf.biz | udp |
| US | 8.8.8.8:53 | iitnqplighmjv.ru | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | ifwtdrnajknuv.org | udp |
| US | 8.8.8.8:53 | jhrxxaxuuyfgv.co.uk | udp |
| US | 8.8.8.8:53 | llaepliiquabm.info | udp |
| US | 8.8.8.8:53 | yyupsqernewmu.com | udp |
| US | 8.8.8.8:53 | nhxynvuhdudst.net | udp |
| US | 8.8.8.8:53 | buskqbqqaeaes.biz | udp |
| US | 8.8.8.8:53 | jvfvtgxcoooxi.ru | udp |
| US | 8.8.8.8:53 | wjahwltllxljq.org | udp |
| US | 8.8.8.8:53 | lrdqrqkbborpi.co.uk | udp |
| US | 8.8.8.8:53 | yfxcuvgkxxobh.info | udp |
| US | 8.8.8.8:53 | ppiwqwkqnafoj.com | udp |
| US | 8.8.8.8:53 | qrdblcefktsij.net | udp |
| US | 8.8.8.8:53 | rlgrohwpaaigq.biz | udp |
| US | 8.8.8.8:53 | snbvjmqewtvah.ru | udp |
| US | 8.8.8.8:53 | nanouraklttlq.org | udp |
| US | 8.8.8.8:53 | ocispwtyinhfq.co.uk | udp |
| US | 8.8.8.8:53 | pvljscmjxtwdq.info | udp |
| US | 8.8.8.8:53 | qxgnnhgxunkwh.com | udp |
| US | 8.8.8.8:53 | cnyyvtelthiiq.net | udp |
| US | 8.8.8.8:53 | pbtkycqxflbcp.biz | udp |
| US | 8.8.8.8:53 | dmwjdkjromjvh.ru | udp |
| US | 8.8.8.8:53 | qarugsveaqcpp.org | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | xeenhovgvraof.co.uk | udp |
| US | 8.8.8.8:53 | lryykwishvsie.info | udp |
| US | 8.8.8.8:53 | ydcxofbmqwbcd.com | udp |
| US | 8.8.8.8:53 | mqwjrnnycbtvl.net | udp |
| US | 8.8.8.8:53 | grhrwfgfqmjeq.biz | udp |
| US | 8.8.8.8:53 | htcvrnqacbbph.ru | udp |
| US | 8.8.8.8:53 | hqfcevlllrkrh.org | udp |
| US | 8.8.8.8:53 | isagyevgwgcdh.co.uk | udp |
| US | 8.8.8.8:53 | cimgiaxaswbkq.info | udp |
| US | 8.8.8.8:53 | dkhkdiiuelsvh.com | udp |
| US | 8.8.8.8:53 | dhkqpqdgnccxo.net | udp |
| US | 8.8.8.8:53 | ejfukynbyqtjo.biz | udp |
| US | 8.8.8.8:53 | ihneuedwkglwh.ru | udp |
| US | 8.8.8.8:53 | vuipxjyghpiip.org | udp |
| US | 8.8.8.8:53 | kdlysuijdxgxh.co.uk | udp |
| US | 8.8.8.8:53 | xqgkvaesahdjg.info | udp |
| US | 8.8.8.8:53 | rlnejeqbjaaoe.net | udp |
| US | 8.8.8.8:53 | gtqnepaefixed.biz | udp |
| US | 8.8.8.8:53 | thlyhuvncrupc.ru | udp |
| US | 8.8.8.8:53 | mlvwvpffhlqke.org | udp |
| US | 8.8.8.8:53 | nnqbquytefeee.co.uk | udp |
| US | 8.8.8.8:53 | ohtrtgkradlle.info | udp |
| US | 8.8.8.8:53 | pjovolegwwyfu.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | icblhkwajviqe.net | udp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jevpcpqogpvke.biz | udp |
| US | 8.8.8.8:53 | kxygfbcmcndrl.ru | udp |
| US | 8.8.8.8:53 | latkagvbyhqlc.org | udp |
| US | 8.8.8.8:53 | ledgouctjwwga.co.uk | udp |
| US | 8.8.8.8:53 | spora.bz | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | ytetldogrtlay.info | udp |
| US | 8.8.8.8:53 | mdbqvfogxopdx.com | udp |
| US | 8.8.8.8:53 | ascesnbsglewg.net | udp |
| US | 8.8.8.8:53 | joixscfoslbeh.biz | udp |
| US | 8.8.8.8:53 | wejlpkrbbipxg.ru | udp |
| US | 8.8.8.8:53 | kngiamrbhdtbx.org | udp |
| US | 8.8.8.8:53 | xdhvwuenpaiug.co.uk | udp |
| US | 8.8.8.8:53 | tulsigipoanql.info | udp |
| US | 8.8.8.8:53 | uymujoskwlcgc.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | utjdpqucdrgnj.net | udp |
| US | 8.8.8.8:53 | vxkfqyfwldudj.biz | udp |
| US | 8.8.8.8:53 | rfqkmnlkxoroh.ru | udp |
| US | 8.8.8.8:53 | sjrmnvvfgagex.org | udp |
| US | 8.8.8.8:53 | seoutxxwmgklx.co.uk | udp |
| US | 8.8.8.8:53 | tipwugirurybx.info | udp |
| US | 8.8.8.8:53 | rxrlnfbcgqxao.com | udp |
| US | 8.8.8.8:53 | fnsykkwlnhepw.net | udp |
| US | 8.8.8.8:53 | ttpglpnbsqbrv.biz | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | hjqtiujkahhhu.ru | udp |
| US | 8.8.8.8:53 | piwdrmewpfcxv.org | udp |
| US | 8.8.8.8:53 | dxxqoragwvine.co.uk | udp |
| US | 8.8.8.8:53 | reuxpwqvcffpv.info | udp |
| US | 8.8.8.8:53 | ftvlmcmfjvlfu.com | udp |
| US | 8.8.8.8:53 | aoaxhqhmltggw.net | udp |
| US | 8.8.8.8:53 | bsbaivbbsydaw.biz | udp |
| US | 8.8.8.8:53 | ckxsfbtlxtjxe.ru | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | doyuggnafygru.org | udp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xyfplxkhuikes.co.uk | udp |
| US | 8.8.8.8:53 | ydgrmdevcnhxs.info | udp |
| US | 8.8.8.8:53 | audkjiwghinvs.com | udp |
| US | 8.8.8.8:53 | byemknquonkpj.net | udp |
| US | 8.8.8.8:53 | iaqgtnyydgpon.biz | udp |
| US | 8.8.8.8:53 | vprtqvllldeim.ru | udp |
| US | 8.8.8.8:53 | jyoqbeefxlqce.org | udp |
| US | 8.8.8.8:53 | wopexmqrgifvm.co.uk | udp |
| US | 8.8.8.8:53 | eqvufuahqtrtn.info | udp |
| US | 8.8.8.8:53 | rgwicdmtyqgnm.com | udp |
| US | 8.8.8.8:53 | fptfmlfnlyshl.net | udp |
| US | 8.8.8.8:53 | sfusjtratvhbt.biz | udp |
| US | 8.8.8.8:53 | qqysnyfuijgyy.ru | udp |
| US | 8.8.8.8:53 | ruauohppquuop.org | udp |
| US | 8.8.8.8:53 | rpwdupkbdohmp.co.uk | udp |
| US | 8.8.8.8:53 | stxfvxuvlavcp.info | udp |
| US | 8.8.8.8:53 | mhehyggdvwien.com | udp |
| US | 8.8.8.8:53 | nlfjaoqxeiwte.net | udp |
| US | 8.8.8.8:53 | ngcrgwljqcjrl.biz | udp |
| US | 8.8.8.8:53 | okdthfveynxhl.ru | udp |
| US | 8.8.8.8:53 | otflsxxkaxybe.org | udp |
| US | 8.8.8.8:53 | cjgypdtthofqm.co.uk | udp |
| US | 8.8.8.8:53 | qpdgqodwsptce.info | udp |
| US | 8.8.8.8:53 | efetntygagard.com | udp |
| US | 8.8.8.8:53 | kkkaefysnlbge.net | udp |
| US | 8.8.8.8:53 | xalnbkucuchvm.biz | udp |
| US | 8.8.8.8:53 | mgiucvefgdvhl.ru | udp |
| US | 8.8.8.8:53 | avjiybaontcwk.org | udp |
| US | 8.8.8.8:53 | wknxmjeufbhhm.co.uk | udp |
| US | 8.8.8.8:53 | xooanoxjmgebm.info | udp |
| US | 8.8.8.8:53 | yglskajhxscim.com | udp |
| US | 8.8.8.8:53 | akmulfdvfxycd.net | udp |
| US | 8.8.8.8:53 | sbsmxqfdsojmb.biz | udp |
| US | 8.8.8.8:53 | tftoyvyratggb.ru | udp |
| US | 8.8.8.8:53 | uwqhvhkplgeni.org | udp |
| US | 8.8.8.8:53 | vbrjwmeeslbhy.co.uk | udp |
| US | 8.8.8.8:53 | kdffujtoedveg.info | udp |
| US | 8.8.8.8:53 | xqaoergptccof.com | udp |
| US | 8.8.8.8:53 | lxphotgbxjxje.net | udp |
| US | 8.8.8.8:53 | ylkqxcscnietm.biz | udp |
| US | 8.8.8.8:53 | inkwyejicwkbc.ru | udp |
| US | 8.8.8.8:53 | vbfgimvjrvqlb.org | udp |
| US | 8.8.8.8:53 | jiuysovuvdmgs.co.uk | udp |
| US | 8.8.8.8:53 | wvpicwivlcsqb.info | udp |
| US | 8.8.8.8:53 | ohnxvtdkvoexd.com | udp |
| US | 8.8.8.8:53 | pjiawcnqlhuet.net | udp |
| US | 8.8.8.8:53 | qescqmadfnwjb.ru | udp |
| US | 8.8.8.8:53 | mrspaosetisuk.org | udp |
| US | 8.8.8.8:53 | ntnrbwdkjbjbb.co.uk | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | nmdrtyfqnouab.info | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | ooxtuhpwdhlgb.com | udp |
| US | 8.8.8.8:53 | yhvpflkppxkft.net | udp |
| US | 8.8.8.8:53 | muqyoqgkidilc.biz | udp |
| US | 8.8.8.8:53 | bygsqvwohxnob.ru | udp |
| US | 8.8.8.8:53 | ombcabsjadlua.org | udp |
| US | 8.8.8.8:53 | wrbhjgajnrycp.co.uk | udp |
| US | 8.8.8.8:53 | kfvqslvegwwix.info | udp |
| US | 8.8.8.8:53 | yjlkuqmifrclp.com | udp |
| US | 8.8.8.8:53 | mwgtevidxwaro.net | udp |
| US | 8.8.8.8:53 | dleigvtwhjkut.biz | udp |
| US | 8.8.8.8:53 | enykhbnaaijft.ru | udp |
| US | 8.8.8.8:53 | fdolrggvyjneb.org | udp |
| US | 8.8.8.8:53 | gfjnslayrimor.co.uk | udp |
| US | 8.8.8.8:53 | bvjakqjqfdyrb.info | udp |
| US | 8.8.8.8:53 | cxeclvdtxcxcb.com | udp |
| US | 8.8.8.8:53 | dntdvbvpwdcbb.net | udp |
| US | 8.8.8.8:53 | epofwgpspcblr.biz | udp |
| US | 8.8.8.8:53 | hysfacoakdlly.ru | udp |
| US | 8.8.8.8:53 | umnojkbbacrvx.org | udp |
| US | 8.8.8.8:53 | itdhtstglxwyp.co.uk | udp |
| US | 8.8.8.8:53 | vhxqdbghbwdjx.info | udp |
| US | 8.8.8.8:53 | dpxtlwgumndrn.com | udp |
| US | 8.8.8.8:53 | qdsdufsvcmjcm.net | udp |
| US | 8.8.8.8:53 | ekivfnlbniofl.biz | udp |
| US | 8.8.8.8:53 | rxdfovxcdhupt.ru | udp |
| US | 8.8.8.8:53 | ldbxbmxvcotfv.org | udp |
| US | 8.8.8.8:53 | mfvacuicrhklm.co.uk | udp |
| US | 8.8.8.8:53 | mxlauddcdjfsm.info | udp |
| US | 8.8.8.8:53 | nagcvlniscvym.com | udp |
| US | 8.8.8.8:53 | htgmmhpqeyllv.net | udp |
| US | 8.8.8.8:53 | ivbonpawtrcrm.biz | udp |
| US | 8.8.8.8:53 | ioqogxuwftwyt.ru | udp |
| US | 8.8.8.8:53 | jqlqhgfdumnft.org | udp |
| US | 8.8.8.8:53 | vdjpkefevajwo.co.uk | udp |
| US | 8.8.8.8:53 | jqeytjbyofhdw.info | udp |
| US | 8.8.8.8:53 | xutsvukqukdxo.com | udp |
| US | 8.8.8.8:53 | rtoevywyxkbdd.biz | udp |
| US | 8.8.8.8:53 | fhjnfestqpyjl.ru | udp |
| US | 8.8.8.8:53 | tlyhhpclwuuek.org | udp |
| US | 8.8.8.8:53 | hytqquxgpaskj.co.uk | udp |
| US | 8.8.8.8:53 | ahriloolnljmo.info | udp |
| US | 8.8.8.8:53 | bjmkmtiogkiwo.com | udp |
| US | 8.8.8.8:53 | cyclwftxmvdno.net | udp |
| US | 8.8.8.8:53 | dbwnxknbfucxf.biz | udp |
| US | 8.8.8.8:53 | vxwwwjggpvbso.ru | udp |
| US | 8.8.8.8:53 | waryxoajiuado.org | udp |
| US | 8.8.8.8:53 | xphaialsogutv.co.uk | udp |
| US | 8.8.8.8:53 | yrccjffvhftem.info | udp |
| US | 8.8.8.8:53 | qpwmsdqvnouua.com | udp |
| US | 8.8.8.8:53 | efxxvldwapijy.net | udp |
| US | 8.8.8.8:53 | rkhomndihuwax.biz | udp |
| US | 8.8.8.8:53 | faiapvpjtvkog.ru | udp |
| US | 8.8.8.8:53 | oacewktqwdysh.org | udp |
| US | 8.8.8.8:53 | cpdpasgrjemhg.co.uk | udp |
| US | 8.8.8.8:53 | pumgqugdqjbxx.info | udp |
| US | 8.8.8.8:53 | dknrtdsedkomg.com | udp |
| US | 8.8.8.8:53 | ygfymnvsnhehi.net | udp |
| US | 8.8.8.8:53 | akgytvgyangny.biz | udp |
| US | 8.8.8.8:53 | abpbgxifhngmg.ru | udp |
| US | 8.8.8.8:53 | bfqbngslttisg.org | udp |
| US | 8.8.8.8:53 | wqkqquynwvife.co.uk | udp |
| US | 8.8.8.8:53 | xulqxdjtjcklu.info | udp |
| US | 8.8.8.8:53 | xluskflaqckku.com | udp |
| US | 8.8.8.8:53 | ypvsrnvgdimqu.net | udp |
| US | 8.8.8.8:53 | ftnwdfhwfcdxn.biz | udp |
| US | 8.8.8.8:53 | sjoigkdrixuev.ru | udp |
| US | 8.8.8.8:53 | hlxaoptvwcghu.org | udp |
| US | 8.8.8.8:53 | ubylrupqaxxnt.co.uk | udp |
| US | 8.8.8.8:53 | desohmkroqhvu.info | udp |
| US | 8.8.8.8:53 | qttakrgmrmycd.com | udp |
| US | 8.8.8.8:53 | fvdrswwqgqkfu.net | udp |
| US | 8.8.8.8:53 | sledvcsljmclt.biz | udp |
| US | 8.8.8.8:53 | nkvjwpmffuqcy.ru | udp |
| US | 8.8.8.8:53 | oowjeugiivoqy.org | udp |
| US | 8.8.8.8:53 | pcgmiayewutlg.co.uk | udp |
| US | 8.8.8.8:53 | qghmpfshavraw.info | udp |
| US | 8.8.8.8:53 | lubbbwpaojuau.com | udp |
| US | 8.8.8.8:53 | mycbicjdrksou.net | udp |
| US | 8.8.8.8:53 | nmlemhcygjxju.biz | udp |
| US | 8.8.8.8:53 | oqmetmvcjkvxl.ru | udp |
| US | 8.8.8.8:53 | nlkmxvnbtkahn.org | udp |
| US | 8.8.8.8:53 | bblxbeacglnvm.co.uk | udp |
| US | 8.8.8.8:53 | oguormshuflue.info | udp |
| US | 8.8.8.8:53 | cvvauufihgyjm.com | udp |
| US | 8.8.8.8:53 | jcpbjdojhxcmn.net | udp |
| US | 8.8.8.8:53 | wrqmmlbktypbm.biz | udp |
| US | 8.8.8.8:53 | kwaddttpisnal.ru | udp |
| US | 8.8.8.8:53 | xmbogcgqutbot.org | udp |
| US | 8.8.8.8:53 | vcsyrgsxtdjtv.co.uk | udp |
| US | 8.8.8.8:53 | wgtyyodegjlam.info | udp |
| US | 8.8.8.8:53 | wwdblwxeuxuhm.com | udp |
| US | 8.8.8.8:53 | xbebsfikhewnm.net | udp |
| US | 8.8.8.8:53 | rsxndntghqlyk.biz | udp |
| US | 8.8.8.8:53 | swynkvemtwnfb.ru | udp |
| US | 8.8.8.8:53 | snipweymilwmi.org | udp |
| US | 8.8.8.8:53 | trjpemjsurysi.co.uk | udp |
| US | 8.8.8.8:53 | cpbwixeflarud.info | udp |
| US | 8.8.8.8:53 | pfcildaaovjbl.com | udp |
| US | 8.8.8.8:53 | ehlatojrkklvd.net | udp |
| US | 8.8.8.8:53 | rwmlwtfmngdcc.biz | udp |
| US | 8.8.8.8:53 | xggltffnyntad.ru | udp |
| US | 8.8.8.8:53 | lvhwwkbicjlgl.org | udp |
| US | 8.8.8.8:53 | axqofvkaxxnbk.co.uk | udp |
| US | 8.8.8.8:53 | nnraibgubtfhj.info | udp |
| US | 8.8.8.8:53 | kgjjcijnlsfyo.com | udp |
| US | 8.8.8.8:53 | lkkjjndqotdno.net | udp |
| US | 8.8.8.8:53 | mxtmnyoakdyao.biz | udp |
| US | 8.8.8.8:53 | ncumueidnewof.ru | udp |
| US | 8.8.8.8:53 | gwoxnpkvyghed.org | udp |
| US | 8.8.8.8:53 | hbpxuueychfsd.co.uk | udp |
| US | 8.8.8.8:53 | ioybygpixqbfk.info | udp |
| US | 8.8.8.8:53 | jsabgljlbrytb.com | udp |
| US | 8.8.8.8:53 | onaehfsbhnpk.net | udp |
| US | 8.8.8.8:53 | cbupknfnsrie.biz | udp |
| US | 8.8.8.8:53 | pmxkbpfqnnfw.ru | udp |
| US | 8.8.8.8:53 | dasvexrdyrxq.org | udp |
| US | 8.8.8.8:53 | mpeekaiuspep.co.uk | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_2852_KEYYALCBSICAMQZA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9d2d7e92ccb89c2ec2962547f7375e1f |
| SHA1 | 14a6208e0e0b05c62c2e7d96b2922d498bf87b61 |
| SHA256 | be3571e677a21c6bb230e06d7bf6b31a431034eb077f709444ac9bfb0df1ab23 |
| SHA512 | d105f1b01d45fa7186dd2cbe9138ed44da01d23af2a1f889a3b172e83b9f2ce8641f3cf3dce9a52ffbda36a51c48d7275c9026348257b943f5c906ff0f5bc4eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55593e1a73a54279b04995bf8eacae18 |
| SHA1 | 13742f5845d5b963f307616fd53b31794c3e6fea |
| SHA256 | 9d2b7d8c387f9bd75e6fa2fe94e5d412d76c7fd22f40218e43b9e7045b047724 |
| SHA512 | b42d33cb125cfd1a23389c44993245f67e080eb313e589698fe5b28f08df1e7f622f8115941f50df5fccf0dc6ae8f894a35bf898d74e05209da785439c1ec7e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cadadffa584ab59a729c83073195c07 |
| SHA1 | 0c4fc081e469c3064200915a63a2c7b4e43ef599 |
| SHA256 | 2d0de61d29404ae2bd53d1badad5c96d113b6459d7dba6511e490c48acb33561 |
| SHA512 | 234c31f2c09da75b908cd81fa6466ed2932ab41c89aa077d98e4bcc7d331615fce25e79c923f861cafd5d59c8dac8aae39eb0bdf378f74dd448c256fd75bbbec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bfc960b41c02e63ddcb1e323c39a1884 |
| SHA1 | f63b621a7b697c7386521a4689954440c58fa65e |
| SHA256 | a7529b6a1ade0e2abd2932c726f0a08f0b38ea2bea4753117d874bc223c48302 |
| SHA512 | 39038c7fba66439963164b0a9580d17baa7b0c7333f108c2d109d0ae51ba5e7c26105d9e2d83ee5f5a3e7729a67081b3beb52f44a715f60d10c67b4d7919b5d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808b5.TMP
| MD5 | 34f08d191cdd9d31d97d82c6eddb81d5 |
| SHA1 | 438a36e9912c1db8f99a1e4aa4a1ecd214263dc1 |
| SHA256 | 541022b11c136b576caeaa389dbee7b281f1fd416969e34f692045ce17f72a5a |
| SHA512 | 06f83bde585e1a41cd8776da9436631065d78b8c5409237112646a3501b0fc716c901e25c828420fd3556bdd5bfc215e4205d23b4bb37cad2668ab6373b12467 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ac54537ba190b8fc7a7974cacdb58a55 |
| SHA1 | 101ea91e1e4252d98409d382b616aa2ad77535a7 |
| SHA256 | f0d9c483dcf752d0505abd1846184caf772e833122b2afacbfa8f2f8924b261a |
| SHA512 | 3aea1d453301c5aa5cbdeee94a8a75faf65fdfcb3f9a37ce620d1525dd09d674f446d519101740e4e238c2a51498af4d5c1f375e9c7a4a0f989d1511d0be4b81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581671.TMP
| MD5 | 7d2fc68c68eae7f38fea040b7040f09a |
| SHA1 | 6a437a40601adec0abcae16c7018dec97b079551 |
| SHA256 | ec98584ddcccd8406783215f1ad34cf454653ed20518ca6c53791b739ca1bfed |
| SHA512 | de582f5b34a5e241930ff73d44de9e34d040444b6e29dd8e9faf62a5b691fb811596f16dc83a501659eac2e7dfb953c6fd647a2f9ec50f6914a395249040816a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4db91dfe56dd9131edaa5b450d01bbde |
| SHA1 | ce53301e9e862d2a14d29bea0beae1c14a79c159 |
| SHA256 | 2e9ce6aa8ddd09d7d2026fa350340c4311220b0194e9686c56beca011f81990d |
| SHA512 | 4f488495210c90bca5c97e931352799041e5a1374dcb13f4608bb821881297f5563c1e506ff77f8fb0c8f5301ab80dbe6dd7cd26214eb966e03e9706cfa0b0ab |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 04b66c733e18b93d93b7d42bbc444989 |
| SHA1 | 8bf9766cacd9d3e85d98bcf9fda2881af3be5033 |
| SHA256 | 60c4ce5a860c431cb6a7123f5166c7ad63d53c92410f069bf29e539169da4f2f |
| SHA512 | 076da393aea7d6368b8606338a6abe30bba574c941bc40aaa43f8f6b2433849dd8b3f045e7f3b4f08947bd4074ce6fae9ebd2e7cd0fa89d8e1e0d46166041029 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 73bf5b20a55866b888b1166c24c4fa5f |
| SHA1 | c2b61629d4f66a1b44da5b7997fc7397473001b9 |
| SHA256 | 6dbf04c517d90033538383fc54e7e4c95736be9ec69c5c607e46a5ff6f4008a3 |
| SHA512 | 71c40c933961b9df158e5ae6a9d7bfdfe76cb8fab14f1ae9fe2b75cead4f76f36583c340600e9c8516a51b692390b00dfcde090f0c377eed46638ea6cc958f4c |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 42d69156d3514375d7c0f6000977ba03 |
| SHA1 | 3f2ba4365b2ba9286d6dd4a0c69d53edbeedf53f |
| SHA256 | 58d0a9bc62fcf13cfe5435369a6a5bbc1c501a2a9920397ffdb6d98d37782001 |
| SHA512 | 7fa23f550f1a06adb46c04fbef258b8daff9d1c7070f3a5f2d9c49c72189fd2b739bd01c6e314517b060d219c18868c434df67dc064af0f165ef1971a0b4d907 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 2cfe9c843f0ff7a14b50729577978dc6 |
| SHA1 | b95279b90d1874b9ff51fdba515ba692fe5b08ba |
| SHA256 | bf639d10ca255cb3de25cdba9efdb1baaabb5fa15a86b109431359b5ae362fa1 |
| SHA512 | 2963408711c41c46975d2863a3eeb01e94a1a43c2dbe3a336fb41cae4182372015abc12fda7d5c5e204140ffe3df03127e9d39273ac76f710b927b46c8ea6054 |
C:\vcredist2010_x64.log.html
| MD5 | 3e35803a19d6fa299495c9f0f272ff2e |
| SHA1 | 5d3afdec064064ac5e746dcf39f5e0186afa4c09 |
| SHA256 | 8b24464da6cd90de0276c351c173b45c5ef4badcfc0f36033600a1507692528b |
| SHA512 | f8d1520449390ae85239cf2fbf23119f6585b65c0a9d562063122332d5577a43a8237f97e7c8ecdf96e769f9d93d86e6e286dc2ed9fafbe888af137fbc4d79b7 |
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | 41d88ff00f62e64f018544cb361c5d1d |
| SHA1 | 2a149306982fb7c32476ce49a630a106af4ce394 |
| SHA256 | 5fa31666eeb01c798652d9b97adcc3d79002e766160acf6c1e7a27b53e14f574 |
| SHA512 | 5089043995b033c2de21e4c2f53fb01f32eb8957f5eeeb278c1b75548af6d699368c4ffcdf63a09d16ba9cc38eafc20eca0d33f59f219052b457943dd6b623ff |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 04a00a2e8396fd497490be64a68eda71 |
| SHA1 | f37758cd0159cadb91e8217174cabeec34b1b8a0 |
| SHA256 | 197141882188ba35bcc57641d92bebcad235a7bd7a7548f19f078799551d680a |
| SHA512 | 9c7993b871208b7d31f9f9e1efbd00b803cac83fceb0d09fca2f2b9a10701e25b584550e404f8050f6507bb6321d84d15f3c9094fdac35f466587b953f4f493d |
C:\vcredist2010_x86.log.html
| MD5 | 1d26224030690f252ad3a50f1efb3745 |
| SHA1 | 9b45f3944b0ff417d1d60d4d9316fa4a3fe1d909 |
| SHA256 | bfffe82f0999feff9dcc31765b22abbff452833d1cae7e203590acf27c3354c9 |
| SHA512 | 985278b212a792af96d412bcc2d3d301fa1a5bd8fbc75f6e0a6600008a34109658c986a13e58cf59d804e9587525d75105375c4ef082ad6843323f74c038364f |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | ab46e5013feaced9078102cd8f488002 |
| SHA1 | 31452d965d5b1a38020c8e48432a8fa04b1ea272 |
| SHA256 | 30b323dc0813dd6c653a3d9d6cb202d807c22762d5baf312c2da30aa086159df |
| SHA512 | bc538b9be6cc5e3080acc6cdc2e25928a8b0f96f265e13257cb3f333899b7c7c6f22fc32cebc9cd972d924c03ef6e44341a94acbe199517e439687d9995290d7 |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | 285ecf8c7bfa50e3b0480a0f74f8c655 |
| SHA1 | 21d5e452e3a9835c9de61e8177e60fe94fe0659f |
| SHA256 | 6e1b7c861d13f8ef8bf20337eb3e04a6d366d2a0634938b539a46d44ce43b7fc |
| SHA512 | ed321c2c39af13b247fa1571569d0ec8a144be3ace9088b61879665d7720640f47d2c3cfe850e5c01f0dc9e08395a89ad02ae5a534d02a69af5f47c2d0dc1994 |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 98f0d91950cfbbdd624eabecaddf7fa1 |
| SHA1 | f3c31ffd505cbf7a1923c27d052a23f2dcd0e308 |
| SHA256 | ca5ffb63f02890e0d79db5135b4d45f0b244c21cfa2baf04d86753eed89f237c |
| SHA512 | 8b0bb434741b212284ef21a6e39184fe450f828f2186b2a173c0652f19f9c3f4dc81baa9c98605e7e3a298fe76bb98457ae31978196e26c3d6f6e3299d5122f5 |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | 3fc962169cf87e54c1988887e7cbd170 |
| SHA1 | aa38716515922bc8b328dc047235c54f5e92eb1a |
| SHA256 | 9f9c63562f940c93af98a45964367642afb336b5eb75b9f6a7eb6dca6f6b1069 |
| SHA512 | 65b12efa8f386a066ffb1cf2a2dab6b9ee25cf985c405495c21e716bc56172e93caeabe6e47315e26d28599b5c9289831219cf588ba403af3554887399b344cd |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 3511f14fb8169dc5ca49e828c444ff63 |
| SHA1 | be678eb67cd7d65c85d7e55894d0bf33b6e54d60 |
| SHA256 | 0dc7373607ecf4d6030bc0b3e48487508c931bdb27a70fc7689414a3941369d5 |
| SHA512 | 4c47696d14dd9b16759b00f7845d39b8c51adb7ea17e433a478486f6dc010f2937b5aae1d2d1dbc0e70a7c613c6de08298d88ee2a74c1eecdce475c3fc1eced4 |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 6e142fac1d0ba7473937a2501db703de |
| SHA1 | c87f08adc607e61716915c9f5a3d5b7d545cf620 |
| SHA256 | b9b13d9bc6340546488111e691e09c7f7a97d4e5d68479f051ad124fea3b78a7 |
| SHA512 | ced07848b6f57acdd1dbc8e59240a6fb87431d9574c170a1de8e221239ce27bc547507b07b084799f3060a7e95fbcf9101721805c0b7705c3054cc097177b34f |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | bde7f6d7ea85d126da96f26ff904fd78 |
| SHA1 | 60bdb6d86e60d898a0a3ada3d4a7cbcf36049fdd |
| SHA256 | 0d0c9badc3343ae0cb2e6672866a3a339441722945d5a6753355b3b38fbc0419 |
| SHA512 | 4487304ea9d21c395c641d6883e1affed56d4155ef6ed12ef5ee94ec05bfa1f236975d389d069ed0dc1d607af72c4022e1de5ca10d1ddf20d182f4b4d44422ae |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | cf55d9dd8691b2569ce6aee9744ebc07 |
| SHA1 | 854d21f9363e9a175443f86f44164b114ae5f794 |
| SHA256 | 2b4f5e088627cf848fefd72dd797683e36f8154f617fc653a3861c468ab57096 |
| SHA512 | 2ea3f4e517ca30449ff9298cabd54d97f37da77aacfd6a600ff741cbb663f11025764488698e15ecdfca8536abf62180d51d9cb788f45083c01dc77a384e871a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d5a7da93dfe4d29c8bcbbb7abd08e2e6 |
| SHA1 | 15ca9b12c18b7808ddd4aa67ae43924f42b48dcf |
| SHA256 | eea856fa22b5f6febd65f9e61544bb04035db240475ed3a9a5a3033041b9dd47 |
| SHA512 | c5844310229ac8ea5a9072703a3ac944f2dc4936349419a88da5afb37faa199ad9744115d69217009ac7bec843829bc06ac4af1f6c92f4061f5d0a25a298e801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 85074cb46e3042519beea3d4c4f38cac |
| SHA1 | e51c2b26b7114876e9002ab9c42d1ad4fb89c5bd |
| SHA256 | f74f7263cae094a7595e4cafa6b28540c63549139de0d8ce6eb133d86c50c306 |
| SHA512 | bf526197a839f6b6cbe480a57f186e5ba4f9471fb7f190f5ef3268aa9a68310ce7790bfaf9e88bbca702757410eef4283a29e3e454e6c4356d3330b315e9a0e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e19392285a8578ada0dddc5ccd3297e |
| SHA1 | 0f6c7f55c00528d1495d3adcbd6cb49f433ec93e |
| SHA256 | 02651039c9e5da156bdf9e16259ce662d4f78f6e689152de2c0fd84acb866495 |
| SHA512 | 8e617d577eaf6db283c781c0a392bf10d05ec6f2f982a40d55731993d47692d74dc018d3e82b33c1add7a939af580412f8d696b8f7b1e1a44d4fc4ea123aa287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70c2f326312c26878444cba1a41f9020 |
| SHA1 | 043ba00130a16e39f37baef7c06f1965abbbb330 |
| SHA256 | ab154c7fde4b045c3a6cbf9e0ad0e450f97b52a30a57a1a99daebc62a3913204 |
| SHA512 | abaff258325e91c7c9ace47efb397f316475ef69cb223932a9cfedd305b34aa551195ef8a1525a2452f828a5e202057e7d71fc5a4691b55e970bf52eb3becf7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7d31701f49693146ba6fd7fac5f9452 |
| SHA1 | 1803a56793b69f9b3d4c6ff81fece14fe3c206c4 |
| SHA256 | c056463e050ece0404fb36f6c7a3efacf6d039dcdf7afa3bff8cd7afc486b963 |
| SHA512 | eff4337ba3c505a1c7ea7a985c15862f4d33a803da1345baaf6e4ddd7ec843492d03f47b0db82d42386284fe9574afd62f3cc12bacb2aed433f8e2375dfd435b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d2c33b1ef9facda42dee42e43ffe1ddb |
| SHA1 | 777fbc04ea519d199b27f9983dc8a9c714af6cd2 |
| SHA256 | e072509dd9ae34d55c2662349fe18cf1b2c940b2024fc3b72e87171a9a394488 |
| SHA512 | eab870b945a79e780605e808d9cd908f3d7bb2ddddfea15a9381f2f4b68c64c4dfdb02271aeaa06df271c5ab47bef01d92e672cf594116afd7458e0b40c83474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ac16f70aca51f6f80b7d370752520c11 |
| SHA1 | a17188c04c8d716720707308a645a79bc5167098 |
| SHA256 | f2e96940957ed3b89d5affb083086f107899bb38023d7509355da99375cb855d |
| SHA512 | ddaa8bda8add77e72fdda7c024a575adb27c892c28df61510e35218134363a9db2669df57c57901cefff2a6915a4ef7264800d707b2aa31316ef602f2d3dd73c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4d242ce-029d-4890-84ab-916f013cbb85.tmp
| MD5 | 9d809a2c45d402b032e51431026f564c |
| SHA1 | c12744a096db4fe208b0490fa31af2ea4f7b0a37 |
| SHA256 | 0e3f3276210057fdbdcba4e88a0f4b118a15d6f8448e54fd104c4fdc54cefa17 |
| SHA512 | 9f119db1961a2fb4ac2a059f0181d0d7a4d912804df38be582f845cb4f67cc74fdc711cf5aea739f35ad53228542a79b692399cbffaddb9202c9da6c382e6fc4 |
C:\Users\Admin\AppData\Local\Temp\cb737b10-f390-43b1-900a-7a2653931a0a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5232_108028929\6ab8df64-3d6d-4470-ae00-336e75093de5.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5232_108028929\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 621bac77da78dedd6893b90c1e23688c |
| SHA1 | df2fcd0b1ea94cb3e9937ffcbf9e2732e26d0b51 |
| SHA256 | 2d81bc09f6085f2c4f937f4058f73afaacc769cd120f7d7c4e39439123d95215 |
| SHA512 | 7a51f14325e63ad4394c983052e6fc893c124b2f007e9aa9d89d447de8b6d6f7eddcac310d63cbb941d6e19fc27f210fda56df1f84304d433c546a201697aef1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cb64914fc4ab7473d725c86ec9dac2b6 |
| SHA1 | 67ec4ae5dbb36e1a5875f9216ead6b13a6c765c5 |
| SHA256 | eb73de5c642a33a35eb3674f6c4c0f0fd5d762aafc6f1478001a91af30f69863 |
| SHA512 | c0f0865aa8ed06e6aa92cf142cca019da8effb401564207de7efab20acc91754aec504488a37775d8104ad573c228122a54532e7b5d2688ab5cbae9bc58975a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b65551735e977ca03141c842189c6c8 |
| SHA1 | 8da29e574b9f9ab5782b85742e708eed3408f21f |
| SHA256 | 7e33b7bf43936209d37cef477855dd1b16104278ec451d348553cb0ca39ca141 |
| SHA512 | a8b90fb5b99ee091776902a1f4e4763aaccf11605c91ec831d4cdb6992da0c5ac6aad5c6ebda0cab40fedd9b7663b7360f45bdcf1034df947861a544f578f899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fa086a968301a6fcd20d33905337a350 |
| SHA1 | 0846552d9644f70ce1cbf5fb9e344be9c25a653f |
| SHA256 | 6342d6e6dfc29ad7aa3d4e3eb86c9dee57b90e0af20def85d224ab0e5a087f2a |
| SHA512 | 9f46946402a4bdba9ec39dcf654732218ce3c7dce153899e6f61adf530820faf52496905786778171a77d466494fb669990ca87ac614dd12c25c30b30709e693 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a7c19ce03a5d5817c47d03623be2041d |
| SHA1 | 4fd46f3bd45d29ce61efe6281bd1231ee80af890 |
| SHA256 | db94f2b69d80657260cf91f588aec29448734c29f051fda7be0f74398375c055 |
| SHA512 | b641d8ef26c58fdcff5b3f1e114e2dee8fbe457e9e2a043ca306b04d12a03af5b78e23e68b150d8ae3f4368a781e30ca1e62b8d1d62538842e276a7d21fc8475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 276b56e18260de645db7b0ad7b312b60 |
| SHA1 | 4649ce23ddc978c2efc1bac658a223821caf3621 |
| SHA256 | b55b7ba4df3afd009fbe0880c264287f0c22ebfd64aab31238d9d64b80d3bc25 |
| SHA512 | e97e8b3eee58b624366e2cf6d34b2609d51ddb9fe5898e111dfe534acbd1c3b0e0857284b86b380fb26d1c48f181acddc19f376a0140c4d9ea95afc67cf272ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e0796dcfbc3021bae42742c9d126d55f |
| SHA1 | c9ef6321c5c7389ffc382925a3bd6146879dd06d |
| SHA256 | cc96d629fc9246b9d99b3b9c43a58d2e3c7fd8e43894f4396f770143bbf5d00b |
| SHA512 | 2728bc28bc65758daa7c06fde654b03f255a12109bd32cd1bb46312623512b190cd7e12d5db19a955df2ff8c89e5e677fb46e00b657a45667f5702fe5cb93363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8cb7848d7b4cc629046e713e0bc146b8 |
| SHA1 | c088496ab61f31a03e622028fd3c010170cedf5f |
| SHA256 | 3425d5be766265526d838dd0c5d8729f96d56fb407951ed2457b01d8febe0e73 |
| SHA512 | c65958bb4cbf561503ad3f366e0d28e706a293f271c8cc823ba868b6723794333ccda9d87a0a464bd6897a923a0b3bf438a2fbd80b0dd8d00dc94c5b0a86c1f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84ac2124b72f1640d0425e23af885b41 |
| SHA1 | 55c30c0007f163771a55de09373c8a7533f6ed71 |
| SHA256 | 73a9435332f6afe6bd700e7a02b5f55f1d9acfa658cf344502e2ff4294887935 |
| SHA512 | 3cd34f83bcf28e079eacfdd39c3737b74e073d6799b24fac2c09fcbaed96529d207f1c0478cff8840dfb05970f520b927183ad1b9f160bd76519e35287eedecf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 123584d72d8c5486163b780f18cb3fb6 |
| SHA1 | 2ebfe2d12bc448c0c92a226722fbed64e212a4a4 |
| SHA256 | 71b7d8b5bd9f7fe92cbac0b6eed0ea20c7778c9b3c4c2d6a2368cece855a0d6b |
| SHA512 | db51c29bca38f26ad69970538e3808a9cdab2755810df305fe5994f119ce47555dcf66d556d6cf32611bb7ac9973bea0f4e5f4a4836c3f52cbb8433b91afcca6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5162ca6ee77bac10f9e2a4a41da5b9f1 |
| SHA1 | adb41063511909e95b473db98b9c26b062ae79c1 |
| SHA256 | 03641cec33e5903a3acc99bff7db133dedc8c2f0cbb96f14f0320e342d9bcd2a |
| SHA512 | fc97d874ffdb4a484f4057803e199454dd8689d2d1c9b56e2a46b9add6d8f01e230b8041cbcedf9ec9fdcbf2af4b3b43c1d196a0818f664cffb0dfcf7ff91e30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 84280ba968ed3fe1f0f8b5265e42e066 |
| SHA1 | 71b7b446b3e1feb379b1625852f96c55226fc4d7 |
| SHA256 | b526339cf7805b94c1b8c60aa2a2c374e69af5ee60233c12c7abe60206cd18e1 |
| SHA512 | 3de957ec28c40f4122aea88b77d429e0a5c87a65bc6fd882c5e5d3510f56e1ed0a74466c55c0862f3f7f6fe5cd352859671d6ed997a5307cd23422b8cc2c0af8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3b142a32720869fc59a33d684f85fc6 |
| SHA1 | ae0fa7c17036ca90f5d9ede4c2f62657ec0595d6 |
| SHA256 | fd5bdf01c98c1200a8975b094344307083531cbbcb34ad7abe5b0ec986dc2916 |
| SHA512 | d5b60b94fccd9e8054eb5e0ed95fc8227561a16d48e0312323241058381128ded42dd9fca1ee335e1814e0a522778c6c0c4b57196e8b0d02f388f57c437e9cc3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d9559d40c7c229e26722f409a4e95f0 |
| SHA1 | caf05ae4fee01b30ff3765caf557d75918366dc2 |
| SHA256 | f32eb4284a4b61f163acbc75e91e9736f364b32caa0a626d588b8fd829debfdd |
| SHA512 | 7480d5d88265ed272821b71a7f8cc54969d299677fce69687f630ba9583a1a2226743d4dfe0fae3c53b5302879f5881669142ccd7b92d20b721d69ffebe77880 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 374a251dd56ba8264435a4eb235f2f9e |
| SHA1 | fec69ca1cfb38634c49ff41a13e5aec7b9c1fb07 |
| SHA256 | 1d99d2595a7050275b8bbef277731196d1cf4882319a490c200dbe97f75d69d4 |
| SHA512 | ce8953a4447ded1e62c8cd9dbbf0aac8cdacfc80f678975fb30b364ccbb9f93cf82eaad0b78cf1cdc0b3224036d6b1e4dd8d3fec0b1395e9a5367ac03ace6591 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a85bf528ba88fc6f444bd1b032c0355 |
| SHA1 | e13c0a82c41ea2ab293c3579d3d5566cc3ce19e3 |
| SHA256 | 1a6443da88f055effb59dfbdd4cfcfe4a33e34aa12632010d0177f983c4903aa |
| SHA512 | 4bc6306bb2c1b237f93d77e6048ea7430e0ef6d155f2fc281ddd6cee276b5d58ef475ef5045dd7dc264028a11f7e36b6bb174d9d1e5e5acaa8ddef033001be73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadhaven.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f58adffc1c2faf2ee9009050bb24cd21 |
| SHA1 | ed70549380638e2e62c4857197ab8504f7c72c50 |
| SHA256 | 4bdf6cf00b0765639c1f9a35b58c7ce7106bc305d5a40d93600297bed5019fb3 |
| SHA512 | 4426cd19131737a2ab8c8c9c464ed8d0f40b1518ff8eb7eaac31f59fd63eb696e8375ca6e5c396a667e8b560cedcd79981eb2af4dcbfaba2dc01787924a9f0ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 012a6cfaeee99b3a04be6a1d8498f77a |
| SHA1 | 0600da3af24c08cdaeef47792859c1dd9bfdbcf6 |
| SHA256 | fed2073d08f40395b57361f05123e86f63f1261f5a3b4cba901db9991316e41b |
| SHA512 | 0b9c8afd1ea868403eb6c59e3435528e5779046892da24d1717e9a5b7f78f91e85814a197438a817eb2c82aa22e750a3e99c10f2c7d18e95425233ee8fcba9e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 869862de6c78b4cc1de8d17b4d96ce4c |
| SHA1 | 2498524d9eeb77bf9dca70162aba8c97856bae33 |
| SHA256 | d4e8fa2f7460634c6a9f21b396532dc89599e1db421adbd78e8dc26599c62035 |
| SHA512 | d92beb7dcb371dbf2f48db1a3754fcea88c0d1224bbec6cd049dfd99d6155777f5b7b23f33bb467d824886b4b5237f84c67445743f757a8d56c6734c891e663a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 1f7d03c8f2481c5b71ab4866e8dde17c |
| SHA1 | c6ce28e7c3af03537d104af38a7434a66ab622ce |
| SHA256 | 808185033f7f7545ead4d9da910f3decce7d39e19dabd376d8cd52fc3bb7faf5 |
| SHA512 | 06bbcaa0c1a6adcd83f7c1948f8541abf6407c6876a3cd794e3ef6c3aeaa8faa8fcd011a6ba0cead99ce78dca978a02580db65fa657d5ab9a6f932ab1a4e2916 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6bb6e2e62cd447f7e49d12c24391529f |
| SHA1 | 5123f8fdd1431a69430c66a1415f1ddcfc52e75b |
| SHA256 | aace1796039d79c5fac6075fe33c4ea61114011141fc43be8b951f92302e68ce |
| SHA512 | 37b30b278dfc7aaad999d68abd1c62db6876870cd6a03eb765d7b8e4fc7daa73dbe31f89c5c276a63cdd7b0266471091e8e655b91abc705c523cfab61f5849f4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a70008c47c8140f0b02d030686aab9cc |
| SHA1 | b01f591c26d35f2ea10f745a8647e0c8bda5ff9b |
| SHA256 | 401b7375bc49dceb1ec0a3e12278ff68418518406d07d135f9e9a887aa6a3c08 |
| SHA512 | 0cb5d15c3ec9e1d62e0118774d6287c6ad96be43e1bee20d5f760b17a76c6de1ec8de30d472e0ab80a60afc1251d44b785e524effaf1b3c38aa5ed9cd3e8af2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 95ad70b0720495f26f4b7dc7aa152c13 |
| SHA1 | d325d177460b579980d6b36a4da2defbc709d6ce |
| SHA256 | 7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc |
| SHA512 | ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c91f582e6aeaf7201a5e2d97396f7030 |
| SHA1 | cb9b50206c78ecd43cbb65032958f4ef20d13565 |
| SHA256 | 4d8991d1ff3674f2df57b53588b39d96173580096a089c9e288ba4dbdccf1d41 |
| SHA512 | 9d6a38ac295cfe9b55f32114e53ad3a6ea43e0618345c0aae2dc82272b43390a205e67527ce8a9dd41171c66bfdf11d66d254ebbfddde76389987b60e81d7e36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35ce024a4b6083e11f0c18f0f7c17ba4 |
| SHA1 | d96d6fe62869d870a197655a34b1eaaad3c4408f |
| SHA256 | 22e5951b09845bcb67e4c60ea90293b9b116031883495f9d1178f8d48387a39d |
| SHA512 | a76c83515af241327170ceae019d484e3ceb3e9f0acf7bcb100585b5276573e306f5d8c3754f4f79eb9680b29c0cff5af6cb724b4b1f931c892dd797039cb5cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e2b9bac1666bcb179a370b078f7ae21 |
| SHA1 | 7252583ec23a16b7116876c8b54c6d7f16e3bb16 |
| SHA256 | 383c7567580bcd7c742b2554514d994aad7c48b297cdfc35c335c1dc3707ddc2 |
| SHA512 | e3e964dca558ca3ba69e55516aabc5fccedf5ad2661c965525bee8b45dcab8aa2d4f6ed216ae8bb3a8c93ba44e261fb9166ff5f1d3a0cb9e0b176e3c3089f981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | d18997b5ff59cfb789d8b9e92ddf3908 |
| SHA1 | 1fd2433bad1822f88605f963ab66d3c6da0796ec |
| SHA256 | 20afbaf4324ae695154d8e6841b8112491a6029b337c4794ad7589e3b1d65ef5 |
| SHA512 | 992379e4ce24d5a71708232b4453e7823be7b92d1d883445d3de825d6294810b87b5d0f3f10f8f3628ef0fa8911e2ba1db68947e8674fa253cd6b6991bc80081 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c107927ac2354f5114887c5d15ab833 |
| SHA1 | 44cbad3093440e507f80388002135156c93ee099 |
| SHA256 | 5164122d581076586197a80f147d8762552e530b9d7d5608100e269f0e30f1d7 |
| SHA512 | 9ceba79b2885c22752ce176ce877f7cb860beda9dedf5ebb151d13cfe38be8b335608f5d1317d3a2a4190b6bd56573f0468404201e91e338d362d30a46cf5f39 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e969ebc00e4575b6c34b8647b98d4a2a |
| SHA1 | 0ba4eaa62e29ab6dd41092f470f191ede9e22885 |
| SHA256 | 1d03a1ea226087faa55fb7ee0318484d6947291e7cd8be4426869d6b8dab8d39 |
| SHA512 | c6c8cfed6dab99b341ed01daffc6dd856e216f0d0786e3c48e7910c1be91ffb1e3956d2bdcab95357b396038acdf86d2aaa5f70bb5a03622329edaa503a864eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 59e0b1e5cc3176084c06fe74ae02a415 |
| SHA1 | afe71a29d34e5cf115cd71a1280a47def404bd5f |
| SHA256 | 5e1cb7f7a43a33bd33db8d82235acc7bb4ef896f3c16bf2463908c13ac4a4f29 |
| SHA512 | 522d3598fc97e9b8000f70dc7d0ce39986d27d86f66a3d137a6dd90465d1b3040c1ec65ecf3895e84f6f0b3d9540ff993d656b2894956f7a86e5fc89766cd0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 834204e0d812e277ad6470d72ca5499d |
| SHA1 | 7ea490c707d84d092c97da5e157f34b06fb61ef8 |
| SHA256 | ac53d109d488dd2910190801efaa17233fb8d6c900ac45561ab21cc25dc3565e |
| SHA512 | 6e2f37db1c74a32a3627d84c54b941d4ecf8fb70e0c54cc6c56ac4aa1ddce620adbb424507a0fc4ee786757de85039794fa8fcf0e4b891f1c2c8afbc305fafbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 792f2c9cdc2bbec5b6401d3d8180ae2d |
| SHA1 | 7de7c020235620078d63e04c360c5e6424750474 |
| SHA256 | 7d2d5c183d1bf52f65959ddfaf18702bb7f079e770774942519271843a2605b9 |
| SHA512 | f5ab00a9dbee25a56826d6c2960c7a96d0900f9a90cb712b7571fd652eb2d4b85e389b29f0b1f9ed7ce7d7a74d91d0b3b3381142b8c5cf165fe413571f5f70ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfc3513ba31e11f252723a5b56e4e0af |
| SHA1 | 3cb2ba80abc38ad872c5af60ca30081a509c3f81 |
| SHA256 | 4d2880b5dbb298e1c0e8858f08547bc4051cc2d2840633702d3871d03b7a1c9d |
| SHA512 | 71a8a4875e65f38622c43998db0c4b5fd1fe0a99579734a0d7e723be9dffa2d2227776f37872b99e3e37320b6a06113c5aeda3bb6fc54bcf251e0b5264ed78e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3a97ee8712a8a7c193862203983f5b3f |
| SHA1 | ac3437bd61f9fd3df040bb20c7b5e24589586903 |
| SHA256 | e90b526ff83c8fd77180968b2311f9a18d7d985eaaff2c0d48886cf3d6c5b359 |
| SHA512 | 529121d2e52402e230c3db4edcd44b7a6b1b828abb48d8c4e9aa54200a667697c5d58167a35c749225c9f107fb3f37aa2328316deaabce78058d860f8829ecbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 895699d185a9b4e1927c3316658be104 |
| SHA1 | 5720d455fbdf757cce4966f57b70d14a46509ff9 |
| SHA256 | 7fdf1d53cfe2635db61b880aeb6019e48c387dd43dc155b9b1d3d3899e4653b8 |
| SHA512 | 1f23e33ee9d5512bd16a071d45635a1d4f6c8db7f2871d82703cacc6090ffe3dd08a632e197470558e0dccbdaaed5d78e38e9baf54b0e2a97a62d230baf2e2a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e7c9dec37cf8b87c1aaa4310041d089d |
| SHA1 | 57be5d27829f176d32874fc6c95babf6ee737256 |
| SHA256 | f17b6e60cdfbcdfd8dce061dea06e984cd51b8e0c15c41e0fcce4f5cb05c33e2 |
| SHA512 | 3daf028f4c38257884ca418039a81dc764eecb12d21c8030cb38ca21fefa7961cde1d0070c69c00c0b6c09685d6167cfdff9b5fb83fe30fa9e274ddc8cd1add6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a93da76777d58cfb2a5d96b314cdba4e |
| SHA1 | 4eda366fac63d882f31f197d651fca08acd038fe |
| SHA256 | 4bb481527f844678a397412d042034fdeb15854a9bb386a91949778f4d3d31bf |
| SHA512 | 485ec31886bf31c410adad84656b9598fc745df1ea223e86bbc6a001c64a5daeb1b695f376d82681f5d1043688539dc225f100834af7edb7edf308acfa869bd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c7533fd703dfce5c27c202ae5f90370 |
| SHA1 | e5ad31c98ddc4773747fbaf2687c125cb411afc7 |
| SHA256 | 232d6526be51d87108a94200e47fe0236b57aa44233ebc980261c4316c0a84ee |
| SHA512 | 64b3c1f75a33065f818af6a3eeb9024140067fc2f232a75afb0d2a5797a1accfcdf1d1a3b4c2cfedadbf9d822672df92c401a1292ec4213d4fe7939941b18d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8221adc667d06099b299b021301361e4 |
| SHA1 | 9ff5f32e370208004bb688974804320c6ecdea7a |
| SHA256 | 60cf256e8bc5d09da17a26a7b4a7da85010ef0ef8f0fb5d57f8fa79228b4c40f |
| SHA512 | 0e9dd5509484c95af09f53778757f6c31d31d4d1d9e1b4a45f0290915e4fbe3ab0c724872c7265dad2557a8cfcac065289a7be9897dda71afe0a596e98800162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd6c3a207d465a77de9fdc01e0857094 |
| SHA1 | 33505f0b468d7ceb67fef5ae7c52a804c3b8e920 |
| SHA256 | 26553ac9e7054afc6c167348c0b539205ac087cb2dc69b2b6ec8ed2dee05ce16 |
| SHA512 | fe5cd526f46dce20e9032f514c2ffeafeaf61084817ccf3cc0940f614be6927f880c10c6a7421615f5b8b9368b8b42032b3543b781e58756ff0b7376c325d461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3280144eb87ac94bca16d480b7c944a |
| SHA1 | 81547c9fb7f66fb2a73df63765494a4953d48813 |
| SHA256 | f944bfc5469b8932d2ede47b3201d5aca63984972020ef0d11db377fae50231f |
| SHA512 | 186578ad69f4a3747de02e0a42bb91bef9cb6ac200e3890c357bfb2d02dce690005c15dfce4b2b4524ac4e9e6762ee90c0edb162617f0b3a847d705294aa30c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6b7e0e576379b8850f25e71b52eaf51 |
| SHA1 | 327642d38ac353d82437b64baabd4792ebd2a038 |
| SHA256 | 522cd6903b03492bf29b8d17478cf8daa456d2bb08903bf44a1f702039f75326 |
| SHA512 | 70a8569aabf808a474ff53a3eb508f77bb78146430fd99f1d601e4781d30e971131a6fac57d9be4eaa3a9f8f6edded37a065f3022c758c03720ba78aff2c2e7d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5d827c0e4eb14bdba4f106018f8bf63a |
| SHA1 | db73ce4c6ff582a6618f77db049adce27b43088a |
| SHA256 | 1483d7140de4aa659e855db88b1a6a674c90edb195e03178ac816d648f7c33a4 |
| SHA512 | 986152fef3ee2a9635537666c2a5992fb20d2e1ebb210602ce304e70fb9f3c93349fc5883695fc653c24dbf808320df11d087c6155e933deb099b3531864693d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f9457d3930e6d5c085483492956cf68 |
| SHA1 | a68f57ec68d4195197cf04dcce6608da81bf614c |
| SHA256 | 9ddde5a74c0157b00afef5f05355a09c022e4818ed154f26fb81c4513ba24bb8 |
| SHA512 | 8abf13ab41d8ea52114301d0783cb3b571b210e556e432c68b85ca2355fe728adacf14a716236c0c0014c87cbc3080fe4f08689e606e8e3d32a77a4868ca7a8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fc1ac20365807c3d705df50e90dd9fc5 |
| SHA1 | 336a9a9079026f078eb54f0938e78a658a3b6b90 |
| SHA256 | 2f2156be777bd836aa0c4a7348d4a322a8d0acff4f64c4450cc8b987d0743dd5 |
| SHA512 | 00dd7b63af7642640b22806348e4d2e8af9df0b90d66daa6f69237ec6d594bb8b29d6799c976031bf560959edc8c2d12c622713110bb1935225b201917dea1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 68a73b6319c6f85c96f9a7f739130155 |
| SHA1 | 2fb1253c8647b413173b30d8cf1343c9562574cd |
| SHA256 | 8e0f787f5a677479874026d725c8435e771003503245ea4d696bc35582982ad2 |
| SHA512 | 1e3b9c144ec2a05585404d2f4802c7bf89cb365c5abd2279b818c233bf16275fabbde7b68f8557ab746976c49d96847db6fcd0d9fa1ae7ad284fafd511637fd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | e938739b12a56769d93009345d4044ab |
| SHA1 | 5c566c0dbdb6aa805538b3f7d80c693072e0289f |
| SHA256 | 0d5a83909375a9139c60d36dfe1f580344321ce7c38e7ac9463b17396b44d5d8 |
| SHA512 | 0f133f2e6a918909f00bd1220f5afd05a26177aa17cbe29da35ca60f92f5bcc780f8f396e2123908f33e57c8301bfeb219423869b5f687acbe60d5b022c3fc6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | 72a399553c1c481c801bd0d675da2c11 |
| SHA1 | 6970dfed470aab9fe88eec7ff782d51caeceff64 |
| SHA256 | c9c49c04134fc3700f2c27eb27628e9586fae5450e831234986b290132f469df |
| SHA512 | c4198ee945864130361e2bd60fd686894169951ef0880dffb06c896fba7ed6e1dee28afc77ca54207db396408bfc27cab6a11f9e924de97672c40edffe5904fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50f4e46698c90da73288fec1a2c3b74c |
| SHA1 | ce7b4e4dcb0c6c516e8d8e8b2ada7e8691d72ffa |
| SHA256 | 6e002c8b659c520fc69b355f108043cceb102bd93f31dd37f9f62450f9c2f23a |
| SHA512 | e052f8942fe80be37fdd3c13b488be7eb94c00afc4662b74603f1fea5892581215bed27518abe0b4e14c4dfa76dabed1868ba7db6eeb5354e0610db16fb56bf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd6b7c2cc35a4abbcd416e70993ecc61 |
| SHA1 | dff30715c1e82e50d891ace6abf4d4ef9115f9dc |
| SHA256 | f75bcf5d9c758e293ba165284aa442c1311fa2682243a62ed32fa114e8b3d917 |
| SHA512 | 09d76befd8b9c9de27dd2462ff8518fdcab10209cbf7f8f7907768bf661607cefa89093b517ff527a83bf74efda927244931e0af6958882aa48e69a204482749 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6138058567cbf933816e980df59dbb40 |
| SHA1 | bdec1f97bab200098230af55add6661504c60fa6 |
| SHA256 | 68bd482d349086781a7cc26ceee8fbe49ef66801d9adf8d01ceb1ab9b4f18851 |
| SHA512 | 6589ec3b4b53c09774839558af22c3b0b2c51b73a1c763515eecddc9db9a0436bedc9cf875c1f4ab05f10df274fe5afba34ff7c849a1524596420703686ca1ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a030dfe96f20103335affddf4d899a9e |
| SHA1 | 73d356283f03419a9fccb9c684ba3fe3f3e21fd8 |
| SHA256 | 2e1b1ba0d305da50ecf3f0d9b1b727bf47231a2df11a8895d46143979c9e0be7 |
| SHA512 | 8f8353be2febd7ea7ce79fc42be02e764574aeba17e99f2637568ad26bcb834f117a693bb685d76e2b1461555f24298892457342f52ecbf31eea818c2e06cc6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 70c90c028af8f74e58a69a946bf1b985 |
| SHA1 | 66083ecf9264ea7ed2c0e47a0b39f9752743ce8f |
| SHA256 | aa58064f3387ef25d0df296f856557123a134b84934847c44f5ad5411ddb323e |
| SHA512 | 58c80923a64fa5b75fbabec0efbeb378e1d24670ef056e153204953e23dfa3617ac62fd9dad32fc51754cc2543c745105d3a4614d949dc9ae5b9f64870a2d6c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 048644facf22fe885a90f12e82600de2 |
| SHA1 | 26eba2bf0312514613a7a88c2613775fffaafa5b |
| SHA256 | ff3207725b53f65a43654c7deb58f7123a89ada10ae8fca01f03a7278e8318d8 |
| SHA512 | 5b1c46ee4e4da7ebfd1ebe0642e3c99daf1a97c2c8805dc14d4d6dbc00a455731f91c02bb288b2761b2e99a747c65b6c2bc47e8e74a987c7225b27ae706d48b9 |
C:\Users\Admin\Downloads\Unconfirmed 393226.crdownload
| MD5 | 04fb36199787f2e3e2135611a38321eb |
| SHA1 | 65559245709fe98052eb284577f1fd61c01ad20d |
| SHA256 | d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9 |
| SHA512 | 533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe25e5117250177de3de25f818960693 |
| SHA1 | 42847dbdfd9e13813d07428ddaae87e07b37f1d6 |
| SHA256 | 476253712b4108cc6c77bfee0955f743e35b98a76c23c503d4834bbf89493f7c |
| SHA512 | 4286390f41e9603cad56953700ee422167c010d9814f1d7b238c9f3fab16be7800ef9ce8ed43836918f80a755151dbb1bba12132286ef86a415f18321cdc5823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 837dd4f6acb991ed1502965c8047c059 |
| SHA1 | a046ffb43c001f6005507bebfe92d3190229fe87 |
| SHA256 | bf15d1125b023eb3efb799489f4956c96c3f7ca0ac8b9487d385c747d0f0764b |
| SHA512 | 54bdb139cc3ba81d34ea44d786e87263f6b51f2f72e70cdec6caca41cd781b2b47f42d83f8fd8659f7d85b2968542b728dc9105abbae80eb874915c64dba492e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 03ec5222a387abd46c9d40e5c081141b |
| SHA1 | 346c17e123847975a810e015f59f2fee920c9d31 |
| SHA256 | 7e7761bc51a8380e2ba192b80c81366bdb402e7901177be9d5d86c566b9b3ea8 |
| SHA512 | e7bc75da371dc9b9fd07cfa534b5075ca393de6d2813cb0a3e49d6712cf99152908bd87d0b9cf67a63961e3ac7997ee47f24279a4d6a39b2b6a91bf5838850d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8123b8dbd7bbf1366160a6d4313a0614 |
| SHA1 | 1f1b47582789222233260595edb16e4087402a8e |
| SHA256 | 4da8f62aa6d3d01cf90dd175adda8ea3993fb22a0dc0e1cca563b44f8dd21976 |
| SHA512 | eb1bfbd352f1681feab166a7f501079b274d271cff7c77f4cd55d343ed4b59065f883a9f0a640a158e47a688b55202109abb85fd72b5dd7204e8ad24fb351051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a4bb2bbd2859050961cbdb288d886fd |
| SHA1 | 001d5b3833d1388d11097a30cc2f92b3629979b3 |
| SHA256 | 30ed87d18fd759acbc352e8279945e533630cb4c8746c813d7b4fe4f433991de |
| SHA512 | be490733ec463f7ddc54872604eba0779f8a82785d67403e76498393d6541c083352ef29184d5e5148a4cfcef2dc840aa0c596e770e31e105dc96f431bcdca9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1fcf672024cf7460c93f8881bf392118 |
| SHA1 | 8b6d56bb09ddb7a0b657c1fc07bd200491cf889f |
| SHA256 | c187a19407919cd390787a7b250c7a9c9e62028f37837791ee829f7e37b501b0 |
| SHA512 | 7e53ed9179b7142aed14b41dd01a5dd4716e525d31de1d18e7ba162e5e3fecfea52311f0a583dcb241a917dd3e7cde83b7a2f94fb687f04d8771722fd7ea23ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 56fcda7cf1411dedc438db48e2fbbeb7 |
| SHA1 | 0fbfc130dfacc31162ef7ab75af44257edb5c022 |
| SHA256 | 29f78cb9d21dfdf0511fc0fc9859980b32c9ed43cf82705b68f94ef3719a6e81 |
| SHA512 | 5b84ca0255689297b3975ba4e7a0b1a618692541d84a8111f2ffe833162829b50d22d85a3c2882a9a27e94358e9abc01efc69fc167e969726d61aeb641e1724d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 39a8f2acb5e8218cf0ead3859c2ff4f2 |
| SHA1 | 9e078ab7a70b7f0c449126268bd23e942e5bd33c |
| SHA256 | 175a4807ccc76129a8636939915e6894a88c80bf04daa2450efe58a0c48f320b |
| SHA512 | 48ded8594146bcfe45bea58c408e724a620163da89baf6f3428c8c3ec10ea81d56b95619bdb216a73357ceba8ceecbb4dce8efc5e813c5655382f1d3792673c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4119fbfab54fdb46bcc5ae429c549767 |
| SHA1 | 818319aa1cc7cb3a04b30d3d48b8f8928434df11 |
| SHA256 | 629b16fd77ea1d5d103197c1cc164e83dde0c2d8cfc2eeeb8173f6c50ade291b |
| SHA512 | a227ffd1f314c72fe8d02ed81abd8cc3821ab651c1edfdafa7756dede9b2f355d57a3bbe487a2aceb617da976e8d177de958fb3bd6c54c0d643c5e37e93e0d19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ea4b33227186b5551a7008c653cf8c1 |
| SHA1 | 790119ce0f61fc07d46b707b75802083a934e2c2 |
| SHA256 | 581618ee938d4850e49da6758a30447098d8bb2b30326ccd0b03c9826cfc486f |
| SHA512 | a99e228b7aa9c71428cfc85b988520b9079a8674a519d128d2a44bacb5e3da91254ea8310fec99c633ecf66ddfc932132ee172cd491afbfeca90b163bebca5e6 |
C:\Users\Admin\Downloads\Unconfirmed 263328.crdownload
| MD5 | 4a4a6d26e6c8a7df0779b00a42240e7b |
| SHA1 | 8072bada086040e07fa46ce8c12bf7c453c0e286 |
| SHA256 | 7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02 |
| SHA512 | c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ecaa2857d0ff8ad0d6b7bfb21e11ac6 |
| SHA1 | a7a104094dc64523b15b11371ced3c1c556cafcf |
| SHA256 | 763c2d1011942baf42506c549687ff4c3dda7d22072c92c5cba25acee2b52005 |
| SHA512 | a4ee1313efea97634b55ab53a41fedb3ce9bcfbc8543890b7efa3939f63a42146c863de871d01ccbeffd50674ccab66c53cb21fadd21c3109a74c1e1c5a37e1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20ea0955d60ad07f497e2dc0070b2c84 |
| SHA1 | 766e1a7563734f9784a372bc86ad7b965c8cd3c4 |
| SHA256 | 6d1c874e0d4d84ab68c6a2e2cebe3b67579dc24c277f95b2ebc172fa284dd74b |
| SHA512 | e70d05e59b4d4b282c2a97b35b6f678121e0179b407d7f9d1e41c7cf3cec5acd8195d2d0dc8afae4037703f99cd94cb00504be1e2a59996585c8011107081a06 |
memory/2452-2926-0x0000000000400000-0x0000000000407200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 52515f71908bd69a1430a683509a7a8a |
| SHA1 | d5d5d20175f5a30df05b197ecb0b6711a57ac28b |
| SHA256 | da9f0160601757db8cf40329ea63073492820b4c8a11de439774dfb967e00eee |
| SHA512 | f7e385b9e89d6bd676f44ee7ba8ae87d77b369a98703c0f6ca95b0b891358ac9dd3e78983ccee2cf8590a094a325996364241766b4135ae05bc9fb6f68bf2f27 |
C:\Users\Admin\AppData\Roaming\US967-65XET-XTZTX-HTETX.KEY
| MD5 | fc19a4a23072ddafb4f68f6b77246d18 |
| SHA1 | 4245b1373eaa2d43e30977ba4991fa4f50777bcf |
| SHA256 | 0e1de2c95f92369eae509a6ea077653e4c282058d5ef99fe5ef144744dad29f5 |
| SHA512 | b213c70596d055e855af6adf6f634e61667cda05b4572965e64ccccb00e26b280682ca9e4864d05351b3ae1ee863abc55f0e82f6052d7b9bbeb65fa434b8e1a5 |
C:\US967-65XET-XTZTX-HTETX.HTML
| MD5 | 8fc2f396cf2780a5aec6da4880a3b275 |
| SHA1 | 4ecd0b3dadf9a8bad2dab326e8c838eb907751d9 |
| SHA256 | b03751426a647234ef5b980d2c696930c9d18d956f8cb356cd86d5ff288b906a |
| SHA512 | 6a5ec7cc863540f2a61068c375f4c8d4f786d3e62f8d7786250c7b02262384f59aa3886855d5009440ec6bd9824dc20dd300e2ea33f4ab99035a563900fd229f |
C:\Users\Admin\AppData\Roaming\US967-65XET-XTZTX-HTETX.LST
| MD5 | c6ea285678a87f02ba2fa5d9c4cff90e |
| SHA1 | bececcb11ff072933e801bcc5ae136806a827b9c |
| SHA256 | e3eeeef4fb038e44b33a93cba5c4445f5f18404f18be29f3b5c879b4edd02ae3 |
| SHA512 | b0aca7cc6ef1ef0938b3f744dac6f6d806b60c75d92c8b0f4a1df1f3e54fa0674706acedd9156036a71e5f790cb468f23e6f70cbcceb85a3638aea4a794d11b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 219c16dd953034bbb9e7a486688f3344 |
| SHA1 | 78c91c638b8e451340c1f1d98caf607f60888546 |
| SHA256 | 5c4215eaa04a9796a74582b80bc0450c56b6e7c7dcd508136d615c0bc2cb212a |
| SHA512 | dedfa27a9f68d7c4d01b5dcc93e753949b2897faaa8e978aec1b5811581cbb39150d8cbb3472a69c79dc767abc6a53dfc27c1c770dc30962777dc92ad5164028 |
C:\28eb45fa-7ecf-3f5e-17a3-f4caf2c67a35.exe:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af982c6056288d18ce6863470de9cd2e |
| SHA1 | 101d53586131666a8f2225dee4b1de2406918e59 |
| SHA256 | d0be74fbbe3a3b7007eb98b1e1a1b0f642fa46b8b07dd420f8edcbdea530e740 |
| SHA512 | b249cb6d01d2479c8ad2158cdfd3fa12138ad3eeee35526130f24254c08e3e4463ca432d33e866f6539df416247860b09cb6b952e8fcfb44f1480c6cccfe16fa |
memory/2452-3073-0x0000000000400000-0x0000000000407200-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 819471.crdownload
| MD5 | 46bfd4f1d581d7c0121d2b19a005d3df |
| SHA1 | 5b063298bbd1670b4d39e1baef67f854b8dcba9d |
| SHA256 | 683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96 |
| SHA512 | b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b448735e6a4874dea646fb822c575a9d |
| SHA1 | e71d1a0fc6b497a2a4e334b854080c95a5fd04d1 |
| SHA256 | feede2ae6afbc2b4112dd951945a738131067ce99fe9cd2a9fd815b0eaf8c865 |
| SHA512 | 3dc9435f8378c0f8f7253a138006e5c0a63381701cf56c3969235c3cece7ef37cdf04a527acddd016bb49a4fc838f691ac2e83b5e52a6abf828b93bebe3b28be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09bd42edbeff12b4a9a59498560ff3f4 |
| SHA1 | 45651c3ed070f693656842dd470ad14746c9bf33 |
| SHA256 | 9623ed8716abc6346803919d899687aa94730e06c0b1ce059649726811c3d539 |
| SHA512 | b4113d63cc093394bdce445b1cadb19cc924eaf2b8bf9588f2bb20a57af7ecb53de8899f52af36031780bd204a14b74fc241383173e8083f5261a38719c1f7c2 |
memory/5528-3165-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5528-3166-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5528-3168-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5528-3169-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4728-3202-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d195bacffd6b67cc17325bec8396a828 |
| SHA1 | 4f2a80c47655a9057efa71451d67378f3848c417 |
| SHA256 | 67dc9577735403decd8021eaee1cd69d246e511bb0b097e82b1744b83027a5c4 |
| SHA512 | 224d7e837f377a2ddde6b37ffc7d9a9a1c9827c90cc7afe8e322291bc9bf25571594be7552cb43db90c90d0caa69fabd1ff5f0a11e2eb94c2f8e2c3a0b369a04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ffbb00fb747b7175fbb6a3628c29751 |
| SHA1 | a9da60acbef727fac67d17b351b796efc88b673b |
| SHA256 | 804ebf5a25b6f47bcfdb4fddeeb54aea2073b99b25962c645867fa4d5f612555 |
| SHA512 | 05646e387b9e7388e924be917b05c9b198d04e0aa8facf7e01737f40b01dd67d9f5634d178e6bc342d5eda5c5af80b734690c097b4480690a972c0b7c75974ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35883c33a43b800284a5a6e316d82095 |
| SHA1 | 7e99a885dbbf4709f231079b207e1c505614994f |
| SHA256 | bda7887962669280d16a25a57760d67c5ab082c4cbecddfcddcb66cdc3aed87a |
| SHA512 | efc6c082a017c64c991bd677c29f6ba0350274a0848caa9a4db547f4c1705fd45e01be5558d55805aae2e8ae405fcf5b5220b99490eaef3367c1613432ab2ae8 |
memory/3772-3280-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3281-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3282-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3292-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3290-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3291-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3289-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3288-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3287-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
memory/3772-3286-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02cbc1bce2c1c9e841002af9b44f44d7 |
| SHA1 | 3297d965a892f13424ce04b32d56146cad7eee8e |
| SHA256 | f86426b2153b72b18f5a834ac34c00f551a1faeedaf864deb7203a3e7e6186e9 |
| SHA512 | a98d47abb95efdd708b6b412840c7e68e75eb01673b9be23ea0524c55b9566084085b6603a9915f3f80bf589f59204ac368b0350f61c25f918474e2eb3f8df46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e141fc68444af3e863ce613ab8ce251 |
| SHA1 | 7dfc99d0750414068316fc700da2fd24fa10c3cf |
| SHA256 | 0022766f92b6621f0fee2e22c9f0ddb3defabf7132d083b0d2024ba2a6d81f2c |
| SHA512 | c39f80d6b2bcd54ad9cb3be783f0097e81e54842b18cb0085ed8be6d60cfda41a706e517df93bb0433c288dd4ee072b9152958d3e5fe53d179ca65706f166323 |
C:\Users\Admin\Downloads\Unconfirmed 139218.crdownload
| MD5 | 2f8f6e90ca211d7ef5f6cf3c995a40e7 |
| SHA1 | f8940f280c81273b11a20d4bfb43715155f6e122 |
| SHA256 | 1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6 |
| SHA512 | 2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8 |
memory/5292-3373-0x0000000000400000-0x0000000000441000-memory.dmp
memory/5292-3374-0x0000000000400000-0x0000000000441000-memory.dmp
memory/5292-3375-0x0000000000400000-0x0000000000441000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6927e73b3149eee23343a075c7925289 |
| SHA1 | 0ad9f05c9efb39976d4e2e677bb60a68338ae76d |
| SHA256 | d9f6f2773e0914920bdac7b552689bc8dd8e550112db494615c8a3236c8a612b |
| SHA512 | 56e681b5452969adbc5025bba3cb79e767e71bcccaefdc41a09a078e36e81ec790944be1a7b7d7af48be05ea1e40308a0185ade4289999e883dd9ce3159429d6 |
memory/5292-3385-0x0000000000400000-0x0000000000441000-memory.dmp
memory/5292-3387-0x0000000000400000-0x0000000000441000-memory.dmp
memory/5292-3388-0x0000000000400000-0x0000000000441000-memory.dmp