Malware Analysis Report

2025-01-18 16:06

Sample ID 241209-s8prqsxnhk
Target https://gofile.io/d/Ioc7Rs
Tags
crimsonrat dharma revengerat aspackv2 credential_access defense_evasion discovery execution impact macro macro_on_action motw persistence phishing ransomware rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://gofile.io/d/Ioc7Rs was found to be: Known bad.

Malicious Activity Summary

crimsonrat dharma revengerat aspackv2 credential_access defense_evasion discovery execution impact macro macro_on_action motw persistence phishing ransomware rat spyware stealer trojan

Crimsonrat family

Revengerat family

CrimsonRAT main payload

RevengeRAT

Dharma

Dharma family

CrimsonRat

Deletes shadow copies

RevengeRat Executable

Renames multiple (559) files with added filename extension

Office macro that triggers on suspicious action

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: triixy_foxy_640.gif@webp

A potential corporate email address has been identified in the URL: phoebewilss_640.gif@webp

A potential corporate email address has been identified in the URL: cassiejays_640.gif@webp

A potential corporate email address has been identified in the URL: gianafantini_640.gif@webp

A potential corporate email address has been identified in the URL: lilitmorningstar_640.gif@webp

A potential corporate email address has been identified in the URL: hannalopa_640.gif@webp

A potential corporate email address has been identified in the URL: parisrosee_640.gif@webp

A potential corporate email address has been identified in the URL: sarawalsh1_640.gif@webp

A potential corporate email address has been identified in the URL: chloesmith_640.gif@webp

A potential corporate email address has been identified in the URL: emilystockman_640.gif@webp

A potential corporate email address has been identified in the URL: airikimura_640.gif@webp

A potential corporate email address has been identified in the URL: alanahell_640.gif@webp

A potential corporate email address has been identified in the URL: luzbella_640.gif@webp

Uses the VBS compiler for execution

A potential corporate email address has been identified in the URL: darinalee_640.gif@webp

A potential corporate email address has been identified in the URL: asshantiy_640.gif@webp

A potential corporate email address has been identified in the URL: mileyms_640.gif@webp

A potential corporate email address has been identified in the URL: abby509_640.gif@webp

A potential corporate email address has been identified in the URL: duckyisone_640.gif@webp

A potential corporate email address has been identified in the URL: miapey_640.gif@webp

ASPack v2.12-2.42

A potential corporate email address has been identified in the URL: airafoster_640.gif@webp

A potential corporate email address has been identified in the URL: nicole_anyston_640.gif@webp

A potential corporate email address has been identified in the URL: millieveronic777_640.gif@webp

A potential corporate email address has been identified in the URL: alicericci_640.gif@webp

A potential corporate email address has been identified in the URL: mia_valeria_640.gif@webp

A potential corporate email address has been identified in the URL: larak_640.gif@webp

A potential corporate email address has been identified in the URL: milabliss_640.gif@webp

A potential corporate email address has been identified in the URL: monicaxrousey_640.gif@webp

Credentials from Password Stores: Windows Credential Manager

A potential corporate email address has been identified in the URL: honeybunnyy_640.gif@webp

A potential corporate email address has been identified in the URL: kittyblosson_640.gif@webp

A potential corporate email address has been identified in the URL: penelope_perez_640.gif@webp

A potential corporate email address has been identified in the URL: bellacoleman_640.gif@webp

A potential corporate email address has been identified in the URL: roserose_640.gif@webp

A potential corporate email address has been identified in the URL: zelesttewest1_640.gif@webp

A potential corporate email address has been identified in the URL: abrill_hot2_640.gif@webp

A potential corporate email address has been identified in the URL: aniaharris_640.gif@webp

A potential corporate email address has been identified in the URL: silvanarosee_640.gif@webp

A potential corporate email address has been identified in the URL: katewright1_640.gif@webp

Executes dropped EXE

Loads dropped DLL

A potential corporate email address has been identified in the URL: lauraagredo_640.gif@webp

A potential corporate email address has been identified in the URL: carlotaevany_640.gif@webp

A potential corporate email address has been identified in the URL: valkaliv_640.gif@webp

A potential corporate email address has been identified in the URL: zofia_zozo_640.gif@webp

A potential corporate email address has been identified in the URL: ciararose_640.gif@webp

A potential corporate email address has been identified in the URL: username=xgntkc7jb42hgcvk&password=sdadasdas22&[email protected]&firstname=gaber&lastname=lackson&zip=20710&country=US&state=MD&optionId=258&cascade=20&paytpl=2&

A potential corporate email address has been identified in the URL: marian_giselle_640.gif@webp

Checks computer location settings

Drops startup file

Reads user/profile data of web browsers

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: katiegrey_640.gif@webp

A potential corporate email address has been identified in the URL: krissdelrey_640.gif@webp

A potential corporate email address has been identified in the URL: miamia_640.gif@webp

A potential corporate email address has been identified in the URL: jessica_carter_1_640.gif@webp

A potential corporate email address has been identified in the URL: sophiegomez21_640.gif@webp

A potential corporate email address has been identified in the URL: alexahash_640.gif@webp

A potential corporate email address has been identified in the URL: helenrouse_640.gif@webp

A potential corporate email address has been identified in the URL: belacarter_640.gif@webp

A potential corporate email address has been identified in the URL: brianamontiel_640.gif@webp

A potential corporate email address has been identified in the URL: megganwin_640.gif@webp

Drops desktop.ini file(s)

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Drops file in System32 directory

Suspicious use of SetThreadContext

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Scheduled Task/Job: Scheduled Task

Uses Volume Shadow Copy service COM API

NTFS ADS

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Interacts with shadow copies

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-09 15:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-09 15:47

Reported

2024-12-09 16:12

Platform

win10v2004-20241007-en

Max time kernel

1432s

Max time network

1433s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/Ioc7Rs

Signatures

CrimsonRAT main payload

Description Indicator Process Target
N/A N/A N/A N/A

CrimsonRat

rat crimsonrat

Crimsonrat family

crimsonrat

Dharma

ransomware dharma

Dharma family

dharma

RevengeRAT

trojan revengerat

Revengerat family

revengerat

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (559) files with added filename extension

ransomware

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A

A potential corporate email address has been identified in the URL: abby509_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: abrill_hot2_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: airafoster_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: airikimura_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: alanahell_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: alexahash_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: alicericci_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: aniaharris_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: asshantiy_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: belacarter_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: bellacoleman_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: brianamontiel_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: carlotaevany_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: cassiejays_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: chloesmith_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: ciararose_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: darinalee_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: duckyisone_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: emilystockman_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: gianafantini_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: hannalopa_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: helenrouse_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: honeybunnyy_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: jessica_carter_1_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: katewright1_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: katiegrey_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: kittyblosson_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: krissdelrey_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: larak_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: lauraagredo_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: lilitmorningstar_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: luzbella_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: marian_giselle_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: megganwin_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: mia_valeria_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: miamia_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: miapey_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: milabliss_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: mileyms_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: millieveronic777_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: monicaxrousey_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: nicole_anyston_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: parisrosee_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: penelope_perez_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: phoebewilss_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: roserose_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: sarawalsh1_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: silvanarosee_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: sophiegomez21_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: triixy_foxy_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: username=xgntkc7jb42hgcvk&password=sdadasdas22&[email protected]&firstname=gaber&lastname=lackson&zip=20710&country=US&state=MD&optionId=258&cascade=20&paytpl=2&

phishing

A potential corporate email address has been identified in the URL: valkaliv_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: zelesttewest1_640.gif@webp

phishing

A potential corporate email address has been identified in the URL: zofia_zozo_640.gif@webp

phishing

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\CrimsonRAT.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\CrimsonRAT.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Reads user/profile data of web browsers

spyware stealer

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe" C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\svchost\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification F:\svchost\$RECYCLE.BIN\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\$RECYCLE.BIN\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\k: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\z: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\r: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\x: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\y: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\j: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\w: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\w: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\y: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\r: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\p: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\i: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\q: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\y: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\b: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\t: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\x: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\n: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\m: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\o: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\g: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\r: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\v: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\v: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\b: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\t: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\u: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\u: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\z: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\s: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\h: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\g: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\j: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\l: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\w: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\h: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\m: C:\Users\Admin\Downloads\Cerber5.exe N/A
File opened (read-only) \??\e: C:\Users\Admin\Downloads\Cerber5.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\process.logs C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe N/A
File opened for modification C:\Windows\system32\process.logs C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe N/A
File created C:\Windows\System32\CoronaVirus.exe C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Windows\System32\Info.hta C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5844 set thread context of 7020 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 7020 set thread context of 5196 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 7036 set thread context of 6008 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6008 set thread context of 7032 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6232 set thread context of 6184 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6184 set thread context of 2504 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6252 set thread context of 6212 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6212 set thread context of 4136 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5176 set thread context of 5904 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5904 set thread context of 6328 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 21364 set thread context of 21436 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 21436 set thread context of 21520 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\resources.pri C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestsRunningInCleanRunspace.Tests.ps1 C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\TEMPSITC.TTF.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Diagnostics.Tracing.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fi-fi\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_kn.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\DenyClear.jfif.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\vi.pak.DATA C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-100.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fil_get.svg.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\selector.js.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons2x.png.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations_retina.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\New_Skins.url.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\LockInvoke.ogg.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\PSReadline.psm1 C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-125.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msolap_xl.dll.id-924DB93A.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\{9F67512C-EE99-4E82-8794-C5913C5FACEE}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Hydra.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ScreenScrew.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Cerber5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "3" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 346058.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 928573.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\svchost\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 695658.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\svchost\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 725821.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Temp\{9F67512C-EE99-4E82-8794-C5913C5FACEE}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 842892.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 936122.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 756422.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 114159.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4792 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/Ioc7Rs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5fa846f8,0x7ffc5fa84708,0x7ffc5fa84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c color C

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AC6B14831204048D9723B6C347D7B276 C

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7236 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x384 0x324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=7948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8360 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c color C

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c start https://temp-mail.org/en/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://temp-mail.org/en/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc5fa846f8,0x7ffc5fa84708,0x7ffc5fa84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9516 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=932 /prefetch:8

C:\Users\Admin\Downloads\Hydra.exe

"C:\Users\Admin\Downloads\Hydra.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12108 /prefetch:8

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12400 /prefetch:8

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\ScreenScrew.exe

"C:\Users\Admin\Downloads\ScreenScrew.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12164 /prefetch:8

C:\Users\Admin\Downloads\CrimsonRAT.exe

"C:\Users\Admin\Downloads\CrimsonRAT.exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Users\Admin\Downloads\CrimsonRAT.exe

"C:\Users\Admin\Downloads\CrimsonRAT.exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12504 /prefetch:8

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7964 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\oeotd-hp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF9A1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8ADA07BD4F24089A41CFCDC898B352.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cmhrwqta.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA9B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCA4A70A94E724E8F956FC997D5E52F35.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\z3dg8ml4.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB47.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc722262007E924E1A93726D5A77FF768.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wgezpib6.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC12.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8391DBEBDC534676B8C285A678FAEA9C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_fot2j47.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFCDD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9A1DCB6171B047C69887FFE899C0C4.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yqxk-y34.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDA8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8E575B657A9A4219BF881D198E53B28.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rif-wpna.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE44.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA7BD82F1240741FC81943ABB1888465.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\93egl6se.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFEE1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDECC0CFCE7A4AB1B3849AA2D1BB9CF9.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8668 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5rqrqim7.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc82A955AC10AA409FBB12E5DDD81F5644.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nbcnxd9p.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1A0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc37B324672F0F4ED59A1E8B413C7BF9E.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mffph0du.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES26B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3F7B47DD8DFB4600BF3E4984492B346B.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jj66xpfc.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES317.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc330FD460FD404A3DA5C5FB8CE59DB6EE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gt7mey3s.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDDDC12AC226345BE9F4D4F0D244F927.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\789uihy8.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc93926F37E8864E588A5F5C157DF6E5B9.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ftv6yzgb.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4FB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc11DF4AB3DBCF4129907AE761C33A7455.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\omujswou.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5C6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9E21375F1BA64810B7E6A446B9EF32ED.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jjuuts6z.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES662.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEA8A98A5832B4027B149E73671A3C91.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\iksj0efd.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6FF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc333C57A3DD6A4F7EB89A518E2D7F8B36.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uwnieupz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc85B82FCC423645EAA6AD81BAC2185847.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dualjn-n.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES866.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1B824549B5B74B3497EEB76B886AA470.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hsdgxsjj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES931.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc144CC80BBFE94DA8B39B19404DFA4C95.TMP"

C:\Users\Admin\Downloads\Cerber5.exe

"C:\Users\Admin\Downloads\Cerber5.exe"

C:\Users\Admin\Downloads\Cerber5.exe

"C:\Users\Admin\Downloads\Cerber5.exe"

C:\Users\Admin\Downloads\Cerber5.exe

"C:\Users\Admin\Downloads\Cerber5.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\mode.com

mode con cp select=1251

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\whcjydsw.cmdline"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD5D8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc414E9F982BA04893B03EEBBC53979BC3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tks100ld.cmdline"

C:\Windows\System32\mshta.exe

"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"

C:\Windows\System32\mshta.exe

"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc63DA6B44FDC94AC2B98A29BC5E9A422.TMP"

C:\Windows\system32\mode.com

mode con cp select=1251

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zpb6ntob.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_5a8novm.cmdline"

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\doac1ztx.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1070.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6711D9E7209D4FE385CCE146D42186DA.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c99fumqq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES12A2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA9A470B471CA4E95B0D0CCA4F7104FE3.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12500 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mlhr8txe.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1439.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4E3D4C4A473A49A4BCD7C21533ED2A0.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uhoyu8pw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES14E4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB95DE8AD696B47DFABD6C8E9EFBB4A67.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_shkxhvo.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1571.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc467AF782B17843E8B5D1F3BEF2F7490.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ocd6rw5t.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES161D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC2495595ADF42B79923C11DCD713B88.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6aevkzjd.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1736.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBB954356E4C74C7781A54ADBA35A7FB2.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\np7ax9jg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1801.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB21935A4C8364565B16E3291949B891.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j6h7d2bp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES190B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcABC1113ED3A84DEAB22EE84C12273B3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\utaehumk.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES19E6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCDA084B8A6B24FBFB13C8E548AE2E077.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\z-cqa4xw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1AA1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7A2E2DF4F0294D2D97873470EB37B242.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kosxp6pr.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B4D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc552E7A0F8B8546EC904B534E2556C3D0.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2fpmckzz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BF9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD5137AF16E774007BF4D1EB57291FBBC.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\offxv9na.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1CC4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc327F31BA3F3B4E05A0AA66163A579CFA.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pf55qjvp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D80.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1757B26C68984D20A4C3E38BEA18192.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6mkdeuu8.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E4B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc812A94D4BAE74CB5949B3EA4A884FD1.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bnyny-pi.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1EF7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE7FA8363803412FA9DE5F2FBCA7CB5.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\06vh0aeg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES201F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDABB33FBB20548E399124026BFB4FDA.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tkwybmdg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2119.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc94F125493AA64BD4992BAEE6B3EED9.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\eehhyykx.cmdline"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\7fcf48781aaa410a8d97667ab42a6000 /t 8916 /p 8892

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\28f67f7fee2b4aa995787b254a711348 /t 8884 /p 8728

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 cold-eu-mad-1.gofile.io udp
US 23.142.26.218:443 cold-eu-mad-1.gofile.io tcp
US 23.142.26.218:443 cold-eu-mad-1.gofile.io tcp
US 8.8.8.8:53 218.26.142.23.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 95.100.195.132:443 www.bing.com tcp
US 95.100.195.132:443 www.bing.com tcp
US 8.8.8.8:53 132.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.139:443 th.bing.com tcp
US 95.100.195.139:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 8.8.8.8:53 189.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 139.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 www.babylon-software.com udp
US 174.138.88.129:443 www.babylon-software.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
US 8.8.8.8:53 129.88.138.174.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 edge.marker.io udp
US 104.26.14.104:443 edge.marker.io tcp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 api.marker.io udp
US 104.26.14.104:443 api.marker.io tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 174.138.88.129:443 www.babylon-software.com tcp
US 95.100.195.180:443 www.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 180.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 pornhub.com udp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.16:443 media.trafficjunky.net tcp
GB 64.210.156.21:443 media.trafficjunky.net tcp
US 8.8.8.8:53 23.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 21.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 ads.traffichunt.com udp
US 34.195.242.38:443 ads.traffichunt.com tcp
US 8.8.8.8:53 a.adtng.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 ht-cdn2.adtng.com udp
GB 64.210.156.23:443 ht-cdn2.adtng.com tcp
GB 64.210.156.23:443 ht-cdn2.adtng.com tcp
US 8.8.8.8:53 th-cdnv1.akamaized.net udp
GB 2.19.117.89:443 th-cdnv1.akamaized.net tcp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
GB 64.210.156.6:443 hw-cdn2.adtng.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.178.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 38.242.195.34.in-addr.arpa udp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 89.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 6.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 27.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
GB 172.217.169.3:443 www.google.co.uk tcp
US 8.8.8.8:53 ew.phncdn.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 155.167.233.64.in-addr.arpa udp
GB 64.210.156.23:443 ew.phncdn.com tcp
US 8.8.8.8:53 chaturbate.com udp
US 104.16.42.196:443 chaturbate.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 cdn1d-static-shared.phncdn.com udp
GB 64.210.156.23:443 cdn1d-static-shared.phncdn.com tcp
US 8.8.8.8:53 196.42.16.104.in-addr.arpa udp
US 8.8.8.8:53 web.static.mmcdn.com udp
US 104.16.92.18:443 web.static.mmcdn.com tcp
US 104.16.92.18:443 web.static.mmcdn.com tcp
US 104.16.92.18:443 web.static.mmcdn.com tcp
US 104.16.92.18:443 web.static.mmcdn.com tcp
US 104.16.92.18:443 web.static.mmcdn.com tcp
GB 64.210.156.23:443 cdn1d-static-shared.phncdn.com tcp
US 8.8.8.8:53 etahub.com udp
US 66.254.114.62:443 etahub.com tcp
US 8.8.8.8:53 evtubescms.phncdn.com udp
GB 64.210.156.4:443 evtubescms.phncdn.com tcp
US 104.16.92.18:443 web.static.mmcdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.92.16.104.in-addr.arpa udp
US 8.8.8.8:53 62.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 4.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 static-pub.highwebmedia.com udp
GB 142.250.187.196:443 www.google.com tcp
US 104.17.80.200:443 static-pub.highwebmedia.com tcp
US 8.8.8.8:53 ht-cdn.trafficjunky.net udp
GB 64.210.156.19:443 ht-cdn.trafficjunky.net tcp
US 8.8.8.8:53 pix-cdn77.trafficjunky.net udp
GB 89.187.167.20:443 pix-cdn77.trafficjunky.net tcp
GB 2.19.117.89:443 th-cdnv1.akamaized.net udp
GB 64.210.156.21:443 ht-cdn.trafficjunky.net tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.80.17.104.in-addr.arpa udp
US 8.8.8.8:53 19.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 20.167.187.89.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 jpeg.live.mmcdn.com udp
DE 131.153.88.86:443 jpeg.live.mmcdn.com tcp
US 8.8.8.8:53 86.88.153.131.in-addr.arpa udp
US 8.8.8.8:53 camo.mmcdn.com udp
US 8.8.8.8:53 edge1-sof.live.mmcdn.com udp
BG 131.153.94.31:443 edge1-sof.live.mmcdn.com tcp
US 8.8.8.8:53 nwr.static.mmcdn.com udp
US 162.247.243.39:443 nwr.static.mmcdn.com tcp
US 8.8.8.8:53 realtime.pa.highwebmedia.com udp
NL 18.239.18.92:443 realtime.pa.highwebmedia.com tcp
US 8.8.8.8:53 nwr.mmcdn.com udp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 8.8.8.8:53 31.94.153.131.in-addr.arpa udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.100:80 crt.rootg2.amazontrust.com tcp
NL 18.239.18.92:443 realtime.pa.highwebmedia.com tcp
US 8.8.8.8:53 92.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 100.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 cv-h.phncdn.com udp
US 152.195.34.118:443 cv-h.phncdn.com tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 118.34.195.152.in-addr.arpa udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.18:443 ei.phncdn.com tcp
US 8.8.8.8:53 18.156.210.64.in-addr.arpa udp
GB 64.210.156.18:443 ei.phncdn.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.3:443 www.google.co.uk udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 ads.traffichunt.com udp
GB 64.210.156.23:443 ei.phncdn.com tcp
US 50.19.94.201:443 ads.traffichunt.com tcp
US 50.19.94.201:443 ads.traffichunt.com tcp
US 8.8.8.8:53 pix-ht.trafficjunky.net udp
GB 64.210.156.20:443 pix-ht.trafficjunky.net tcp
US 8.8.8.8:53 th-cdnv1.akamaized.net udp
GB 2.19.117.89:443 th-cdnv1.akamaized.net udp
US 8.8.8.8:53 201.94.19.50.in-addr.arpa udp
US 8.8.8.8:53 20.156.210.64.in-addr.arpa udp
GB 64.210.156.18:443 pix-ht.trafficjunky.net tcp
US 8.8.8.8:53 edenai.go2cloud.org udp
IE 52.210.174.128:443 edenai.go2cloud.org tcp
IE 52.210.174.128:443 edenai.go2cloud.org tcp
US 8.8.8.8:53 lp2.edenai.world udp
US 104.18.10.109:443 lp2.edenai.world tcp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 109.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 api.ifriend.ai udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 accounts.google.com udp
US 57.144.120.1:443 www.facebook.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 57.144.120.128:443 connect.facebook.net tcp
US 95.100.195.175:443 api.ifriend.ai tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 216.239.38.181:443 analytics.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 95.100.195.175:443 api.ifriend.ai tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 delivery.consentmanager.net udp
US 8.8.8.8:53 175.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 1.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 128.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
DE 87.230.98.78:443 delivery.consentmanager.net tcp
US 8.8.8.8:53 c.delivery.consentmanager.net udp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 104.18.10.109:443 lp2.edenai.world tcp
US 57.144.120.128:443 connect.facebook.net tcp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
US 8.8.8.8:53 a.exoclick.com udp
US 8.8.8.8:53 syndication.exoclick.com udp
NL 95.211.229.247:443 syndication.exoclick.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 89.187.167.39:443 a.exoclick.com tcp
GB 64.210.156.0:443 hw-cdn2.adtng.com tcp
US 95.100.195.170:443 analytics.tiktok.com tcp
US 8.8.8.8:53 ssgtm.edenai.world udp
US 216.239.34.21:443 ssgtm.edenai.world tcp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 78.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 39.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 247.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 0.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 170.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 sync.atsptp.com udp
US 66.254.114.220:443 sync.atsptp.com tcp
US 57.144.120.1:443 www.facebook.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 13.107.21.237:443 c.bing.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 sync_events.atsptp.com udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 220.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 64.210.156.18:443 pix-ht.trafficjunky.net tcp
GB 64.210.156.23:443 pix-ht.trafficjunky.net tcp
GB 64.210.156.19:443 pix-ht.trafficjunky.net tcp
US 8.8.8.8:53 htl-cdn.adtng.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 ctrack.trafficjunky.net udp
US 66.254.114.154:443 ctrack.trafficjunky.net tcp
US 66.254.114.154:443 ctrack.trafficjunky.net tcp
US 8.8.8.8:53 154.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 trk.alibabatraffic.com udp
NO 54.240.174.120:443 trk.alibabatraffic.com tcp
US 8.8.8.8:53 trk.felistrk.com udp
NO 54.240.174.72:443 trk.felistrk.com tcp
NO 54.240.174.72:443 trk.felistrk.com tcp
US 8.8.8.8:53 www.ndj9sjld.com udp
US 34.117.88.169:443 www.ndj9sjld.com tcp
US 34.117.88.169:443 www.ndj9sjld.com tcp
US 8.8.8.8:53 flingunited.co.uk udp
US 34.111.196.6:443 flingunited.co.uk tcp
US 34.111.196.6:443 flingunited.co.uk udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 api.consentcollectors.com udp
GB 142.250.187.196:443 www.google.com udp
BE 35.195.163.35:443 api.consentcollectors.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 www.flingunited.co.uk udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 s.orbsrv.com udp
US 8.8.8.8:53 s.magsrv.com udp
US 8.8.8.8:53 ad.twinrdengine.com udp
US 8.8.8.8:53 s.opoxv.com udp
US 8.8.8.8:53 s.pemsrv.com udp
US 8.8.8.8:53 s.zlinkp.com udp
US 8.8.8.8:53 s.ds2gs4.com udp
US 8.8.8.8:53 syndication.realsrv.com udp
NL 95.211.229.248:443 syndication.realsrv.com tcp
NL 95.211.229.248:443 syndication.realsrv.com tcp
NL 95.211.229.248:443 syndication.realsrv.com tcp
DE 148.251.2.75:443 tsyndicate.com tcp
NL 95.211.229.248:443 syndication.realsrv.com tcp
US 34.111.67.216:443 ad.twinrdengine.com tcp
NL 95.211.229.245:443 s.ds2gs4.com tcp
NL 95.211.229.245:443 s.ds2gs4.com tcp
US 8.8.8.8:53 consentcollectors.com udp
NL 95.211.229.246:443 syndication.realsrv.com tcp
US 8.8.8.8:53 72.174.240.54.in-addr.arpa udp
US 8.8.8.8:53 169.88.117.34.in-addr.arpa udp
US 8.8.8.8:53 6.196.111.34.in-addr.arpa udp
US 8.8.8.8:53 120.174.240.54.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 35.163.195.35.in-addr.arpa udp
BE 35.195.163.35:443 consentcollectors.com tcp
BE 35.195.163.35:443 consentcollectors.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 216.67.111.34.in-addr.arpa udp
US 8.8.8.8:53 248.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 245.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 75.2.251.148.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 api.flingunited.co.uk udp
US 8.8.8.8:53 ads.traffichunt.com udp
US 8.8.8.8:53 ads.trafficircles.com udp
US 50.19.94.201:443 ads.trafficircles.com tcp
US 50.19.94.201:443 ads.trafficircles.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 basetraffichain.com udp
US 4.227.249.197:443 u.clarity.ms tcp
DE 168.119.149.123:443 basetraffichain.com tcp
US 8.8.8.8:53 cams.com udp
US 69.165.103.130:443 cams.com tcp
US 8.8.8.8:53 se11.securedataimages.com udp
US 8.8.8.8:53 img.securedataimages.com udp
US 8.8.8.8:53 gs1.wac.edgecastcdn.net udp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
US 192.229.233.94:443 img.securedataimages.com tcp
PL 93.184.220.44:443 gs1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 123.149.119.168.in-addr.arpa udp
US 8.8.8.8:53 130.103.165.69.in-addr.arpa udp
US 8.8.8.8:53 94.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 44.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 beta-api.cams.com udp
GB 142.250.187.196:443 www.google.com udp
US 69.165.103.130:443 beta-api.cams.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
GB 172.217.169.3:443 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 dynimages.securedataimages.com udp
US 8.8.8.8:53 sentry-new.cams.run udp
US 69.165.103.131:443 sentry-new.cams.run tcp
US 69.165.103.131:443 sentry-new.cams.run tcp
US 8.8.8.8:53 131.103.165.69.in-addr.arpa udp
US 95.100.195.182:443 www.bing.com tcp
US 95.100.195.182:443 www.bing.com tcp
US 8.8.8.8:53 182.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 95.100.195.191:443 th.bing.com tcp
US 95.100.195.178:443 r.bing.com tcp
US 95.100.195.178:443 r.bing.com tcp
US 95.100.195.191:443 th.bing.com tcp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 150.171.27.10:443 tse3.mm.bing.net tcp
US 8.8.8.8:53 191.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 178.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 www.porngames.tv udp
US 172.67.218.20:443 www.porngames.tv tcp
US 172.67.218.20:443 www.porngames.tv tcp
US 8.8.8.8:53 cdn.porngames.tv udp
US 8.8.8.8:53 cdn.usefathom.com udp
FR 143.244.56.57:443 cdn.porngames.tv tcp
FR 143.244.56.57:443 cdn.porngames.tv tcp
FR 143.244.56.57:443 cdn.porngames.tv tcp
FR 143.244.56.57:443 cdn.porngames.tv tcp
FR 143.244.56.57:443 cdn.porngames.tv tcp
FR 143.244.56.57:443 cdn.porngames.tv tcp
GB 143.244.38.136:443 cdn.usefathom.com tcp
US 8.8.8.8:53 20.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 57.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 live.trmzum.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
NL 46.166.186.6:443 live.trmzum.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
NL 46.166.186.6:443 live.trmzum.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 edge3-sof.live.mmcdn.com udp
BG 131.153.94.33:443 edge3-sof.live.mmcdn.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 6.186.166.46.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 33.94.153.131.in-addr.arpa udp
US 8.8.8.8:53 access-the-website.com udp
GB 108.138.217.58:443 access-the-website.com tcp
GB 108.138.217.58:443 access-the-website.com tcp
US 8.8.8.8:53 vrfuckdolls.tv udp
US 104.21.65.165:443 vrfuckdolls.tv tcp
US 8.8.8.8:53 wmccd.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
LU 93.93.51.189:443 wmccd.com tcp
LU 93.93.51.189:443 wmccd.com tcp
US 8.8.8.8:53 58.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 165.65.21.104.in-addr.arpa udp
US 104.19.230.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 mkt.solution.coupons udp
US 192.124.249.179:443 mkt.solution.coupons tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 pt-static2.ptwmstcnt.com udp
US 8.8.8.8:53 pt-static4.ptwmstcnt.com udp
US 8.8.8.8:53 pt-static3.ptwmstcnt.com udp
LU 93.93.51.200:443 pt-static3.ptwmstcnt.com tcp
LU 93.93.51.200:443 pt-static3.ptwmstcnt.com tcp
US 8.8.8.8:53 www.safelandr.com udp
LU 93.93.51.200:443 pt-static3.ptwmstcnt.com tcp
LU 93.93.51.200:443 pt-static3.ptwmstcnt.com tcp
US 15.197.129.109:443 www.safelandr.com tcp
US 8.8.8.8:53 189.51.93.93.in-addr.arpa udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 179.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 galleryn0.vcmdiawe.com udp
US 8.8.8.8:53 galleryn1.vcmdiawe.com udp
US 8.8.8.8:53 galleryn2.vcmdiawe.com udp
US 8.8.8.8:53 galleryn3.vcmdiawe.com udp
US 8.8.8.8:53 scripts.azshopp.com udp
US 8.8.8.8:53 cdn.solution.coupons udp
US 104.18.42.227:443 cdn.solution.coupons tcp
US 104.18.42.227:443 cdn.solution.coupons tcp
US 104.21.32.226:443 scripts.azshopp.com tcp
US 8.8.8.8:53 200.51.93.93.in-addr.arpa udp
US 8.8.8.8:53 109.129.197.15.in-addr.arpa udp
US 8.8.8.8:53 227.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.zrmtrm.com udp
GB 89.187.167.38:443 cdn.zrmtrm.com tcp
US 8.8.8.8:53 38.167.187.89.in-addr.arpa udp
LU 93.93.51.189:443 wmccd.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 edge28-ams.live.mmcdn.com udp
NL 131.153.86.96:443 edge28-ams.live.mmcdn.com tcp
US 8.8.8.8:53 96.86.153.131.in-addr.arpa udp
US 8.8.8.8:53 chaturbate.com udp
US 104.16.45.196:443 chaturbate.com tcp
US 8.8.8.8:53 196.45.16.104.in-addr.arpa udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 cdn.porngames.tv udp
FR 185.93.2.244:443 cdn.porngames.tv tcp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 104.16.45.196:443 chaturbate.com tcp
US 8.8.8.8:53 nwr.mmcdn.com udp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
NL 131.153.86.96:443 edge28-ams.live.mmcdn.com tcp
US 104.16.45.196:443 chaturbate.com tcp
US 69.165.103.130:443 beta-api.cams.com tcp
FR 185.93.2.244:443 cdn.porngames.tv tcp
US 8.8.8.8:53 access-the-website.com udp
GB 108.138.217.58:443 access-the-website.com tcp
US 8.8.8.8:53 interactivesexgames.tv udp
US 104.21.12.85:443 interactivesexgames.tv tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 85.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.67.218.20:443 www.porngames.tv tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
NL 46.166.186.6:443 live.trmzum.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.usefathom.com udp
GB 143.244.38.136:443 cdn.usefathom.com tcp
NL 46.166.186.6:443 live.trmzum.com tcp
NL 46.166.186.6:443 live.trmzum.com tcp
BG 131.153.94.33:443 edge3-sof.live.mmcdn.com tcp
US 8.8.8.8:53 fapdolls.com udp
US 104.21.72.250:443 fapdolls.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 162.247.243.35:443 nwr.mmcdn.com tcp
US 8.8.8.8:53 250.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 ssgtm.edenai.world udp
US 216.239.38.21:443 ssgtm.edenai.world tcp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.safelandr.com udp
US 15.197.129.109:443 www.safelandr.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.porngames.tv udp
US 8.8.8.8:53 access-the-website.com udp
US 8.8.8.8:53 static-pub.highwebmedia.com udp
US 104.18.239.194:443 static-pub.highwebmedia.com tcp
US 8.8.8.8:53 194.239.18.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.26.6.95:443 temp-mail.org tcp
US 104.26.6.95:443 temp-mail.org tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 172.64.149.8:443 cdn.paddle.com tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 web2.temp-mail.org udp
US 104.26.7.95:443 web2.temp-mail.org tcp
US 8.8.8.8:53 cdn.perfops.net udp
US 104.21.60.173:443 cdn.perfops.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 t.fullres.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 104.22.75.216:443 btloader.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
GB 159.65.211.77:443 t.fullres.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bt.dns-finder.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 172.67.134.120:443 bt.dns-finder.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
NL 18.238.243.114:443 config.aps.amazon-adsystem.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
NL 18.239.18.78:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 8.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.211.65.159.in-addr.arpa udp
US 8.8.8.8:53 95.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 173.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 135.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 114.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 78.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 rt.marphezis.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.18.27.216:443 ex.ingage.tech tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
NL 18.239.50.10:443 hb.yellowblue.io tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 18.239.88.34:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 c.4dex.io udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.18.27.216:443 ex.ingage.tech tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 240.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 216.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 10.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 34.88.239.18.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 253.22.99.167.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 9f4ead81d67291032c067453c42c582a.safeframe.googlesyndication.com udp
GB 172.217.169.1:443 9f4ead81d67291032c067453c42c582a.safeframe.googlesyndication.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 static.criteo.net udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 beacon-ams3.rubiconproject.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 8.8.8.8:53 s.update.rubiconproject.com udp
IE 3.255.235.138:443 s.update.rubiconproject.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
IE 3.255.235.138:443 s.update.rubiconproject.com tcp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 131.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 138.235.255.3.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 23.192.21.141:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 185.235.87.238:443 ag.gbc.criteo.com tcp
NL 185.235.87.114:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
NL 69.173.156.136:443 beacon-nf.rubiconproject.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 216.58.204.66:443 googleads4.g.doubleclick.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 141.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 238.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 114.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 136.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 104.18.22.145:443 cadmus.script.ac tcp
GB 216.58.204.66:443 googleads4.g.doubleclick.net udp
GB 216.58.204.70:443 s0.2mdn.net udp
DE 52.58.106.52:443 x9l5148zejl9rs77.test.resolver.perfops.net tcp
US 8.8.8.8:53 v1lfjqbav31k9to7.test.resolver.perfops.net udp
US 8.8.8.8:53 gisxn3rya52r6i1r.test.resolver.perfops.net udp
DE 52.59.104.159:443 gisxn3rya52r6i1r.test.resolver.perfops.net tcp
DE 52.58.106.52:443 v1lfjqbav31k9to7.test.resolver.perfops.net tcp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 52.106.58.52.in-addr.arpa udp
US 8.8.8.8:53 rum-cdn.perfops.net udp
US 172.67.198.235:443 rum-cdn.perfops.net tcp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 hb.trustedstack.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 23.192.20.32:443 contextual.media.net tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 23.192.25.42:443 ads.pubmatic.com tcp
GB 104.91.71.10:443 hb.trustedstack.com tcp
US 143.198.164.101:443 sync.cootlogix.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 sync.adkernel.com udp
US 151.101.65.108:443 acdn.adnxs.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 perfops2.byte-test.com udp
SG 101.47.95.100:443 perfops2.byte-test.com tcp
SG 101.47.95.100:443 perfops2.byte-test.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 159.104.59.52.in-addr.arpa udp
US 8.8.8.8:53 235.198.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.20.192.23.in-addr.arpa udp
US 8.8.8.8:53 42.25.192.23.in-addr.arpa udp
US 8.8.8.8:53 10.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 72.200.67.103.in-addr.arpa udp
US 8.8.8.8:53 101.164.198.143.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 44.196.65.202:443 api-2-0.spot.im tcp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.2.108.175:443 bc-sync.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 104.18.7.198:443 gum.aidemsrv.com tcp
NL 18.239.18.61:443 eu-west-1-cs-rtb.openwebmp.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 3.234.155.171:443 cs-server-s2s.yellowblue.io tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
GB 2.19.117.107:443 player.aniview.com tcp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
US 64.202.112.159:443 b1sync.zemanta.com tcp
US 64.202.112.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 34.1.237.34:443 csync.loopme.me tcp
US 3.219.79.107:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 sync-service.net udp
IE 34.248.74.5:443 ap.lijit.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 204.62.12.209:443 sync-service.net tcp
IE 99.80.11.107:443 jadserve.postrelease.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 100.95.47.101.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 202.65.196.44.in-addr.arpa udp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 61.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 224.236.55.162.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 171.155.234.3.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 107.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 116.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 34.237.1.34.in-addr.arpa udp
US 8.8.8.8:53 5.74.248.34.in-addr.arpa udp
US 8.8.8.8:53 djlzvy5xcvhxt.flashedgecdn.net udp
NL 18.239.94.122:443 djlzvy5xcvhxt.flashedgecdn.net tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 devnull.perfops.net udp
US 8.8.8.8:53 rum.perfops.cdb.cdn.orange.com udp
US 8.8.8.8:53 sync.aniview.com udp
FR 80.15.255.0:443 rum.perfops.cdb.cdn.orange.com tcp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 cpt96125.shopvoxpopulus.com udp
US 34.107.229.149:443 cpt96125.shopvoxpopulus.com tcp
US 8.8.8.8:53 perfops.gcorelabs.com udp
GB 93.123.11.62:443 perfops.gcorelabs.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 cdnperf-rum.cdnetworks.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 163.171.130.131:443 cdnperf-rum.cdnetworks.net tcp
US 8.8.8.8:53 107.79.219.3.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 122.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 0.255.15.80.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 149.229.107.34.in-addr.arpa udp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 131.130.171.163.in-addr.arpa udp
US 8.8.8.8:53 test-perfops.ldgslb.com udp
GB 38.175.44.17:443 test-perfops.ldgslb.com tcp
US 8.8.8.8:53 cdnperf.qwilt.com udp
US 84.201.209.98:443 cdnperf.qwilt.com tcp
US 8.8.8.8:53 perfops1.b-cdn.net udp
GB 143.244.38.136:443 perfops1.b-cdn.net tcp
US 8.8.8.8:53 proxy.canary.scrubbingcenter.com udp
US 156.154.243.138:443 proxy.canary.scrubbingcenter.com tcp
US 8.8.8.8:53 17.44.175.38.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 138.243.154.156.in-addr.arpa udp
US 8.8.8.8:53 test-perfops.haproxy.com udp
GB 104.152.117.107:443 test-perfops.haproxy.com tcp
US 8.8.8.8:53 perfops-cds.s.llnwi.net udp
GB 178.79.229.21:443 perfops-cds.s.llnwi.net tcp
US 8.8.8.8:53 perfops-ic-b5d7b000-0a73f3-a4x2.s.loris.llnwd.net udp
GB 178.79.231.15:443 perfops-ic-b5d7b000-0a73f3-a4x2.s.loris.llnwd.net tcp
US 8.8.8.8:53 ovh-cdn.perfops.io udp
FR 46.105.200.68:443 ovh-cdn.perfops.io tcp
US 8.8.8.8:53 eo-static-perfops.qcloudcdn.com udp
GB 43.132.64.190:443 eo-static-perfops.qcloudcdn.com tcp
US 8.8.8.8:53 107.117.152.104.in-addr.arpa udp
US 8.8.8.8:53 21.229.79.178.in-addr.arpa udp
US 8.8.8.8:53 15.231.79.178.in-addr.arpa udp
US 8.8.8.8:53 68.200.105.46.in-addr.arpa udp
US 8.8.8.8:53 190.64.132.43.in-addr.arpa udp
US 8.8.8.8:53 perf.qinglanbaseunicast.com udp
GB 79.133.176.172:443 perf.qinglanbaseunicast.com tcp
US 8.8.8.8:53 1596384882.rsc.cdn77.org udp
GB 89.187.167.39:443 1596384882.rsc.cdn77.org tcp
US 8.8.8.8:53 perfops.byte-test.com udp
GB 143.244.38.1:443 perfops.byte-test.com tcp
US 8.8.8.8:53 cdnperf-rum.quantil.com udp
US 8.8.8.8:53 172.176.133.79.in-addr.arpa udp
GB 174.35.118.91:443 cdnperf-rum.quantil.com tcp
US 8.8.8.8:53 medianova-cdnperf.mncdn.com udp
DE 31.3.2.84:443 medianova-cdnperf.mncdn.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 perfops.swiftycdn.net udp
GB 94.154.158.19:443 perfops.swiftycdn.net tcp
US 8.8.8.8:53 perfops-static.freetls.fastly.net udp
US 151.101.2.79:443 perfops-static.freetls.fastly.net tcp
US 8.8.8.8:53 akamai-cdn.perfops.io udp
US 8.8.8.8:53 1.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 91.118.35.174.in-addr.arpa udp
US 8.8.8.8:53 84.2.3.31.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 19.158.154.94.in-addr.arpa udp
US 8.8.8.8:53 79.2.101.151.in-addr.arpa udp
US 95.100.195.166:443 akamai-cdn.perfops.io tcp
US 8.8.8.8:53 medianova-cdnvperf.mncdn.com udp
RO 185.22.163.103:443 medianova-cdnvperf.mncdn.com tcp
US 8.8.8.8:53 test-perfops.blazingcdn.com udp
NL 188.240.13.1:443 test-perfops.blazingcdn.com tcp
US 8.8.8.8:53 166.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 103.163.22.185.in-addr.arpa udp
US 8.8.8.8:53 25748s.ha.azioncdn.net udp
GB 179.191.165.65:443 25748s.ha.azioncdn.net tcp
US 8.8.8.8:53 ultrawaf.canary.scrubbingcenter.com udp
US 156.154.120.124:443 ultrawaf.canary.scrubbingcenter.com tcp
US 8.8.8.8:53 test-perfops.idevops.suijinetworks.com udp
GB 193.118.32.53:443 test-perfops.idevops.suijinetworks.com tcp
US 8.8.8.8:53 1.13.240.188.in-addr.arpa udp
US 8.8.8.8:53 65.165.191.179.in-addr.arpa udp
US 8.8.8.8:53 124.120.154.156.in-addr.arpa udp
US 8.8.8.8:53 53.32.118.193.in-addr.arpa udp
US 8.8.8.8:53 d3888oxgux3fey.cloudfront.net udp
NL 108.156.60.81:443 d3888oxgux3fey.cloudfront.net tcp
US 8.8.8.8:53 cdnperf.cachefly.net udp
US 205.234.175.175:443 cdnperf.cachefly.net tcp
US 205.234.175.175:443 cdnperf.cachefly.net tcp
US 8.8.8.8:53 81.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 perfopsrum.akamaized.net udp
GB 88.221.134.131:443 perfopsrum.akamaized.net tcp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 131.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 perfops.r.worldssl.net udp
NL 50.7.24.82:443 perfops.r.worldssl.net tcp
US 8.8.8.8:53 media-edge.1e100cdn.net udp
US 34.104.36.46:443 media-edge.1e100cdn.net tcp
US 8.8.8.8:53 benchmark.1e100cdn.net udp
US 35.190.26.57:443 benchmark.1e100cdn.net tcp
US 8.8.8.8:53 82.24.7.50.in-addr.arpa udp
US 8.8.8.8:53 46.36.104.34.in-addr.arpa udp
US 8.8.8.8:53 57.26.190.35.in-addr.arpa udp
US 8.8.8.8:53 perfops.s.llnwi.net udp
GB 178.79.229.30:443 perfops.s.llnwi.net tcp
US 8.8.8.8:53 perfops-ic-b5d7b000-0a73f3-a4x.s.loris.llnwd.net udp
GB 178.79.231.33:443 perfops-ic-b5d7b000-0a73f3-a4x.s.loris.llnwd.net tcp
US 8.8.8.8:53 perfops.cloudflareperf.com udp
US 104.18.32.27:443 perfops.cloudflareperf.com tcp
FR 80.15.253.0:443 rum.perfops.mdb.cdn.orange.com tcp
US 8.8.8.8:53 30.229.79.178.in-addr.arpa udp
US 8.8.8.8:53 33.231.79.178.in-addr.arpa udp
US 8.8.8.8:53 27.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 0.253.15.80.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
FR 80.15.255.0:443 rum.perfops.cdb.cdn.orange.com tcp
GB 93.123.11.62:443 perfops.gcorelabs.com tcp
GB 104.152.117.107:443 test-perfops.haproxy.com tcp
FR 46.105.200.68:443 ovh-cdn.perfops.io tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
GB 179.191.165.65:443 25748s.ha.azioncdn.net tcp
GB 88.221.134.131:443 perfopsrum.akamaized.net udp
US 34.104.36.46:443 media-edge.1e100cdn.net udp
US 35.190.26.57:443 benchmark.1e100cdn.net udp
FR 80.15.253.0:443 rum.perfops.mdb.cdn.orange.com tcp
US 15.197.129.109:443 www.safelandr.com tcp
US 8.8.8.8:53 secure.customerlivehelp.com udp
US 76.223.3.158:443 secure.customerlivehelp.com tcp
US 76.223.3.158:443 secure.customerlivehelp.com tcp
US 8.8.8.8:53 158.3.223.76.in-addr.arpa udp
US 8.8.8.8:53 s.update.rubiconproject.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
IE 3.250.187.153:443 s.update.rubiconproject.com tcp
US 95.100.195.168:443 www.bing.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 153.187.250.3.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 roaming.officeapps.live.com udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 129.68.109.52.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
US 95.100.195.47:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.150:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 47.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 150.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 95.100.195.150:443 r.bing.com tcp
US 95.100.195.150:443 r.bing.com tcp
US 95.100.195.183:443 r.bing.com tcp
US 95.100.195.183:443 r.bing.com tcp
US 8.8.8.8:53 150.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 183.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.148:443 aefd.nelreports.net tcp
GB 2.19.117.148:443 aefd.nelreports.net tcp
US 8.8.8.8:53 148.117.19.2.in-addr.arpa udp
US 95.100.195.183:443 www.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 8.8.8.8:53 143.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
FR 185.136.161.124:6128 tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:6128 tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:8761 tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:8761 tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.135.250.11:19521 0.tcp.ngrok.io tcp
US 3.135.250.11:19521 0.tcp.ngrok.io tcp
US 3.135.250.11:19521 0.tcp.ngrok.io tcp
US 3.135.250.11:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:11614 tcp
US 3.135.250.11:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:11614 tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 8.8.8.8:53 edge28-ams.live.mmcdn.com udp
NL 131.153.86.96:443 edge28-ams.live.mmcdn.com tcp
NL 131.153.86.96:443 edge28-ams.live.mmcdn.com tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
GB 92.123.128.135:443 www.bing.com tcp
US 8.8.8.8:53 135.128.123.92.in-addr.arpa udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:15822 tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
FR 185.136.161.124:15822 tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_4792_MVGLFSFPJDVCINUD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c24f0ee4db5624205510af4c492286e
SHA1 531ab8d1dad137d3be7a7f5824a099c56b39fc34
SHA256 950a35b9de66e9ba6eb76f301613df7ad90eaa9c0f5db5a6e76eb601c307c03f
SHA512 6324229c71b3c9e588e7f232da9d568d097bac4284b3af81a1577fc126b6b5d6c47e23d76ca18972f280e72cb1209489aa1913976533976073012a3177546410

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8755b79057300b215625c89015c1497a
SHA1 db8041885a8797fcae648f970c44662f1b1db2b7
SHA256 789b80974f914b5483e79a47a06e331000432075dd8dc8134f63cbf3d5b3677e
SHA512 2a4b3c1825852999bd18c77c3155a8126341bc9aacb84edca8d078ba2bafcac76f04dd95fb20da93d6e37e9c6a79c613e836ea0745d418d7a3185a0cde91ed24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42629a89ca224b6cc8009beb42375472
SHA1 0b52b5e4f568c437bffc2ab3c6404ae1bed0d973
SHA256 fd9cd9ccc1a64a948ad7220bbc663e4fb694d0734707ae4bf8e5db24500f87bd
SHA512 04645aa211d1d6ddade940fbdc86595d6ce9ff8755b2256e3d117611739074a2677abde3928c869473b769deb262e2e06cd4c51ab8cfb87ce52a9c7f3f095382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20948dfa2d56e028ab9ee339979be78d
SHA1 20850d109094f309bbf6e45293c9e320dfd0831a
SHA256 8dbfee0a75a47b660f0cbbb270cbb34a9ce75a8281ed5a241323af25e51ff4df
SHA512 5bc311a74771b4d26e787c2322b36f862bf31c9cce9373e097c2f6f2443f04090c31d7e686d8bd7a5daa0a9f2cd369c677e950e77a4360af715be2f2e1cbc892

C:\Users\Admin\Downloads\HwidSpoof (1).zip

MD5 d1b872106ce934e038e40658f3661b8c
SHA1 139b53ad815068e160850350a5a082fdd837bc61
SHA256 d209888784d5eb5d16f73172a5f464cf4e4b024ce906c23aafb9cdb64f411e58
SHA512 d26079a5c9f5712c4926023aad2fc551b02b2feb62dedd4cd4f242826331db93f162533931cbcb130824280971ba94b87f12f288d92a947ec287d04c5c2a6c36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 597bb34d216a63a6d10044676135594e
SHA1 03834184c9f82bc9e61613a4b02b104727c32ada
SHA256 257735ffb82b5ef616db6289ee59222ebebd8de3aa70dd985a39cd7d6b17174f
SHA512 503d2ea2084e30790112703e1ca583f283fe8fd1ea2caa2e44e651a38b9b9beb6ebe90cef3f746258d526294d7c6bb0b7d23a19910b5b6186f24efe0b7fb94ae

C:\Users\Admin\AppData\Local\Temp\_MEI9242\ucrtbase.dll

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\Users\Admin\AppData\Local\Temp\_MEI9242\python312.dll

MD5 cae8fa4e7cb32da83acf655c2c39d9e1
SHA1 7a0055588a2d232be8c56791642cb0f5abbc71f8
SHA256 8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93
SHA512 db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

C:\Users\Admin\AppData\Local\Temp\_MEI9242\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI9242\base_library.zip

MD5 763d1a751c5d47212fbf0caea63f46f5
SHA1 845eaa1046a47b5cf376b3dbefcf7497af25f180
SHA256 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7
SHA512 bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

C:\Users\Admin\AppData\Local\Temp\_MEI9242\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI9242\_ctypes.pyd

MD5 c8afa1ebb28828e1115c110313d2a810
SHA1 1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a
SHA256 8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0
SHA512 4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-utility-l1-1-0.dll

MD5 4653da8959b7fe33d32e61e472507d54
SHA1 6d071b52f40dc609f40989b3dd0fb53124607df8
SHA256 b7e186a946119791e42f17e623732e23f864f98b592c41d95b3da0532ea9d5f3
SHA512 81e17cf4b64ed5efba191d35b1877384544557c3001efa0321a755a35413740ae66e39e39f573d3184ef8c893c739a74d37f170fe540f81177a83b44bc18ba6d

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-time-l1-1-0.dll

MD5 9bc895e2cc140e168fa55372fce8682b
SHA1 579d71e19331625dda84baa9d8b81dd3bafc9913
SHA256 287f80b2b330cc5f9fdf47de50b189993ce925b5e2b7a6da5cdaef9c7d5f36c1
SHA512 de0e5c6f9656106fcf2443d863d26c4b16bbb5b40e676199f9c459be02b4837a2d32bddda82543eb2e0bf14a27edea7f5d506914da8d63da77ed7ccd2204aa65

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-string-l1-1-0.dll

MD5 2e657fe299572eacdac67f4b9f603857
SHA1 eb4fbc0147d4df5d4ef81953bc1265d505a19297
SHA256 ec3c2bff10b9469ac9c6ed109307731a1a4694fb54856ddd082a2ffd3cc34df2
SHA512 ee3899584ecece342accbd73d681358cfe8b4fd2ed07cf3034b14f3d04e3b03e5d6d041a0afcb0b2b2b5afac118032317b5eca00d11f7703d9d0dae0e3ac38f7

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-stdio-l1-1-0.dll

MD5 4a3342bce6b58ef810e804f1c5915e40
SHA1 fe636cca0a57e92bb27e0f76075110981d3b3639
SHA256 2509179079a598b3e5dfd856d8e03e45de7379c628901dbd869ec4332ddb618c
SHA512 f0c626f88f016c17fa45ea62441dd862a9575666ec06734f61d8e153c5f46a016fe1d9271293a8e29afbd167f7a381e3ee04cb413736bc224ac31e0fe760341c

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-runtime-l1-1-0.dll

MD5 dc8bfceec3d20100f29fd4798415dc00
SHA1 bd4764be2833f40c1cc54229c759f83d67ae5294
SHA256 4950d0a97cb18971355247feccfd6f8ea24e46bca30f54540c050e4631ec57a8
SHA512 cc7899ad716a81af46d73b1cb8ded51aee9619f2accc35859e351fb8ee4f965f5bcc9adbb7353ca7a3c8e39d36c09481f66519cb173da1d2578718c764fb6fae

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-process-l1-1-0.dll

MD5 38d1c8d2aa2023d85aca69286d79fb78
SHA1 a97e806268dc4ee781ec2bfb654ed8bf91c2a83a
SHA256 381a09a63b5818a2499144adbd8c5f6bbcfce93d643e9920cc54485006fbcc48
SHA512 fc71441009ebe69dfbc04a791cb401306cb88f7bed5290cd899e234d290209917dc7fbd0d0d1a16ceb056858c77306b8ee5f3c17432f3594904b73b20162738e

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-math-l1-1-0.dll

MD5 a12569b252b6761a6330d2ffb6c2983b
SHA1 cc6bdb88b252144af816976a181d2b3b961ce389
SHA256 ab0de0cf89f88b947e01a5ab630d71384ad69f903cef063ccb10de54d061ea2e
SHA512 ee9cb0e2c613374348a34e4a65c83da8d35e6e841f50eed726ff397c7bb6ec430ed200b3b1a541041a91ebe5ae0c96270ee7b891c8c173b340c82abd2cdf8750

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-locale-l1-1-0.dll

MD5 78fc4a7e489f64ea5e0a745c12477fd8
SHA1 51ab73b5142ee2f742abdaedf427690613a19f4a
SHA256 c12c28e3391a8c8adcabe4632470de824118c56338f46fcd8b99257709f50604
SHA512 c9064ff0b39421b28720e65e70695a997995cbec80f1534d88b886bda1797a7316d9b61e458b894b528c7bce21c36f1d4acd916de96d0cdfde59107ea93cd5d7

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-heap-l1-1-0.dll

MD5 481282554b34e19c77978dc7888434e6
SHA1 bd33f1189fc79ac57716f9d030ef0bdd30205115
SHA256 8895c5ab2152a7f25f0c44a3457867229046952106d422331a1c57ad7935b47e
SHA512 fbe98fda91618dd980709babd8e56b8c4c4ff370e6de23075f89303aafffd723dddfd270f388c573914385e957add756bfe2b1fcef5f9f86cb30e111177a52e9

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 1fd59e1dd71eb3bdadb313029710dc33
SHA1 82f5de117d9c55247da873ab8ad23f4e07841366
SHA256 953e4403094ec0c3e8c3a9ab38012cc36d86ac5fe3fff2d6b6c5f51f75737c46
SHA512 69608ff0127587b93db86c8cb27a932fa4b550c7d8d908f9fb8579ba2bccc6d43e7283363f7b46dd39a40a8c790a030028a78302703658fd5d68f5ee9452a5aa

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-environment-l1-1-0.dll

MD5 4eeb879fceeae59927f98a1a199b59ca
SHA1 3bb833edf4c10b42b7b376b93644ccc7f9a4b0f8
SHA256 e1b95e27cad9da4f0bd8bf4c913f49b9b8da6d28303f2946b55da3bd7feb36a3
SHA512 6a43eb0c660395a60d17401e948bc4da010261197ea13b5c9e043e7ee93c30eb17efb9b6b138ecdd77ddc3d0caa98921b57bfc244f6cd554417a0fba5c9407b0

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-convert-l1-1-0.dll

MD5 55e742035343af7b93caeeb71d322bed
SHA1 121134dfeca618ec3fae3fb640e541141d0c7b65
SHA256 2364fa428deba813b8a27b369acea8ed365aa5c9da776d57e146576920746f0e
SHA512 601474b8c9185cb734df191f4382590f1466c0a32773e17c73afa5c1446dc648253d44e4ebad6ce0d29288afb1d7794c09ff0d7cfe81a3adc3dc26b3da46103d

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-conio-l1-1-0.dll

MD5 43760078912b411595bcded3b2eb063d
SHA1 bd00cd60fd094b87ab0cff30cd2afe0a78853f22
SHA256 0a9bcaa55326373200396bb1af46b3058f8f7af7be3289544dddbafdec420fea
SHA512 d779f67bbb6e9867bcef7667c28e0032c01f36b8ea418504e9683240a6c0d9640b24d1dc5fa78cc9dcc4515f7be0d314f27ebcebc047b2e0f71680905d87827b

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-util-l1-1-0.dll

MD5 85a8b925d50105db8250fa0878bb146e
SHA1 4b56d7eb81e0666e0cd047f9205584a97ce91a01
SHA256 f3324803591d2794bad583c71d5036976941631a5f0e6d67c71fc8ba29f30ba8
SHA512 cb074508052fafa8baa2e988e0f4241411a543e55a6a9fee915029c6aa87c93cce1f0b14fe0658361b6b4ab6880b31a950c215404c0d71d8a862d4e74ab3b797

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-timezone-l1-1-0.dll

MD5 953c63ef10ec30ef7c89a6f0f7074041
SHA1 4b4f1ff3085fded9dbd737f273585ad43175b0a3
SHA256 c93954167c12e15b58ac95240d2e0a2fbd94561d739d9f6aca906d9c30453496
SHA512 b4534785e4d02ad387e3c6082884d438cc4b3cd8758aabcf99620052f5842dbd298351bc1723c274d4f7d3fce0cc940df3d47865fece2f07cdb1151376ba852e

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 1f0ab051a3f210db40a8c5e813ba0428
SHA1 e2ec19439618df1d6f34ee7c76108e3ea90a8b14
SHA256 2d4cdda6d6aec0b1a84d84528380c5650683b8eed680f3cafd821ac7f422070c
SHA512 a8ba535580d6756ac30e725411980a8d17e9a8aa1229233bb7a9b15c55b18b61136772d5d75cce0edf21b0f300bbd4d2458a4c69762261e928ef3cb7d5a14bdd

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-synch-l1-2-0.dll

MD5 b865442fb6836a9b933a216109ff3d0f
SHA1 15011fcaea649ca016fa93996639f59c23b74106
SHA256 498194cfe8b1138385595a7db3863adf29a9663551d746fb64648ffd075186b3
SHA512 eeb9fa00a941c4b30320fbb9ecc2717e53d13cd12394500d795be742dbe25c5fdf8590e9fe7f3b210a9d9aa07c7392419823a6a947591e7a38707a87309a2b76

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-synch-l1-1-0.dll

MD5 2c4be18e4d56e056b3fb7c2afb032e9e
SHA1 9620c91a98175dddccc1f1af78393143249e9eb9
SHA256 56657da3db3877624f5dad3980df3235fe7e1038916627c0845b5001199d513f
SHA512 18cbb5671ed99b475c7f6ff2d41943ba6d28fbbd781884bf069d1aa83f051c00d61baa11459dcca4fe2a4bc26c3540e1f598e4e0ae59a5e18d340a68b695ed78

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-string-l1-1-0.dll

MD5 9ab1bde57b958090d53de161469e5e8d
SHA1 8452aed000b2e77040ba8b1e5762532cdf5a60ad
SHA256 199c988d566f19e8c67f4cd7147a7df591cd2f2d648cbc511a5e4580346e75f4
SHA512 cf53c6885e154a05f8773d6b66a605049d70cc544f22a11d423c885608cd387446306ce6dfee2cc4ee9387cdc0a50da55948b5e55ad94acde7c7fd04fe38a137

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 c03daa9e875ff8638f631b1c95f4b342
SHA1 71eaeaccea8a302f87d1594ce612449c1195e882
SHA256 a281ae7a487ecea619e696903e5a8119ae3f9e9eb2f0b64b31a8324b530a4d35
SHA512 efa6ca2710f9827888f2cfcb87a321d66593b39988ebf743f37e2b8fe77dba9517bdd8571d0be7573cd6e1c786c1edba10857cfb6060e315aa0d46a16523d43b

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-profile-l1-1-0.dll

MD5 430d7cdd96bc499ba9eb84bb36aa301a
SHA1 48b43f6e4ffa8423966d06b417b82c5f72525dd9
SHA256 3e16b030a162ee3b4f6bf612af75d02a768a87f2d6a41a83f5adab2ec3c24dd1
SHA512 51042ebca24086e1d0015fa921816a2f3c56065e1e15190b48c58656eb88610d64acacb87584981963cab501985c2cb68e53075cf5e0c65761bbddaf56fbbab0

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processthreads-l1-1-1.dll

MD5 b1ba47d8389c40c2dda3c56cbed14fc5
SHA1 2eef9ffa32171d53affa44e3db7727aa383f7fac
SHA256 c7277c05dc6b905fad5cb930b0ecfbbc4676b46974b4571e54ca44cb6f6be404
SHA512 466e31f17f73bda5149343b23f4966502a8597d2a2e43f9a6c9c32387451d92c6b658ccaae27044e68e4a9fd0ef9c89e32dc7639d59fcf04c596b6abfa09658b

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processthreads-l1-1-0.dll

MD5 d21be88a58960edfe83ccbbdf5c4103d
SHA1 3cb0d010837b77102e77ca62e1033ef4eb5473ac
SHA256 3e909b4951e485de391f9a101e513b32c6d3507674c4d666ad3105b939b25c24
SHA512 99b1fda3ec9292a59ed528ab243b4f8ac63e2d7b219135f26050bb7dd124a5d5dc4a14a69383a8aa0b03f0f0a3bccf0c233ef09b8e3d3bdf43d0aa1cfc1a3992

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 df64597430e1126c3ba0fe5ecf995004
SHA1 3e32ad558501fb9d108f885a55841605be641628
SHA256 9638950211cbdcdaeb886cab277573391bf7dda2fbdb24fc18d31125dc8a7c24
SHA512 e16c1f5468bf2fc90b66b4b66dbad62cdbe29180f8da8ab8ad28d1b0c418cb96eadf24bb54f2ee9bcfe3176256d05f7eb591b6f908e47bd420ba22768fe0ea61

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 94fce2f4b244d3968b75a4a61b2347ab
SHA1 c5898af5fd941c19fcdd949c6b4e2bb090d040d2
SHA256 c513bdc265654d2e9a304423f299fb46953631f0d78af8c1d397cd58b491475a
SHA512 1afe1f3a9b803c5758ff24376fe040d856b5ca814717b490464260c9c78e70ce6c166efbcc98e26ac12dd6173285b4863da7df4ff644d1d8150f8ac4b47113e1

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-memory-l1-1-0.dll

MD5 5e93bf4aa81616285858ca455343b6d3
SHA1 8de55be56b6520801177f757d9e3235ec88085f7
SHA256 c44ec29a51145281372007d241a2cc15b00d0bacc8adfaac61e8e82efe8ea6a3
SHA512 e6a46dad1d7125dbaaf9d020100d7ec321620e38fdd1c931af74e8ec25e841c52555ec9646a895ad4450de94f70e82e9a237c2895ddfd16769b07cb73ad827e0

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-localization-l1-2-0.dll

MD5 0414909b279ea61ca344edbe8e33e40b
SHA1 4ece0dabe954c43f9bd5032de76ec29c47b22e10
SHA256 05b0c773a77850f3d50ddb4b82cc4d5f19316fe1aaa65e21b4709ae73f60a28e
SHA512 edbd33540cd1ef69f2ce824cfb991903ec6e4edda815f07d610247594ceeb2ebc78f05a44b4de8c5c937191b7e8b2ef221423c06df303d73deea721c25d15eed

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 5eb2d8e1b9c9bd462c808f492ef117c2
SHA1 60d398ec6e72ab670a2d9ef1b6747387c8de724e
SHA256 db85f9aae6e9a5f1664326fa3fb82fe1002a3053857724d6c8d979a07c1221a1
SHA512 df0ef770368f153104f828f1c2381bea9a79e69defd43af53bdd419b7d80144831e0c4cc8695baee9f26928f0c4a00fe4837c872313c37bce1b23e6690a93bda

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-interlocked-l1-1-0.dll

MD5 5a1569efa80fd139b561a9677a661f8a
SHA1 fb0c824688e65ed12f52fa961ef3bae5674f32af
SHA256 41c1eaf5545109e871abef7386ab1abf9d2de1762cb4720c945afa8424858b00
SHA512 1d2594c7f9757a95b41a9e6496f89c81fc96448b32cacb0c10d0db8c28a95cf33b3ad23348bcd8fb37d82bd72865d3c60944206f2e795686440de49bbcc39d7e

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-heap-l1-1-0.dll

MD5 5846d53ac41102bb6f7e1f78717fea7f
SHA1 72254f1b93f17c2c6921179c31cd19b1b4c5292d
SHA256 059dfa16c1bbe5ff3a4b5443ba5e7ad1d41e392a873b09cfef787020ca3e101f
SHA512 0c29c0f562f1cabd794d8bf7f5cef0b0213fcf52a71eb254e0122f88c6e03558cb2259caff6b46d3b055101ef5422318e48d6c7568cbf2423212b8ed4e8f0f7f

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-handle-l1-1-0.dll

MD5 53b1beee348ff035fef099922d69d588
SHA1 7bc23b19568e2683641116f770773f8bcf03376b
SHA256 3a52229bf8a9df9f69a450f1ed7afc0d813d478d148c20f88ec4169d19b0d592
SHA512 85c7ffa63483d69870cd69bf40e2b4ea5992d6b82607ee9bfc354c3bd5079e18cfe2ca0bcaa2fe493b42226f4a8097737116ea023823ce3ef177596dd80edcdb

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l2-1-0.dll

MD5 50abf0a7ee67f00f247bada185a7661c
SHA1 0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1
SHA256 f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7
SHA512 c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l1-2-0.dll

MD5 3473bc217562594b5b126d7aeb9380e9
SHA1 b551b9d9aa80be070f577376e484610e01c5171a
SHA256 0d8190fd619feb20df123931108d499132f7051f1ebb0ef246082f4c52c88b22
SHA512 036b93457ade632ad68264d81ff26ee1156038e234c606882386d6babcbe722a18e9ced1655f97caecaf5fd514e261dafe999a3e9fec00cc677e177f0bf8e203

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l1-1-0.dll

MD5 ecee1b7da6539c233e8dec78bfc8e1f9
SHA1 052ba049f6d8cd5579e01c9e2f85414b15e6cbf8
SHA256 249d7cd1c87738f87458b95ace4ab8f87b0de99eeefb796f6b86cba889d49b2c
SHA512 ea21fe20336b8170b2a8cd13df217e9ee87aa1d2b0ba476bee2a97c3fce57648c9ab664b9ba895d5bbbcd119f2bb6633bedc85dafbd7bf6853aa48b168a927f4

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-fibers-l1-1-0.dll

MD5 73dd550364215163ea9edb537e6b3714
SHA1 c24fcadfee877d5402e2b4f8518c4f5f4a2ce4b4
SHA256 0235c78780eff0bd34fce01d1c366e5e5936ea361676cb9711a4cfff747d457a
SHA512 2406d9d44d3ed86a95248b25cf574e0c06533cd916048a2facd68f4db48e49e8e8ce1917091bcfb273d0acc210697ceb659930c896e51464c300ec06476d8cc2

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 a17ff429442d4e5298f0faf95950a77d
SHA1 522a365dad26bedc2bfe48164dc63c2c37c993c3
SHA256 8e9d1d206da69da744d77f730233344ebe7c2a392550511698a79ce2d9180b41
SHA512 7d4e31251c171b90a0c533718655c98d8737ff220bcc43f893ff42c57ab43d82e6bd13fa94def5bb4205caec68dc8178d6b2a25ad819689f25dad01be544d5ac

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-debug-l1-1-0.dll

MD5 c68a86c180ff1fcac90d1da9a08179c1
SHA1 c287951441c957931dc4ebbee4dc9426a4501554
SHA256 2c91c4861e88c92693a1b145ebe2f69ffb90797cd42061e2d84f3d7fc009a941
SHA512 857fbf9852596ef7263d8faf970128487413c859246f58b15cec32d11576894c47211a3bd9005f86c2a28fa6b67fba96831c4953c0fa24e2373a6daecb85e121

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-datetime-l1-1-0.dll

MD5 d7ad8db12ff42d620a657127dada1d88
SHA1 0ca381c734a3a93dc5f19c58dadfdca9d1afccd8
SHA256 26054d8febab1aacf11aa5cb64055808cd33388a8e77d0b3bcbc7543b0eea3bd
SHA512 7e2d6b60adbf97b22ab4b66691e483827d5755cfc6fcb5224369ada53cbd8cda43c4694a000ea4b5cebc69a475b54df0e9694c20afd9ec62b4db7b22241bdc45

C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-console-l1-1-0.dll

MD5 4a8f3a1847f216b8ac3e6b53bc20bd81
SHA1 f5aadc1399a9da38087df52e509d919d743e3ea7
SHA256 29b7d786d9f421765a4f4904f79605c41e17c0a24d7f91e44c0b7b0dea489fc3
SHA512 e70d2b719517c413fa967ca1a8d224299af55d988b3cc28013aaa3677660fae9ecb6f858d31c08cd8a0888f932af1384f0eaa928c002200f0710c2d5bddced1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 787bfea3c895088598be8273e6b26ce8
SHA1 51c9e1d18e593353fadcc4136c88adc22d663a9d
SHA256 1de93e0c091d913e0ae88771d4f3115a9fecc6d69923a78d47ecae1dbe25e3e6
SHA512 904b270c62d73521fae0eb9937d035dde4a1f642329c27f65cbe1611bc9d97e045324c0189ceb201a50d0cf2a688f44c7ca15be90b4924a866ab864ae9267b1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 23280b325a103e6536e053c0b635b075
SHA1 0707d1e2f680a70f7ea77a586716fd9f970937cb
SHA256 f623147fcd61951858fd7157778be74b61608283bfe014e924e5ccd94efc0060
SHA512 2cf2fc1c729e60a7696a080700ef47c082dd77b3fe1ecbee39b312a69c02e79c4f03e822ac9ab1d2ac078680257b7a761ef6911c0fca856a7276af86575e9c93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 958f0e1f0e28361abd2baae987bcec9f
SHA1 834f55da43b2ba2f644bf1cb3e79a52e55e22eb7
SHA256 51dad1d166c907721bcb27caa74efd55039fdf6ee6aa694b486335c95c89f788
SHA512 d736ba67da379175ccaf7ee6bedc99057910d731177feb8f5cb46d547567cddb8b5538d315bb0dd0b4ef0dec3eb495307bc0c53ceed91a581f6d0c21927368c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 735f3db1920cfcdf31486594cc065e2f
SHA1 041b8e74c09142f67d0a3cf3df833679bf315efe
SHA256 aefb0af3048d9cbbe8475b913be7d4846ded9ca8179fea0caccecc9162869ec3
SHA512 66e53e6e9771e841730e70d05a737e4133637b393bba7e961d51df399f2802d96255cc0ad2cb68bfcfede421bf426858a9f9f5bf3099f84911e0b67ad867373d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aa895.TMP

MD5 83c7aab18275476e5dd0673f4aed8651
SHA1 d09ab8664a69ff53da8191a32c18db245c728396
SHA256 6bec96976d0a02576f3d9b4e33097314e7859041e127a624d244add85f94dac4
SHA512 c0e3fb27793dffda391ddbafcc169f264db7ed1d3be91baca8143afb2bd357883f15c27092e91da2a54085db438e97424f47f8a17a9d53732e1e1b7adff36b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fa915f76136db7bf30023402d2ef8f4
SHA1 eef4b4597ceb36d3b7f7749db5d643fcadf211ac
SHA256 f526bc11cc2b7820e02b66076aa7354778cad85dd433f51d901cccf7fd1e410a
SHA512 8a48b4ac166f5886be8c543dafac77d02de88bcaf8bcc8b719cdc1ed71bc418d481952ccd3a60da18e62b634df71f3020276fdfa6b5b490454e225210b03ff11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4358c4dac49d2069c123e816652c1e5
SHA1 283c6d706f35c20092d88e7306054cb9316abcd0
SHA256 a4c710e0755ac1d561ec72238e90dc2a80f58f7725fad39ef5942330592bc937
SHA512 7dbf757c13e0a4a2242ad30031ab082c911ccaf387d72280544309c52696948617d08f56ce116f17624d074edab899f3f34319c5fd51ca367a6934b7f818bda6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e2a31150b6536df3f2fc9f1bbc5498d
SHA1 b9c387bae2dee3a85d0b9b0a96f6cef5dee43c39
SHA256 2f1c6eddb422585d2d1d34e27ddf15085637a65d6f5be56bdbfddcf3cbc460a8
SHA512 01da6e3b5b670241c10edf831818f9542b586b990a921a192e5de6f34615d99a6423d44c9fadfc345befad90dfaad0ddfb8f4526227d64c2682bca115b846c52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62f827e67d19a5bdb3a5adf6bb4164da
SHA1 8ba103943985ee6c56ad1e06a5501e8915b2e5ff
SHA256 67562e57c19a2d55850f1b6d2c6ba587a0f5b8ecf0547fa8d26ed1a49d7f6766
SHA512 d871fd8330a968e96cb04b8658ec5bef18dd79cfa507cecea49013c5c847379a42d2fbbf1ef9b14a88496fef2b03d008e268c78694d973a0a6762f6c08302400

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff480395397653d91cde2e41a1642d46
SHA1 09cfe4945c47b0430112cf7dc8e22f3757446203
SHA256 345784a80af7d7708869ab5e2c45edda5ff390be93c3cd559555b85936cf01c2
SHA512 3e7ab62b90c2d8a7af6c0bcc490bc362f0e0e331279ce431d18a25ecacb65dd276a3344e274bf947471c33085d745d6fd4b08046cbe9c42a1f418416af8877db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb5b30f9d87c716165a79c26d0c00773
SHA1 a1a40c6638928b092a35cbdb2cca6235f2a00fd7
SHA256 0b0069bf8e3931530fb0fa43c5a048727c71efdf36a5b8cf6e1497b9621501c6
SHA512 e84fee297f08e404cb266851509c0e929aea578483b16f19505ffb6fc7d7a4066a7a284a6fdcc201adb4b78bc0220147a1d5784ee925de400be42d399ce0f8e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a59765d8135afe69324acddb840882d
SHA1 1ff7dfcea9c60b14ab879b051b776fa459a759a5
SHA256 84033237c31b11f26ba29e7765272e033acf53c388489abcf6712ff40aab6586
SHA512 8cbd6f1a6d40a280b9c92d5bbc3745b2e729a7b420c9e96b5adbbae0b245d9a2e0cc879437f8edc208bf1774fe3455b83d4b28910f78632fdf57e784d3f52e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fcb95a85b00147129dd10583a155f5b
SHA1 442684fdf7b13953a2666c16560e27ce68230b1e
SHA256 0569e8e9493d471a25400650a1cf8c1f65dd7e7b2989eab0fb5507263640431d
SHA512 fe6ae385bcbaec934038eb72410ee09a0c590c71b01d41bdb7196055a55242c9f72e41de345b3dd4e5590fb4ad250c4382caad02506986c5c7fee0a1029dbb5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e4c05b4222499f67f24ee91ff2d31ca
SHA1 bb30be226e79b421d0ff340c320f5ff7a625a339
SHA256 94199e147a6029d3f1ff368b91d487b8e3a6f4e9a7e4e55605cd73d0794c2338
SHA512 b8b6cf9a6f098908548287b4c0ed25ee1e568094fdfd38bea515e067719832fe0b550fa839ab6aac8c74c756761e8c5f947481f54aa89fe7e9a02b81cd142951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5322397615a61d53129ff39a295c2a7b
SHA1 3ca71a520abd61cd07d819ba6871a7e24d5cd16e
SHA256 f40b4820899bef786cba6911d4ac7e9625b29feea23c643aede6f308d566b73e
SHA512 131fe489bb6fabaee159eaf0c800e8caf3cd7c3cce97cc8f7cc7d1c0facb7b0b10dc8ccfa118bdd27502548a473b61e3dde8b7767905c5f8705a6c7c5a8dab7f

C:\Users\Admin\AppData\Local\Temp\MSI5117.tmp

MD5 6425466b9a37d03dafcba34f9d01685a
SHA1 2489ed444bce85f1cbcedcdd43e877e7217ae119
SHA256 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d
SHA512 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371

memory/2436-842-0x0000000002630000-0x0000000002657000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll

MD5 a2d4928c9836812735b3516c6950a9ec
SHA1 01873285eec57b208fa2d4b71d06f176486538c8
SHA256 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8
SHA512 d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79266b84c1c91d33dab04732259ec5fe
SHA1 4854e58b2481db937be903061c68971f7ddc572e
SHA256 eb37a6aee7bef0909c0442845cd5b637cd9502bcf63a419547738e981f4f47a8
SHA512 8496cda2ae6aba8d8abcb3a58ca9ab9c125eefef4e9892e2df74c9b91ff9173be5bd1d079b012caccff16e4257ededaa7c59896edb861c6d11a825a0e0069f2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 342346dcd7ed2f0edde64ad60b4b5ceb
SHA1 0a429ed39d5eef59c6e0eadd7c5d40cd5bb91c62
SHA256 602948324fb1d9b35b89711dcb3382967e606c69b50093bbd8bd94a21a91d31c
SHA512 5b2bb51ae2750c1b419e975dad9131fca8fdbb2daa03b74d66e7e4125259683eac3d0a5fdfc31984c0acf1a123ce2afb87b0b169ce2a2db6fc3746411d18111a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78ad45c518f480115f8794d63f094dfb
SHA1 fc85001faa8ca5dd772c165ed636fd49edd5917f
SHA256 98457531443ef89396b192ae5380091e6ed476453d6992b70be7ba46d37c7965
SHA512 87ae771c16ca4403ec223e0a0cab290646842b4608121d7a8f42cc8036bc946d87e15a5cbbcee268aa6618334ae8d3280699406cc80ba79a9afaa5c570464b86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7864efe8c33ad8bf8c688babe7d182d
SHA1 03a0b602da5e2bc29e20ccff13c2c9689d6c644c
SHA256 3bbedc812258bc8734d98cce09914fdbf0b3c8b8a427b9cc004ad75a7b8187d3
SHA512 6b215f2044d98ef5ec5e1d39e1f30ee87a54992d9ee60f88c99add655a18e8a10225d800ce8605784a6648552914b5ca576a3fbb6f9613f496781f7bf704ed5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70ca0b2edd85afafe630b139d60fc56a
SHA1 106b6e51086a64fbf831eea552b6a17576f5fa6b
SHA256 1ec996a09444768528b8961599a98968a246f5f53d725cfe964b96e6ecf2e318
SHA512 532fd70a0535a9ea456725ed98eaa681101c08fa6a740bbddd2352ba073fd3042f19758fdd8f0b263627b91ebd7ac4eacb4ad31e5338416a739b2cc0dd5d3665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0de99b607c23befad29cf623ebea5c9b
SHA1 0d1a7d99f13119e6af95b9b5299ccce16b357948
SHA256 17952e37da7fd12f2fee370a45622c3ead0e29554b0dc595a494450ed248c5b7
SHA512 2e4e1ddbdc5bcad9a9928edce79bcda4e617a4974769f7c414b7a88a8115fa947c6abeb83f286c5ad8e5bb2934d374b5f0d9e699553fab1e5ba4b8d23ee0ca28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 732659d85fe863625e192f5c211625bc
SHA1 ff4861a26526047641262f9cda63f416cfd4197d
SHA256 80e6fd1453665815c96efb4986dcb95d9a12e3b2812c57f20ac39d866e090c71
SHA512 819fbbcd28d428aab5ebc058d0f7579d4502ff06e7cadad99b3de36a2cc7f73b9a3b2936e8ed5a3ffd3b4c3802ca10900d7fc4ede31537065cc1026b65acc6a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fa315e8133b4ad8538318b344ef96b4a
SHA1 85596056ea509c82eca934a5db8a9004386ca181
SHA256 1b52a273a0f8df12d6630e5c0cc9def616402bc623530b6f5779df3247b5a6ab
SHA512 1043c761a8115a57bfcac28712bb0fd28f08a164ac79bab2fba70a72b03f6ea10043e937af049e1ee6e0e21971aa581fd7556619c6e233773ffa7e73c570239f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d2993.TMP

MD5 299d339ba3dd2d3a8d022d845e55eb7f
SHA1 654875bf17716a5db2d0ece0c537fdb050ab30fa
SHA256 9f2881fded9ef92b98e40d9518bd6bb4147a1ec97afc1f2588e165e326edfa8d
SHA512 49d566c9a06efc7d5c58f2d5a302c42382fb2ea9df580cc532413810452e5a9cb05ac3f298dc356ec4c9bb37640e52686ff5cb6925aa59f60f2dfa85c02ca81c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b73e55907c8caa40e2ae8b4f24931e7
SHA1 538d3f750894dfc34d03c28a7692c7f12499378d
SHA256 6b297642c372895e443f938aa5248fa798ce64ba7b0e94aeb5511edafc6d36c8
SHA512 2618de4de95a958bc5d28e5afa801ec52e2123e6f8417e848bbdb9bd847c0ca1e97192a5ad7bc626015f1b522a6e202cd1490cd2b780bab0569732b9bbda31e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 97c7f2b0cacd81e715054d88717cae77
SHA1 0389af136247b0c5b570de352b446bc8a8dd6cf6
SHA256 f5b15a75a5c8dcb782d5b5c733187efb46a3199342a64a498ce3dab449fa86ab
SHA512 347b4e34e7e7bb8a31f489dbcd6da1795fdd149c0c2be3892f3819a197ae38a714aed4bc560609e3713e9d5ed5296fe29390868dea9f82479f9a8d9c2f5080e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d4c8b9b23d91f108933ac6671feef6b
SHA1 7f3bccbb6836612b4a398ac61ce5d61fa7b0e796
SHA256 5f9f196870e6309c9e243bec7b796e3adc33b56b76b1130a6d971e8eaff78c1a
SHA512 dec8c552115ed890d54e280fd8572286ffad13b9f6ff3845ded9759e9682682aa7090749eaa5fe3b3252ee4235bb9bb11d63ab29f63ddd1aff87f883c3757c56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 035413c7a4ad054f2c201b7d7be1718d
SHA1 989299d83835cc25b2e9fc5a0846ab4318eacbd2
SHA256 301b5ac5b5b2796558aa0830adbb272e5e3d6baa44bbb22341c10af8b865fc75
SHA512 c127526dc631c8336a7603975c3fa1ad317d4cb98f948ce53c5e10962fe15b0f145dbc0595aca2e77c49b3d5c0bb7d38b9fb8cfe9cc07a5b99b5486c7ec3f4b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1dab90aa5d16438c59360e97d96bd9be
SHA1 12897e9e5409e9fe03a469d756f80060257d128d
SHA256 eaf4aaf808d52994a4ae6bd6ae6619173b0203b5ee24fb32888a0050c606f10e
SHA512 5ad7cdfb08604b5a45b60374d909d697d26c2d4139becebd37e068aff22b10206f897afffeed6e5fe1062dc5155570d53c4f4ff872525b47dc169586e201cf70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b079dca9a8f4a6da24629c67bc77af9
SHA1 d91771fefd78d395bfe022e9a79d12acd76ff77e
SHA256 4434b1c26bd591f9817fcc4c607cf29ae377ea16e48144c93d1086dd3b9cd778
SHA512 fcc97a6e2485c650b61bc3d242673ffc443d6bbf5b6a26b806c62d84e4e62e22452aa5ee21bf802490aef0bf4a9fcd99ab120f7f2fbe110e6bba5360f88d09d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f000145394c8102b588453ca35acba3b
SHA1 1c96669b2f4d7d150674b6ab576d5d7cf2fcd8ea
SHA256 5b7d61ef76e601cd0af6b038758682dc8a4538fdac56c055cb5b820ea76f0f57
SHA512 2f3794463e4ab540cfa617f72769173a7b20795b5719338a36f70d1766e770aca58d9663b417162ed9cbc1aab84a30d8c1965eef7d2c7ccbe7abf8d438b1c664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a7a7b7c68e3e068edadb5cbbf66b5dd
SHA1 964b644b315bca6f7b2670e4d5210472d2de7f3f
SHA256 fced6c51757e2433aafcf87dceea3e1025e7fa835fcce6d084359a58e4be5d0e
SHA512 ef41df10230d57cc6e5315d3600f483d5c109445b9e1602098baa65612c49a384a4171fd2ecaedc933783cb6fdb1a66db9a217dc123571894a7c87ebb1f2970d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 555fb839b2818643762b36188cb49f57
SHA1 7697a2a0fa512c6f99198b040670fc4edc2ac99c
SHA256 7aef838877764f39d90366e054cfb460600da52cf45c40cc88d832e93ebeefa5
SHA512 5c0746a0abbac2f31f40515717791eda3e863e4b436d4e350abeb0fff94af51e91a818e48ebc7158300a0d82e719d95f087b75cd2669d98f9a9181387efcee46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 cacfb74b6db8ec937cadbd7a4e239694
SHA1 059f1501f9536c549448169c293d0fa1e3d00031
SHA256 3c21c8fd28579bd102c6d48522db328a689c5c8c6048453bb736a1f0d27567cc
SHA512 4765d09795339da2afcd22f305b9c595921b6071f8766bfc0285ab6e8e1589a0c262bd86f20caed7258bc2fedfe6e81a1f649dfe25bbaa75569340c8c7ba0c1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 b21ee56e1acb5b9a3ffcc222c761e54a
SHA1 9273fd0cab63c8a0264019a2ad33e31cde2773f1
SHA256 70e9fc85fb604d1ad7b964ef16c65abcc9b7f6078248dba31343456848d1946a
SHA512 44044935c4fb8c2cc79b252437604f2590c00fc4ef62ce4df0b88a9ec7cf011848ec748a3fbea27fc972b89698fc6e91e16418c19ef264529a6d091ed29f89ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 83e882d25fbd69825c2361e2dc3c7c48
SHA1 24ee0e5d3a1a1bba1b22e62b49101d9c3887d1cb
SHA256 fd8e58df34c9f9e2b91cb79b76dd6059d2e7d10c829d16eb0aeea9e04e5b6a14
SHA512 049335c8205826f3d12314ddae0b58788f0dcff100382b4ab4c95b157136a6c1eeab8653ce8f94b370bbad2fb54466ccd3294c2905d1862ec0d021daf145bf9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 f85e85276ba5f87111add53684ec3fcb
SHA1 ecaf9aa3c5dd50eca0b83f1fb9effad801336441
SHA256 4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432
SHA512 1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2bccd7063c47bbf77ae1c66729206bb0
SHA1 a06f49b2c42d0fb1601cd7c24927d0e9a717c7ff
SHA256 3b054b672c46b0c8e167a4f6eb4ac1a471f3ef2b3c13c9c92109f2c080bfdf51
SHA512 6a095ad549e8ddf11147177c68805f182c2bd2906eb35e7c25c3e8cfb17f184433c9cefc7889264d1c0bd550116c195ff41447df1fd3c9d862394362b2b29e01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43ab9c496f54356d517d06eaacbbb09d
SHA1 d8014485963436e4df3fab91b1fd610c8dc3beb9
SHA256 263a5db88701cef9651b56c32343988e9087b82399501455d9448ef069c71d2a
SHA512 bf23dc8744fc7224fb20db098f98657994d002b1ea0f2770a9ecd33167b6710b6daa7223df88213515be46c66d4bb1c01ab3260eb05c8fe47afbd414051a9ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93cb677a7dd82445eea17d5d7a2727c4
SHA1 731c094f3289445f70925b8df85b1a46fee8f9ab
SHA256 85640e9d86c36f4a04286f50e1afc46e6d3039f45592d3843bae2a0f98f32206
SHA512 5b475bd16ffc6461a464c5197c476398142400ce78dcd51f1de9e7a4dbeeb1f03957645c321d91547701054533d56defb08b8ca08319f7c101f4d293c3614af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc21ac19774af6b39c3e9eec733dc840
SHA1 b6b05860bb0ab84b583be92a59b287438b778f76
SHA256 27c587efc6de2c68b079ccbc88d82f19d571cc7e5598a787e585c0f5f0bf34de
SHA512 047ee50e8639768f745bb1d362aa40683d8bf7ea72d48f71591bc6f8dc054ebc9e01504b52f5afcf62bb104b4d753082737b658e5a6659cc0a2ec024f709946e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 f8e0bb6a9c3bf7ab7556d318c6519b55
SHA1 d792d6f59b53cae4e970c8742c47af238b160dfa
SHA256 052ba529fc7e277bd7bb0e036c32240d3584fbb1359b3364dc2d6c684b95dece
SHA512 62d25f336d73cc80c221fe41071e66c27e0b68d4fc383f92032205c33190909f28db527d41bc6342bf3c8923a410d828967588428109793b5e829192e425807e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

MD5 29be3f4c1685374185295c0577a0fbc4
SHA1 c720338b90479756d89c4c0bd6e1b2c126e741e2
SHA256 84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80
SHA512 6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

MD5 358c2b4e75a8cc9d4e0c7a731fadf860
SHA1 a279b045c884faf2e0e61957ccde44267a4c0043
SHA256 f509779df49ccc415ba8fc4d9e314033daf03ff92b9d70c51517f660dcc18b2b
SHA512 6f89059ae405938f28ab15865624a4282b2a1047764e7f747dd6e6735db961e0d292c77c50a242461d053f67cae2605dea0f48e5154ea5567aeaef0a71df24b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59ed857e79cf81f6f5da62b5f1d95f5f
SHA1 78a139fbc54cadefcab3db01c5b49fac187340c2
SHA256 05a048574f39e48c743beee8f3a942ef0f295b18a400d33777fc7e3ec32f3be2
SHA512 d90ed17488279cad61920a00cd0993abd239196a919c55c1403b73ac4755522a4beca87c1760ca1a355ce834c2747df83d86333fe80ea7317312e80d21fcb8ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4abb05e7af856fa08de9a67ad513a33e
SHA1 62efdf18c2d1cbf6cae5269eaa3804feb939d98f
SHA256 967c46d8e3cf23d1eaf0180cddefcd768b509b785a9e66dc6696c053190818b4
SHA512 586baabae4b21573a2a01432b72b444f61b86888444d250b8204e617211c754ce889f414689997a38d3137e5bc9971080d279cba95e4877a4737c39b032a3e39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f486405005a267d1cdc1fcc4803b8ddf
SHA1 7af992b541d20636b29f8b30a59ffeb17c2915b4
SHA256 309cebdebade14973e87e30b687f2d3b7a6ab3b54ff83d4c7252139bd66c460e
SHA512 772454a3a0878f47cebf0cd4d69f793d7e9131c25b4cea710253279eb9d90f097f15723d7ae3b02376c743a5344912b62b27ef91f651f94882a9682bdf2165ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 005f95a573308769b40474e4d465eeed
SHA1 94530e5f12379ebc361180977a48939d9c5c280d
SHA256 f4a7a2f595326bc7b8508cb17793c76adfd9f66ab2f14ceb58be860130e24a05
SHA512 56e4d5cfb1960b46384793cab2085b309db39a4db86f49c2cd33a1df50165bcb64a1db8d8265b4e6d65325242acc683d5051cd71b245e49d8ac39733121346d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 5abcf8c2effbe1b208f521d6d5912171
SHA1 465dae46f53d4b0a97a0f42fa11cd2442d636213
SHA256 cd731f70ef3f1dabcd8a31eefa4ac9d5aaa954b81073947310aff54f98815c61
SHA512 90de93855431b6343d0550ce82e7fc14b2ceaac246b9a5aa9f95682d0f01a547dd60b75ec4d9330458f50edf112986dacecad212653bed8e68a7c60c7b6203dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016d

MD5 10ac62aa705e892cdbd9e2067b770e6e
SHA1 14de576a658198a7dd056f5d0b1b032d9f9b286e
SHA256 b091268f8a6be0694816a177fbb25930599afe4ff717e3679a2b1b21b19c7eaa
SHA512 1fe117c3a018b885db55238b2f067a95b22a9603c65f87a506743bf56809aed0c3700b609b4fab75dd8275b0c48ba638235fec26ecf4ae1828579f8b8d2d939c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcd70ce70f13e3bec4591054586e5cf9
SHA1 53aea9318e0dba17303ee5ae7381a31fd94a743b
SHA256 a2128f7644318c218cc5581126ed1cc76c7115b3f09c8f628dde0420b87a99a7
SHA512 543cede5f588c2e6629d8e6ff30abea6ca8ef67e0f04d47ad39dc60537ce35a9cee9dc9318ed736bdcf57f916e8628a04b2552c44a732b4ef8a7cae0bf1a4d80

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 956cfc91aec98b400d6c8490f1805f77
SHA1 c2d56b177a64c259f61eb67acb611a0e417f01ff
SHA256 88d21482c98e4e7745bf5119862dfa08b679b88ae35ded20771c6bfa61c230eb
SHA512 27858453e99c7d400c40cf3077556cf37e98c11ac772a57dc94fa72e374f65900746f14e77ed354f6b67fabb3b920e5ed75cc14d37043e83c7bcb4ed560f3801

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0ea9e77bcbb3c7c96217d9199126aa47
SHA1 1dc14ab267ade8f8d5b4c959347848267c3b373d
SHA256 32b473ac27e87d9d07c11f359ffddc376481b8b1391da0738c5840251ba88e24
SHA512 91d190ea85015eee9efde6ebaf2b7454163b5f3d80d26ccbffb242b73b257252c19f376703c66b62f466ec8392dcfd611e16720eae54b1c696985aad6a3b09d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000198

MD5 e319c7af7370ac080fbc66374603ed3a
SHA1 4f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA256 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA512 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12775c10bcd7714fbb746f22453584be
SHA1 179a5dd44cc3e11cdad9c50ea6e1fef959bdb2b0
SHA256 63bd7b6e8136b7f4c6c562e43522695af07ed4420a74f00674050c3f19a72666
SHA512 8781e433369db7e3feb5afa3323638dc6da32ae9ee608cb44c7873a26f03520111946cf6e7a8f3d0db8d53a6ae363a7a12d684362a27caf90ee37f0a3b056791

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 59da83f945edc8ffbd1f2e3f3eaa4bc8
SHA1 5fe6a08e26beafb683e6c0b41e364dd42b7c92c1
SHA256 75c8111c886951f84144fb6530ce571fe2b684431706251064269f6f46b9221d
SHA512 a227b1436a3be7111a531e5506af48f5def1ad859ffadfeb16a7984cfc6e0db6252e287c34e9d0dfcb1fc7772ff4016e7fc35bf50ca0433946cd428900fbb86d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 523b1fe9e6c136a2e6d7461f1045997d
SHA1 adff1df7d0075b3504247da664853632326d2dfb
SHA256 6c95c11f1555914c938c12973d85382ffea922795e192e0d31354a0fc4411edb
SHA512 c3b55f55f5081d63d18d240047d897f8433a1128c800e0b60a64b014cc71cb3e2c5528d68c6c940cbfc2bc74c05f8ec26c1b74e5d8fbd94036211663e0f635aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 f26bbba7e176ea7ee28bb8d1bb559e46
SHA1 04efbece4b8f5160b177211e1451a649b844b775
SHA256 e1fd5de2bdb5c05b81918158dd6f841338028f72ceee214de7c67813ed2a8155
SHA512 c23a748d54d6829127e50a912a0af1f8e9e611bb919a972697a0e71ba812843dc51642f4d72dfae6b6cfdbc65503828456a7773338e1fa83a2d88f889741fd45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d1a1a607d0efe657bf534d2b7e92263
SHA1 ed4b84b5fbb1ebbdcfc24d12ea41fe74f6f2e720
SHA256 a78323938ff9909b49c1e4ef34ccdba82f00cd66107ee412973c766f9e5cfbc1
SHA512 bb4eebbfdce6fb71347fa7c8e6ad019534873c1f4b4a62ee64347816c7d6f0a5fc848fae0a3ed5e0f471c40dee94d3dc7df7d0a1c618727b71df0a1c7084058a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0aaab0f9bc5b0252728bb7968dc1a6f1
SHA1 480e5471ae342bd79cf4510c7f2e31c66f429c0d
SHA256 4bd3c59f96c0b0e2f5b8dc1544b963624a4dd6f721b605caa2cacaccf2557fc9
SHA512 b45ab11115ced9202cfe0f83a11ed22dcf4c983bbe8da0f55c756c51bae1a55313250481a802eb0abf67351b8bda118173e3fbfa1c32d9a20a72070166519dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00022b

MD5 81c6fee022f8b57be2396468e8880b9d
SHA1 1f394d048f97c9a3a6e3daaf972e17a4e5c7c676
SHA256 bc6fcc35072fcd54d666644508065dfc987735d25a5085db3ba0bbed6b3770a9
SHA512 22f21a0da0b3c758bdba842132ef68e326a5237c35cb12acd10380ee434c183a76ce950fbb5256e9804afe4a5c7e16a1e924d883d7ec58925334e07ae233e344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07a5a5eac6c932ad89e119d0e7bc73f6
SHA1 db6bcb9560c0a377323d480d777144baf7f0e874
SHA256 fbf39adab4a39d9d5e3ba3eb06c86ea2d3b0f64a2ef2c7f1f09ee085e5b2f096
SHA512 901750ecb97d2627571d73cd56d8f7d8e547b1c84eeb17fe9aab1b201d319f9904cdae8a2f0fce23e3d90493adc4d8bbc8fdb2612e0eb5ba8c13276540c4be5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ace614aa13e982ae0d1a7d317e358df5
SHA1 0e1723184753d9e94310a3308e19c5a29a4b6c04
SHA256 d771c77fd940281090002a400f734960b9e004e31ef8284d19e189e0440bb327
SHA512 a1e3f128e83abe9539eda8e85a2359cdedb2508a6607848ab61c1190b40e7f00439781a7ea8e5a3303bdbe47af9700afa8c0dc6ef72be6db208f6cbad0b5c71a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c0c418594a75f556a2b504063bf4a41
SHA1 fb88370c85e99e744ec493d7768851ea217cb3c9
SHA256 c601e7f542ca9e25675b92db427a6cca186ca6840cc1687a8c8593c7bd14ac73
SHA512 e902d11ef2537814d4c85a27f2282fcf3a489213744cdfbf8199d65ddd57b3d95136031d6ac029351c0551895f2bbbbb58bb5042b14a71d28862720d29272b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a92106261d239fe94df9300b6f803ba5
SHA1 646999918b715c3658548ea2e84ebc06b03dbfd1
SHA256 4271835346e4a99bf529278e0c6817af661c0d6e84183e2af207d001d357088b
SHA512 76c22a93aa6ff56e8b69d9c1e04e00807e06ae6fc17a9331e63e4146d91b3e06d39ede29f5af2b28c1751f5f9f9705b5861f5186b68c6c87be72f51b70636455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000238

MD5 d9a835eb75ea80d8ca2fc7ff7df4f9ef
SHA1 70ec0defa506882b3e5cc2561434070c76d6dbf2
SHA256 9cd6ab87b0a01ce489c5c350f7e85a434157d3092ea4b58a6e9a9cd95260abab
SHA512 d49af0edf769a4a37a12c781fe38ae69e0de13419a59fbd9f5c2ab06e57210f0ccca6137e47fb38f80b6072b4473c50330314b0c82a7ddacd6061094c51829c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc55a3fc7cb4881a3ed0ea02d78f923c
SHA1 3eca9c637cfd7799321dd8cd13e08d8e3aab5c27
SHA256 a5ef573d825909504eb894c3278e86d85e763e02ed8b0198f509e9d7d54c3a82
SHA512 eca04f8d685e137093e57d4d59178e713be4130a99c94f7df6873932e1c94a36b033475682f9c466d35eda815e33c2f5a270d1f880bb3534faa5ed07b7650d61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 728fa5f8660f174fcbc33c19629284b4
SHA1 b034dda78d96ea62366b93edb2ca33d11db90781
SHA256 513add0a24d9bc94ed8f90586a071f291d9ca3780041520b152f1396a70d027d
SHA512 be4a3fd937a275c75ec59f5f8d2b20c7d844f01e4fd7cb6dd0bf1df6bcbabff5f47c20f275d0963a2346e3f4ead9d600ecdc870b670553c245441959c80b61ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 67158db423ef2688d765a32d79e233c6
SHA1 758c9e5e0169991dafa0c435a0765eb651fe1967
SHA256 addb80795f9f9eefbf1140f88f86e268d461f1e116cdcee6fa91c8445a80cb6e
SHA512 8ebfb1aaf61c46b80ee5d900ec0749e52d29fd9e14e7117650dfa269de1cf86b6e4ab75d13af141a9c23c891512343cdbf75b897364ebfd41fd412c509acd787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5865d5c2fed1e49deefd6b667c8067a
SHA1 3b6975844357ddaafdc9a05706af6d6e7d9de94c
SHA256 9255d8a63e397ef90e5daebca93d472479a7b6544059229b51ed911590c016d9
SHA512 2256159c7da5a2fa783832e1fedd7230f384874a26148e5eaee7be9bcb66aa9d007b1bba923ca794c73c9c65298610753631083fee6369678da07a57d3c5ce50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6dafcb01901fda811ad5bcd3b39650ea
SHA1 45ac666ce56ba7c8674461aa99ef554142675120
SHA256 93ce85f0e874b53afc5fa69676890db74d61f0cdc4589840d5f2dcec98985775
SHA512 36ef58bcc13d4c03e8627abf977a4e70dbc3033065c78892fc564d047eca4341717f9690944168084158e7b88e1b153e9131f248cba941c5b952513a3f7e12d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b46478fbfcb5a7b2e022004e107390ab
SHA1 cb86f907ee5b2d5ab27710eead83b0d77299bb9c
SHA256 cedfe6c36bd2d1c92f6c4b6c145fd5f512464a7aac30ffd9ed37c238cfb7cec0
SHA512 a43ef9c842b4b0f7650a3b749b0974efc67c9cdbddd4b11132d8f389bb657813b85ac8643e9d1da86ba372e72a859b3e2cc6d0993e54ee148792d204cad9909a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7cf6abdd94342669e423965d31d584c
SHA1 b199b2d1b0793bbef1f4c668791459da86aef251
SHA256 96ec941218b7f6d6396414b4fad0bb22da59ad710d7ee6b18717379bd7e6b40d
SHA512 523a74a65096a17217ff6a63c1e417fd202bb802ca9fbc668dffbf799e90e1f525d242649277efda2b33a076bbd9dfcc75a08185cdb251cb70eb3fb5b8b56fc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3dde226b021c3c3662cee6d1491f5588
SHA1 abe995b0a62304746da23e29a41629234d9f88b9
SHA256 a631b23384aee1fc5433accdaa23274e32dbce10512c9de72beb22c6bbc18e0b
SHA512 dd04cf520583e3a63bd14e7fe7114c931276a0d5939420d44b9ef00cc3dd4250bf6dc024ffc5a8aa271cf36e5419aba4c0b85e338a5a8793eccb2a9486d5ab15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cdn.porngames.tv_0.indexeddb.blob\1\00\6

MD5 c03192ab9eeb218d45216a48435fc186
SHA1 641a04f1777875c93b118790971b2059d0eaec16
SHA256 0f6543fa3de4001fc0b74d83357bb562672e4269efb24eb8362b2f567b190ddf
SHA512 e7d19109bc99df5c8caee9b5fcdb5c8556b2af0af62975eccc910d8a0431d5fdf7f1ba68823cf6990505c96f6b86c6bf0bc9b29efcf515b72471256070da9444

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99d2bd31b1bea557c847d9ba63b7b68f
SHA1 d2b2c85c537190672cb778d35a7caae2d84e1859
SHA256 21b82c421d0f104f37ce5ef46987fd0a673ed703144ba9005e4bde1e781faaad
SHA512 b7c692dc75a5a6088b532a0c13563ae77ad928e0c8ff16cdaee186a10a48d43462650fde592bf17067c421bd6a957566484367596e6d7ed27b5191c7342959a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1bd5dc370f278b23973a816a2196db1a
SHA1 d2b199f0f9c98c2955a84f41961f41af217f5a21
SHA256 3eb434dc63e7c4a0b78a172f2b3a8479c10c49d6f5a320a8474abf6e062b7a20
SHA512 602bab3dbc175dda5e419ee59d3a0d020d98a2a8d49646986a7cc28c109592c177d9b620994313b801a8648dcd3974d6a6530cc1dc2e2fbe690ca29ba6c1a537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e3784bd6c79731c599ad0806396220d
SHA1 32637192dc916ee684b001f478a178f8defe042a
SHA256 537992c9e49e7f4b998562dbb4ce8f6c9fa88d2643ec9b75afd6ca845398efcb
SHA512 392cd97dfe98ebfd3b576a556da659f05c1787f51f6ef6b9d505bd600d7e2724626177902f2e6e00904cbd1413a2fc5a78401a6251c1dc3d7a38d9b09b5503b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8d75c62ecbf05c46ec794626d19397d
SHA1 0f51d3e83823ea9a2edee18ddd1bde1af87d7d30
SHA256 dbce197e1270a7595a931747a4dbb0b7cb8fbc16cfd0b48680da19eed9111caf
SHA512 07334e00b184405034a9ebcabaa97e4c37add7a68e39ff611561fcd1a19688382ce52f0eeeda32b5dfbeabed9b6ac78b0647ce40d5f94828e473488aa448c4c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 347ac059202b1ca009c8d701078baf9c
SHA1 82a0e2258411af7b48c258d8486f74eded0500cc
SHA256 7d574e3f2821e3075b19e7f1cfadc5761ed4d8510b5118a28c70736b2dc4a701
SHA512 4cfc57c7a7aaecd66828e7806cf598a0a919d2246b3676fcbc4913ac03a098f53de2198ab52aad47bc19d9ad1a1df58b48b3ae30d764a799735687b4f59e55b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bce6cf4126022ef7aa63c1fc248fcaa
SHA1 0e28299b460b4051d2d55872497f37f086f1aa9a
SHA256 ea031d9822991749f94ac47c272a72febf44041a003f254c3c370e80359915af
SHA512 840ec02e467894f70f05e8b287dab6f3f2ff0ffb029a03a66b2136acfb3e71ce9adc19921dfe60f2e5815a7bd73fd30b0d61df339b426b4662e2c75b8c8b811e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce0cf6855e5730ca56b2de71e9ba4f1c
SHA1 9ce594d9a8e12ed4ccf747ca13f1742c600e4de8
SHA256 8a4065493f4df6882505caa90b782f2fc25911bddee665eb7b796e6d5f235771
SHA512 9b21e3af3dd5fa339ea2ae3552a20f1bdb1160e1e65df933be76f9ed14173fd291489fe9e1f36525fab9b071c90ca6c81da60098d45b93a61189e371d561a3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b1b7576b451813763eb9d32fded0ed7
SHA1 3870bf9e234b0747b3b96323dfc9aefbe4cbe02e
SHA256 b16c8b3a5bbb062e7485eb06d090f833a4ccbea7731e6f9442baf086d5a0d2ab
SHA512 92d9242c0e3e81a83886b8ea5aab93995abf98c58d89791565275ccd192e35a90eabcd0879b899fbf5a30bac7fc92efc29535efcb76246fa252c18fd7fdd21c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf8e45d18c8e217e62d40e9c2ff62b58
SHA1 c762555cb4423abd26dae33ec86d21f6130e72cb
SHA256 ab583d82d19ad979812600579afc2458d97eae9575deb397c941542b3954d399
SHA512 36d7d201bcfe9087a5bd0752138c127aaeda07b10b36ca37c24f16b6253cf03425442ff49b057e2ec8a4d2708c38686ecca4ccd687432d17114c4acf6fec88e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cdn.porngames.tv_0.indexeddb.blob\1\00\1b

MD5 d2c8be344d1a098c59abbb89cac5efe8
SHA1 65ceeb20cce72d1a3f62f548b18d13f2f106cd94
SHA256 86e43adb33b0410329e3733fea1c44a764dc33129c51a6fb50c593766815f4d7
SHA512 3c1bdf566d5c30de25bdc19be1d201cfca150d7eee9ded63f7fae9350eee13332fc956091650ba6f86c14c13e0c7122bc5dfb743bc481e3db3473a3c6efd1a5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1124f7013dfb74c9ae4793bf703b496a
SHA1 47faa08a59dda2875abed65e68395740e635c4ee
SHA256 c272d0c4392aa42e7773424eca675c9aaf56c9b7ca6ae24d3c343bc37b5db3f3
SHA512 dd939ebe40ae960ba9d6e939dc9f456be523c5fa046cda3e2cff456013b7db83aafaddec6150aaa200069c663a2cb7507bf7d0ee0f4a75d125ffadcb2770f048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000321

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 27f44b9088a128de6b032ff29ac3654c
SHA1 a680bf2eaf26d970e8d9f29c31d0743a4adc05ef
SHA256 704b09f6939db22e4a87bf28f8ea018794dd9a2e36fbf9124c16cd63698fe889
SHA512 d18f7d27b7340866bfabdf5e74ca398df799b0d89570c6c48fa75725c4edbd82b34f259aa3dcc91bb01bb4b75e634bed8ad6591fe780f3e7e7b3cb7118fcb2c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00031f

MD5 2527d6a825e55dc11305500fabd9f927
SHA1 6c05b86f0bb97c274c9bc6e5c390d78059233d8b
SHA256 685c723bfe40cbef1381c7ebf2f1ae55b6db6b5678cae93240616432c66501ef
SHA512 e9845b915b4245816af24b766cd791a58f8f718a50953ac221a6eee6e225fec07e1c7614a3ed5cc873f6b9f9a241f0ab7d06c43c0c47b96c7be17d0e0cd2d5ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00031e

MD5 673afb0695deddbfbca98f4ae6be78e8
SHA1 0b5b69458f27c54f8aa43123c0e7be176ae9c158
SHA256 54ee1d04294bc25c447bf6c1f74a8fa78b37175f48c0e2f49d1c056af550ab15
SHA512 8269865a0dbb226c5a64e9bbdb59efe6987964f32aba40052bf4334d4fe0ed271a04754604cf142a97fa3044e10ac48025c190d29b7f346fd432af780091e9a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0908f1300ffa621b2f750554d26bba3e
SHA1 b00942871c8ad1d214382806ade71125ff33ed14
SHA256 4460d7f366a2e06eb491a7f6c6f3f8bd0d121f76f9394590a4a0115e06d18785
SHA512 6b893814ad1495f64b7dd67493fa9f106b2a78857a3f20e20e25fd5c38ec49f943171b2fe924d550a304b6115a46521dfd4c740552fffaa94922657af31c6b29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000320

MD5 b3a9102f6fa29908bb5a66fc7f30d038
SHA1 47d0ecead9f6e9d55973f5745ca11671bcd62852
SHA256 8e337894fab5e08caf5dc7f44941a5aa7cdb2f8e22a68e4019c0e1628e5f3695
SHA512 6c55bf7806e63006c6fd6258d8cc4705969cb9819aecb25f92d9deb8f6fd41ab232ce4989283ed48196456a5c45c28c9da690f0b9e3fa24fc171e95993515f3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000323

MD5 9c2ebf3cea3644ee784430a8290b13f5
SHA1 c22e33d260aa82171ec01b87d89978c66a787ddd
SHA256 9d461f76dd3aea8545eed697520e1ea3303c9ff095f3f581be4095efe010f4e2
SHA512 d17ba193725f738a7ef644a00043b0f16dbc5b81b2223b8121c6e86b48f8cf138bcbe2d6fe87b6f37907a9d7c3ef8958d409a816f74488f6bc7e0e5347593831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000322

MD5 01cdd6bda997908d721f0170740692ee
SHA1 231c76c5d910e3628378efd70e8e4854c9937bb9
SHA256 ac8e1b91eaf3accfe3c414d6433111bfa96f64db65574f8d6e703390fe4a7f20
SHA512 39694a3d1b55c2779347dcdfdb7edccb744e9e53c51a7fd8fba223160b68dcb90e34332058b2197bd350e426de90e6bb6c9726734b3cc2fe12a172d1251fa1c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89e3d5c2a73f1da065795eb1103f1da0
SHA1 6ed3f1f98281de52bea5f3a9cf89283a157ca0f1
SHA256 c406d3b83a62a43989fb1536b37aaf4fe9925b0bab72f7331e07328bffb8fe73
SHA512 88e82d0a898e023ab0a48d816682dd98c3f50939b6bfbbd9db4503f5036b6aacf2160b72d6dd55a88a74d8b63e6b5db39ad6be48cde640c66259128214fa541b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000325

MD5 824168fc14a65886ad6b49dc449800ba
SHA1 bebdb3d186b45ef4b92d7c8de88cc2039d2d5dc9
SHA256 d8362d32bcd8fa233d718321871fa441387221228b78d8a9d83d426573911c2d
SHA512 b7e8f551da50ca46473c67977f1a51c9d8045d6f58c85edf4cc5021448f2af85c94b35bb58ef46108b5d01f9e477094bc53babc9bd91d6b4d9f799c324c21ba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000324

MD5 3887b162c0527117d932a9404522cfaa
SHA1 03c973ad5977050b4246d97db77f22a9f77d3acf
SHA256 a6eedf36871aa1525bc327903741cfe3e8dde136a49b3698a8e21e1b22ea6e04
SHA512 b73968b8945db9d25731b95f68e431bf43a7c210228e2399c131614a376e278a7dd1f0a5505d3934ac443e31a62cd6e05d75a202e100b8aa96cd4d7d92f6464a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 763d4b4c3a68057f35f2cd005e6a4bbf
SHA1 575f3cd6afd0d91228ee08187d9089eaceda1492
SHA256 89250571c589e8f4288383fb2a69f64db93e448b55d05721aff5a0fa04dc3126
SHA512 fc9b579e3d608e55a31531bea2a1e48c60de057bd96a68034321dd36fd84b1f7c8a25d63d09cea22d11c870b16d9fb79f3602ad6d01275d14fb07d9d830308a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000327

MD5 56a62d26c06389e983d8fb51d3d350dc
SHA1 933f2d4772f00c50ae97cd1f9c5ab42f58c6d621
SHA256 8ee102620be76d96f2eecc761829df0bf1fba0ce9918e338508e516d0206b540
SHA512 a35ab8bdc63a57462412f7b8d826d23a28377a6935adb66d555b97418d3c0f6f085c0d62f3d7a37d4c99de52ea8b2e7ac3c21eb1e71a0af38468059b0988deff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d380d631f9fe4dbc182b728cd56bc74
SHA1 71a6e0edf594d54f65d19d4cdc674b94685a038d
SHA256 112b6fcb017bf8ee6a2643e622898affef163c1410554a4dd1dbdbfffd216b4e
SHA512 d2f5a31de83108c56c1eedd73afe6b2542e97356142345fa4aaf5a5c722119408ff9e80bfb6f996dcf34bdc55c52acb00fea47c54cd7eff9d54b8ab002afecc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ec115b303918af072894fbebf6f286f8
SHA1 a993d74f142fc32f1e0bf4d4165bca30cfa0b0ef
SHA256 8e3f702f93a3addf1f837736e28498b0e9d4c9b4e5a775c52975ac379ba7d93c
SHA512 927675480bcbb13dffdbfaf6a5ec46a0e8adebd8b826e5e16597cd8da3025a9ea5828ce8216a3823c8c5cd2850f05bd8cfd2dcffac39222b4de1f8bfc96cc6c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000377

MD5 d79ff88f0a7bd07543ee1b7db027a5a6
SHA1 87a9ee8844639b1cd625a5d62d6d78e9f586ffb4
SHA256 ce82c8dbf377ca9a5ee8ca04c1494a831b36df0efa2d01836cb4e4892ad17344
SHA512 f65fd0ae60961c92d1a5c723e1023f30565410f15eb724de6dc1de86812bf9fe5290908a9338205dbf25c7571e5310987d4f4bab41744d5616341900f61f11d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000376

MD5 a7a49915bbb3360c7aff653ee96047fb
SHA1 1ddfe9bfcd20cb791d7b366e31d2fe647567f447
SHA256 996ccda77254502385ed85b4a3123385449132625e258fcac83ff5bc0b4f4109
SHA512 0c8723b2edb75214b7e1abfbf22d600a46073d50da189a8e4e7a61f4352ef5f0c62ad05bca728433614431bdff89418d4d6d6f6f910bbb909d88573b243d505c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dce685cfb1d8ada65c5278d71557802a
SHA1 306992b3fb615c28959324518ff231a8e96a6ab7
SHA256 89cb4ba14686ab76c8867cc33511e1090949efe5d12e5cb9ff7304e2bc836df4
SHA512 5b70c7c91f07d2e9f887cc6f75e86a0650890e19b8bee93f85825ae76ef275ec231beaaa940078d851ec56678b87ff5e02dda031af7196f0cc25b0ddfdbbe221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2519edd3e2cf354fa1595a0a34a79fe9
SHA1 9a71f7ac31e8a20dfc55cff706777baf3557866c
SHA256 f44b0b9d56c427818dad7ab4794b302c7aed783c7404e52d549b8fe50eb371a9
SHA512 303c6272fdecbf42bf5714e9766bc9e1666597cb1998db880a7beaff9084b7335cb698fd7b47d70a0ca5240f5eeea61cadebb60aa002c5fd3ad817feadb6785c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5160872184e7fa8c914525a7d7c88f29
SHA1 575bb82613f643f558b14119d162fb620c24f76b
SHA256 61cd3c4f7a16cc1090047aab516c3d950a16ca288faa8d8533ca20b3584634a5
SHA512 7d32418dde4036f5b286ad39c4c82e603ed5944e2a6a0dfd1d11a208ceeeba74866b9502668a9df2fbf4800b6199f1a76bfd765ae5089946cb9e9f6915cd085e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037a

MD5 9856bc0e0532e5d1c89fd404a91acc44
SHA1 81bfd8e81317bdbd0a6a86ac4a766b131d1a9597
SHA256 6380a3e256ceaf3b986b14b8e5a7e1180a2587a3a98a60d485d1a293511543a2
SHA512 5a0fd2064b083093bce7816b846bad330aee510e0c363cfd24db7354882b8c98ef14b0930f6e58688ba19300a53bd48e9f3e2db187b057643248e3ad95455170

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037b

MD5 f06edb6d4480fe5d05d6a2bc3b2491e9
SHA1 6fd61e6fee0a853d301863cd7037891a3ccf3e69
SHA256 e4d16ecc439527bc57c56f4a5811932cf129470d2957231cbbec7b972ed70cf0
SHA512 1be7355ccf52e17adfc1e1f9a7571cd32d59d0bb6eb83488b0a00160ddd79026c8f50f162878556356359f2accf4d2d13bc76ee82a6e985c4770cd9f391674f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037c

MD5 3cfbf8464018c80558c1705b04f7ee28
SHA1 d3159f121c2bae0c3920912b9c5419f71cd06bbf
SHA256 793fcd1475afe7638503c3f74fc9f074a6d8fa40319cd9dfdd6609e0a00d9519
SHA512 53cf44c0fbc45244c0d05908641c8a104b41ba4ec3b4be26db2cf74e1819a104ec94f55fa3c5e030da134d05976cade8b5b46f387d1d0238fa60e59bd9d96ec5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037d

MD5 4771d3afec63cbad94a1d2b7ab91c1d0
SHA1 523fb4835f9cbb0efc14fe524426a1f6ae38d310
SHA256 86412f58c894a1207ae52df68b3d4ac352b036f8421bd6a5c2dc6cbfb54f81ba
SHA512 68bef8cf3979befee938a1a6047f310f71f1baeac7d0a62b4e81914ce70bdf02448ce14d27b40781939bfb2ae343a86b887cbb2a03b8dcd03d9f1e3a60c3105c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0de4bcc22c59904014849d87c257b388
SHA1 289c117f3025513fbdb77cf51e198c8086f9a9d9
SHA256 a92129113cb7c414fbbf2c63df8022089486bdf6d2f8b9bd2c79130fd60f302f
SHA512 1d0dd7084e78e23bb70857684dfe34ca06077d851c83d9a2c98c831816b499601f24bb1fd254abf3acfa6d14336290a6a08fbaea7060f39730d558656d348d4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037e

MD5 eb1e072c6d04665335169fc1faa3390a
SHA1 41da2d2abdaf7a1ea4546e08716aa264a2fb9594
SHA256 67877d4e89fb5f1f89cb29e5e42db6b6304218553f73974d79fba8d648552925
SHA512 2de40989c398c8bf8bd3d39bb6003d4b2adb2859eec05b4ad0fdd25ba988b9b1b951c539fa090c35b02266e7a7dba7056a7c4be8f76ec0dc3019af09fab47f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039e

MD5 3fa78808cea64707fac84126877c786f
SHA1 bacfb75b9de528336392589d63d19de5f5f29028
SHA256 98cb784d1733bdca442aad84640fda31c7119fb314808eace64679457c164f8e
SHA512 96022c34c533eab8157f1d5ec9fc9981a9b350e896e7fcace76ef7300127004bf2645835a8e5e12ddd8b6d7d81aaee22b3551f90ba38cd2ffd9918f9d25ec7ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20fe8182cccf40254a709f304cb1cdda
SHA1 e893e109a3a37b1d405fc000b5a50b660bbf6dad
SHA256 d56fc863a0b992ea595f94446c431e6e46c0bce02c972ba7d30a36e4647010a4
SHA512 a87376e309e610966ec53b8161dd6ec78c0cd484938104f36b8c90adee8e76de0e8d5bac333a63aa5faf455ca7afe4bf9902f1f6cde2341e980f12ace0661043

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c80ce704d3f7e30cdc25e60ef4dd4fa
SHA1 31a0d7cb093d7008cd768108407c53d23292fc6a
SHA256 f4841ef40caa8fa564fd4da985b1d49c266d774a9dba705a7570e473b9e52940
SHA512 84a3209eb654853c05e40d6c7eb9c1d52b009caee317f8020db9d34f7cbf482eb574989a3ed9534475dcfaf381239861aa77c985bfda45c7972ebc477b5457cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40c948b96c2d036d77d038f88181c98d
SHA1 7381107a41077be078f5cce30c5c86efc6fdc5c6
SHA256 5bbf1bcda2646c96672dcd856b8e1728b90509a12ec10576f45234a26fed6eba
SHA512 e54e6882a9e30e60fd7bc4768c99cffeb3dac465eb72e0c9ab97b392702477bd8365acc9221ba9609686fa6dc7012d205af8f183adee39b28b04e4fa378064ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d5027b66bd121faed13e782c9bb3cac1
SHA1 402ed7402204b8389e8e1910275c0c16a4f1d336
SHA256 1c347af4bff1bdcfac7681e13a90ed2647b760fa23084845d7bb37c1a0ecb77a
SHA512 a5961962bbeb452f7d7ccd136ede15f7fbd02a61e60301eddf072e1aa23164d0ab789752c9b0020152675949f1b90b329b3720e55ffa84ef8f929265fdf0cf29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f0eab9bd023b8b794ad28ba18e2f57f2
SHA1 82736e92e59e301e8b2c42e35831d05b5cf9d5cf
SHA256 635acb58538914ff1f1d45a51994f52105eb12ee4e885287f3d2d022e60f1b5d
SHA512 ab9ae407a7ac1258d23fcbfc2616f4885db24a48b709404ef8f605a29ef77f00168aeabcdb228232938a752d7744add7563c428ee9183d978009395b1430fb72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039d

MD5 50b140b1e97d859d6d0603414f4298ee
SHA1 500e4872ee1ba9cf89f1ba626d64987b0f9ab5c9
SHA256 fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
SHA512 55ef84e956a7943e3fc61a8a349e64e9f35b7dfc63402ab52b995f43a7cd4b1d2acd300126dcdd610d0b106af426848f998ccf154f712034422d242d6ad9130d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039f

MD5 a6cc72818ed87e0a3b2c65de60fe8de1
SHA1 d5ec400f24c92231618c21096ffa9df919923d82
SHA256 82fca6dd9a1b9110a3a143ad2d24b68b26ad7e3422d8348e5ee554e09d799bcd
SHA512 4aa7b83667a9aae8c6ead01c638ef1ee9e02e4b8575a4317fdc0a264e13c4928d3d09c46d084cd7e05aaa56dc5a8b1695c7d6d3fbdb00f1dc8b90e6f5e95c0f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4aef0ea6d6c441ea1d5cbf0c7a71dd8c
SHA1 dc91b3ecc76a5a1d0238d3aa3bfb67895aedfd7c
SHA256 31c37eeb49f4a97342bb085dfb882d26709e04071845bc8f6d7de042513e26ee
SHA512 04f34c18b18e64eeaaac410c35d13cda80c7dc7848c5c2aa6c9c2c0aacf8a0cea418a1d6c3268b3cbf3018bd35829e01f504cf39f99d23a346887f2fe10879ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3714640c8232379fae46f859a7b773c5
SHA1 1d414345ca4340494be314b1643b5fe5cedb380f
SHA256 8278c0ea050ddf5b2556b60e5ac0f5a7cb6d0795dfc9b03ffdc53155419f6d0a
SHA512 52377ac51991b06ea2af55d0942cce607e24470afaedc05202c774dfb8ead4984e7647f2467ffaffa90dc908f2eb86aaf694ae8795f567138233e54fafa8023b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b31e30934b6b99052db22ec12b3fea95
SHA1 75c9093b781429e76c34a078d86a0ad30987e8b6
SHA256 d9107fb194dd77d9bf136d3e7e26b26ca535eb9c58a346c7373f2ee54ee34b8a
SHA512 ed067a7f0a362e78b41043079d0914f84f0de4ec59641f4c4ef6fa041c6ed15074e8ecb59dca77ee9569778ca5cf8f502559662da6d1efab1f165d5c802257d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3230677a3cf19f14dae4040861418185
SHA1 98b801c1083d8dc691a435c9caa2e5522ad2a51e
SHA256 ad4ea45fa1be49f1949cdb0e8761c3df5a4cf8ae93dd36904d562aa0ba7e4825
SHA512 fe37b03e9979ac60cfd607c45f7cba89207ed31795ce1c2a6a00858e4f01b054ddd04a5660bf4fd690e6a1a78327b483f7562b8bfe2b9ec6fee1b9fe087ee6b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\409d7f8c-2c60-4d95-b56a-37d133c849f5.tmp

MD5 98ee9ce1372c05087683c86ba4664a34
SHA1 6d4b2e8090dc7f26c9e6f89744bd6cda95c0550a
SHA256 09573ecb487fbd07753d7ac1710eab0e57d8dc95a9f9a846a8520e246b1bc085
SHA512 56a860d351d7ccccd8392483c344f4f115712d49205f3e3b1bd45afeac1bd2d50ac45e4d71d106ac80a2d494979af22fece91fd2534dc838d30a98de1b12bd83

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c1865e546b64eb1f5c8fc0769c918c0c
SHA1 4d96b7cd3992d844f4056083d292827796362e8d
SHA256 0309f6d0c4436a346923c9218ecc83529f156ae5e2752a42885274edd193ff81
SHA512 e095012d76dfe02932fdbcba6fd75f6a8353b9d79d387d5e9b164e87e65f99616762b164010be0d754e87a27125ace12ff28eee868a2204eb948d4d2372b6223

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcdb16c1870b133da2bbe5464ff0130f
SHA1 0f8fe507df225a49dd723dec980adc56db108b95
SHA256 2ad6948658ad8ef3fa06702c2dd0408b566cf9a19b4f2f9da2ecf89c7f00dea3
SHA512 2f3ddd671a5df06fefc39871e21916a798afba22b8356f8704efd1ff7ec6d86dd5b45c7cf25832eb51c0c66afc6c3569dbd2a2ceb43f7cb165143047e0763494

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6649a4dcffd814ae2819b3c35894ef85
SHA1 321e2327a1457f56618f28919342c2af0cea02cf
SHA256 3a13ad211c9d090d1ef3ae272f826b4ad643b623819da92281f999cd979da77e
SHA512 29a279bb0ed277937fd38afb80834ad988f56ec0645d1b4c5cce33522cdf769ef790dd34fced3e6db4689bbaf384ecf000f15d6d01231390210b093608e8bcf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e82646a2492f048143167b202bf6d27
SHA1 7da6b860daf5d4643e9745391c1dc10ffbd43892
SHA256 b41429d5f4a7eff35a0faefde138072e4e25971019e2948f7a9fc46d05fb5439
SHA512 8c5a9a4a971f7cc64e10e86dfdfe6cf0697590227bbeb9836aa55c767195d50ceef08cdf77ab2f20e579afbe098270f6c44ca32469fe6729c0b2d6e01dd00aeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b19f0e9350fe78ca9916321998a28172
SHA1 799515adc8039c7e49affc9e6d105d6374955c6a
SHA256 18fc79a4bcc972cc63c34db6e00f98fde0cc620eeede420d27aa10b785c30da5
SHA512 0f5f5986cdd9dc64fa408cb6d27e61922ecc4cd7a442bac2644017fd29305700d1cc6357ec07779112869908f09b2e93587c5509ed15101bc10712c3a361bc0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a06d43d1558db95acb982be5c91d0799
SHA1 a4c752442d5775f92e5793a11b821766ae87a993
SHA256 ee080fb24e3c951667c1b33622c0f5eaaa0e67c23ae3fc8326f3cfffc0869d9e
SHA512 7bd989f00f8cfda7b9a56454c25887db8d93e87072e9be47372e396e9bb07462a1d6c8e7d7d68e9f7fae57cb2b9533b7a3f9138ab48c1fa3ef6a13990b09e385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000412

MD5 9a56f4eb7af045f304951ceac625d949
SHA1 669b2ef84c7cdd419c9dc893899f429fead33109
SHA256 0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b
SHA512 91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000415

MD5 bcfda9afc202574572f0247968812014
SHA1 80f8af2d5d2f978a3969a56256aace20e893fb3f
SHA256 7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91
SHA512 508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55e23f083a3765fb3d4196ad96f867f6
SHA1 f313a4729b0e737020c4dd7298ac10ccd5296da4
SHA256 c572276541c070148b3eb37c4269c2b3be2c0970a3ce5347f13949e7d4cb36be
SHA512 0e20195013b82c66b30747c304aec7f8a94d0668f57d8cff95021e73b4008a91c67cb16701540a62476096206ca6387aa07c099113f48c809556bcdc6083e15a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 261860b1bdebf7f6f9295c5217ac7d61
SHA1 9c00540e93564432337ffb6643a04c1e300338fe
SHA256 afd2aeee9b6dc76e6961d96aef154c686d91060d26ceb1fbd3c8474c8ab6bb85
SHA512 2fcce1543175d6faea1800fb2a6cbbe768f931877c4a489538ae3949c498614ff1ebb0b26ab6e1445fbce86ed1598aab7e3cb2cf1e437fe269a4a8c6366506a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 abfd8c85ef6e62a73bbc09707afae377
SHA1 7b4a1233d91aef8070b905990441655b49db69ae
SHA256 573b21bea92792a0665f44a5254534219194ab257fbac6058151eb1b739c1c22
SHA512 a984b95a9ab19a2a9ef1119cab2e680705ff1eea9d84899d0ac0c38edaf636aa82715c82db8c4383242161b4716edfc1094c457a86cfc0c93bd0738c8532bb10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4747e9ca6e369d9bf6917e92ca70111
SHA1 86a874960c63ec4e94948a2f6f17c94b3afea789
SHA256 bea90427c4ab87114534c95e959f44ad1f508b35a37aab5452a4454b04eee04b
SHA512 dd44fc1e7b575e2b588d263e5363d42ce9afb1661c355639ac93399cdc7a1649da17c899841e7c8d8b2cbf88559fac18e90f8469aeb437f0cf0a9bae0258d439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0174d7b156299b3b4527330eae08560
SHA1 ee66b190a3d671198d9d96abad7b45343ad19bb4
SHA256 d6c5a3f910af458245f46c63b5a1ac96208be67a925704a369c0e2b10bd6867d
SHA512 e449ad540e6019540346b59f86f4d31f36b66c3b9133adfc97f62919f062a55b71ae2d3a92cd04eacd2f8944f9cfd4917b83995eb4ba5d9e03ae0b6cdd4bed48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d369ae2cbd1c8996b5ba1575454c3808
SHA1 e65fbc74a704f2bc909b449296d0434a1e8702a0
SHA256 b8299f4d3bcdc422476c05dc07660edeb2fcaaad2fcb719e1d9d70163106888f
SHA512 b0c6e185141573d3ed04422c1ea8d15c02a4a35f109452c7591e099032e3cf9b9eda059ec2e47b893e9ade6d6ea2378ad9f6e76cf25e820681e5af202e713ef8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a5a5c200d0420c763cc10719be04fb8e
SHA1 46f620215f4ea9e0870878102bc3c9bcd2a2c993
SHA256 b8ee7be6f406fb5742f6377675ee71623ad37544f15a1a64ca47b89a8de03071
SHA512 450fc871b510e84b2ed7e340230a8ad56813574b8d1a7304e2573d51e83f05818502e8758345bdaa2e070b092f6438c38fd746fc12b04e60c372a22e608c2811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a6585cc2-6b6f-4bf4-ad60-23c0e0c99be7.tmp

MD5 60985d747f6a5aabd3850192acefce29
SHA1 608b0d6cd0250c894c6e33afd114e9857621f329
SHA256 e5887b336735e0b6906439ea1591e4c66704093bfee8bc530275e83c93a332ca
SHA512 8dd32ae14ac1f2aa4c40b0bdbdf6bcf48a8d3158156818020bd52c89ba8631597b807ca6b1513a73b11fec1b6137e907490456f2e44adbcd5bd80c9937679425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c76126bdd7e54adaaf5c2a0d9974817e
SHA1 c81e1bdd37f0670af12153283696a1c1f11c9f62
SHA256 327b9839d6c49f35d883489a16eec49a7025e32fbbb4a6d997a559e928f8f52a
SHA512 e54ae271ad9d5ee3eb1c8ede4af2db227c0c3c7d1c985d937780d075d3cde03eb16839d28d7e92edeaf2f439437ee15aa319cd33108418ce157b812ff5b628d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\987e8d21-88bb-475a-91e1-1392204f6b3f.tmp

MD5 945d18c4fd37d7a86a5719efae0a26c4
SHA1 6f1768f88f813fb23761b16bd2d37dc03f8ae322
SHA256 8bc6bcad31e80d6751b92e51c8f4f6d45272dd575e7621d0552cc9070a8a624d
SHA512 539eb775a40016eb7933989415f933d968902360cf742018c01eeb5fd43b5efa90907f8af1c2357e71d558ebd9c77db88c03c6987f7b14417116b552ed6dc02f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 50b52f14d0755f0467b095e5da11dc20
SHA1 7e0f2d02e6a4da03eb0cd9642d5672c9a4866ba2
SHA256 0ba66921be7355c60708b2e1b3ab89e8c5065042cef43fc60f94f2e8d0dbb540
SHA512 bfb85ec1a9f7f8809a6533f04fa01288b67f7421f4105d19c682e813d247f065f5ef9410bc7b760dd75983cb07062df5989db3644a5480e06f197d70a615ede5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24805ecd7c31f06221f23fc91ab2ee0e
SHA1 5b1871e0b997cc5cd61a7427b32a6a81504b6ace
SHA256 9a634c46419de95b174587937d663abc7de60cf6a321e98820a84d41a753a214
SHA512 a1530f6ebe17de1bbe74edd3410cbf2546463b423288e9bfc877d317a2a4cbbd1f31624ae4594e56b12f83abffa1ad2213fd03bb8f4a814560a39ac9617aaf08

C:\Users\Admin\Downloads\metrofax.doc

MD5 28e855032f83adbd2d8499af6d2d0e22
SHA1 6b590325e2e465d9762fa5d1877846667268558a
SHA256 b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e
SHA512 e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

memory/1680-6198-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/1680-6200-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/1680-6199-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/1680-6201-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/1680-6202-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/1680-6203-0x00007FFC2D1D0000-0x00007FFC2D1E0000-memory.dmp

memory/1680-6204-0x00007FFC2D1D0000-0x00007FFC2D1E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 c2fc5d0c1664ca8577845eae716ff3a0
SHA1 08fd855456480c85c6ba4c4369751335e1f0940a
SHA256 d9452dfe79a48fe3fd36613c0bb1a313ea78b0529ba88ab96fa95e9174548fc6
SHA512 1f56331db9288ccacc99565a0d5d73a15308a7576d4b91dcb695dfd743752bdd7f9da5668b1ce3f8c34146ab208b7773c4dda5bf1596d911edb02e1f0cfbb93a

memory/4808-6232-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/4808-6231-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/4808-6230-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

memory/4808-6229-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61e0d491e5a376e49ed6e82182cc1223
SHA1 2bc408f017f9c7b5a8fbbcdc17e2812062c58f87
SHA256 863cfd844866f10284b0b414c1b599a3e727fc4af49826f431b75f82728537c9
SHA512 3efd6fa799322e4e0d81507c5d589f0562995cc27178b8a0608e501d19aa69adc92ae760ce97e8566c3452b0f63322da0c29ee0886301d5a674f0ccef4fd94e1

C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

MD5 8cb093eff0ed2d5b9acfcf2e13962a11
SHA1 6d09125aa6e06abf6641539371b23ec9bf82e71c
SHA256 07a0ac4730ecd649331d33d6488ca871cbf394cd5ffe32b49a0a96c1620147c2
SHA512 efbded3a68d0cc306b9672581db7102ccf5a8fbe2a6537381e16959037480dbe21612ca9addc10ac0abbc8afece77c0b4334d0d820d57822d3b3df37cd985985

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\70B1992B.emf

MD5 0ed5bc16545d23c325d756013579a697
SHA1 dcdde3196414a743177131d7d906cb67315d88e7
SHA256 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3
SHA512 c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4498ebfe9cc6454357a4d9267fe57bdb
SHA1 7d6af98ff24ecf87ff0ead8a6529e3d61b3ee5ce
SHA256 f31ac1a89de35cafdf0ad87c52667ba0b6f9fed78dfb557cabfddf0ad7719b07
SHA512 b073aca8a4b076bc5526299f320002bdab2af81c86b9ee3ab9c96c7b91d891a3c204a2e6666051f61f6a0be66951ca5af0135b145a1817a7ea4dc1a0c6aacd33

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 2a1a8bf68680c2991e9060e22cc5616f
SHA1 81e9fc0776e5b41b86d70a672b06e3571fe87067
SHA256 a0b67f4568a05ea16a6e83c31dd5845fc982c777961877f3147d1ed2cb7ac8be
SHA512 2b77ca78692123c4cbb1269c6adf546461780360e6e0fdc09e8cc97336708dbc977562b9f1d216085671bc716f4cf5c9902c568b7be6bbfd53f18516153a298f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 d67edead8568b59e47e7dcf8e321b922
SHA1 a6c088e7f48863dd3f46e7ea9219d0dd7836c433
SHA256 502386bce49390b25c2db759db16edc7a16795da32277198ad67daf144e3aeb2
SHA512 fa04cce7b520247992b0e4973c45676b75367284a30d36c13bcd43057bb21c5345abb63f7b6870a78c1249098e876565dd1f1dac6acf998ef1491fd20dd00d26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfe7cc035578d5dc795ee8d869f6c491
SHA1 414c01ae3c57ed9394158d358e21a54c271c9bb6
SHA256 3a2dc376951619e415f46dde880c0633568dec514d086556fb99c8baca35eb33
SHA512 4b51c785f32f6c5ffa819c7aa525131a3414a4fedc508625473980bd5416e8c413bf39f8f2adff56e378b51b07c403a115d7c5068fa2066734720377c2748747

C:\Users\Admin\AppData\Local\Temp\TCDB29A.tmp\iso690.xsl

MD5 ff0e07eff1333cdf9fc2523d323dd654
SHA1 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA256 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512 b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1550c957adc142f87ec0c1312b505760
SHA1 5bca9bfb0a97d55bd54bc252a7dccb7a24f16ad7
SHA256 29ede3e283d1077caaa7f14aedccf1a79dcdbaa2e8b0df690608c5ad6437fd4c
SHA512 436494e48a7e5be0e5a3733185ae66ff891fd084e9adea5b39fb68edeea1b817491f6d628b9d3d4ddc352f91310ff821df65b329bc57af35fea157a5d3d5e42b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b3579366b085548beca15782dad5ef2
SHA1 a75e9c4cbbf22e84acabce6742730e283e2c0e66
SHA256 b83f48ed42ac2c38bc630da05813cd7a572aca8f1b73ae20ff7fcbf8b0fa9bd9
SHA512 60eb275c0eac22e8af15f1a8b380a005bb2502fc234596ef8c1a92ddfaee480c15eb27e6889ea81923caa3230c7db6036287cd6beee494b59a2f1dbb3abc67e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9a72340-57f0-455c-9ee9-56d0e56c090d.tmp

MD5 7422bd69d12082e8eebebf5bcf92a5ce
SHA1 60a0ad4b425b70e06e331b3114a413a02cc6aa77
SHA256 55398386d650eb1bb5ccbc0a7b2b7591e064671186976799475be5b8954be915
SHA512 4cf9aee15a08d0776cbcbf8884d25e763273311813ed0150ca45a6765271ab39a8f0eac7b1ec88ef853341c32a56bad7dd61acae2ac0d5a18c9970f3b4fcbd2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03457346d2b7d185101fa33961a51208
SHA1 ca7845e9f7ff867694baaa7da60e952c9102b04f
SHA256 1b2dd89b0e8dd7e656a934ad452eae47c85e8e369376f7e989cb2ac89dcd3d13
SHA512 306e62579ef8d2ee1df9ba6b440d6d5932ba2ffcd4a74156c040899e8ddd79f8bbf7534cb665e1d58438d7829f9c3a3150a83fc8250ceffa2c4e85f801037a25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 20c56774fd34aba4d31ef6044a37ff94
SHA1 6a51b5e354df4ffbcc1b9e93c067aa8767f67288
SHA256 ee4f75e109dadfe163505dfc4886743bfc848a9cfc629e60337fa1a9473d7a5a
SHA512 4ca11484dd71a0de63bccf18585787cb6c389614411643ae9be7793d4f8a024e4a6ddc9d34b8973cba71e0b05c5a08cbf9ef4530af53295f9badb80b364f0164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23c78cf263399eeafbdd0a3226a3aa4f
SHA1 5603d3eae487a5e7f4fb47d0fefad593f4242746
SHA256 94d3a19ab7832ddfbe8239aa99de432fa09687339112486f7c6205e5dd2501c1
SHA512 73d9f9e0d420d525dff61256444e29f486558dd9032a499077b33570d37176c54a90ec105faa45b47fc4958a27a65477f32cf91d33e33cf0ef05b7b40de32986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf9a5956ad7e1e74702a00278e4b2c91
SHA1 6f8913f7cb4ee4c3eaf02c495a157dbbe1874235
SHA256 229a7b3aedce2c447a72fe2418254c02a0f236a777cb28a62824e238f53e97d5
SHA512 eba98e29845f027ca3274f4dc65bdb821dc06bfd4f8a90ad11de966077ecb34d44608c1375089f807aca04a9afaeed460da1eff784cd1056665da2d3d54a4c1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 339e590a6613bef0a5b4717076458dee
SHA1 f9ac4f7ba5e1df60ea7894b08cc688d0c533fc82
SHA256 e6b5ef3095b17164a63afcce2f302eb793770f34ec60846bdb38c7c422d62b37
SHA512 f176d50e28740031f3531c496aa9d0df3b7f9fd00826ff93539854ccbae1273b068ef9b51b7107e208e4207d420c278ed2ce4ff337442ebe98035f8151f27100

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 97d6d972125a6bcf7e9dc83f4c61311d
SHA1 1cf3f978be4554e7ee10f7637983a289c1f32910
SHA256 9cb2512bfac3140720370f3a5e1fc3699fa3f9af1bb7a9dc5ecfce08e847bd6b
SHA512 1be68bf230aef9265a1676397cd6ce11c22482950acc265a7b1edec6e9a555382b6d29b66ae5c674583c962ff2defdc87d6180c2e1d16c44c4e6733c85743f81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f0e7b42260bd10f81f6e5937b8b4b23
SHA1 31148472055e1c7b9b04d1522b29d2e526131330
SHA256 d8e9b1ff59b850522a42739c5798a63095aa1bd7c8fea37995003ef7fea3caf3
SHA512 cd41f0a34f3fbed316d8a18c622997ca4fe4b2ca1779708f15ff82d977ef360b072ff664f173e3a447df6d4acd3b118986802bf20462c58e0f54c4c230d44fed

C:\Users\Admin\Downloads\Unconfirmed 842892.crdownload

MD5 b2eca909a91e1946457a0b36eaf90930
SHA1 3200c4e4d0d4ece2b2aadb6939be59b91954bcfa
SHA256 0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c
SHA512 607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d525f18b73892067327c2db01b3c68b7
SHA1 6a77e592ab1422df61f2318601e46b82a52a6648
SHA256 0b37df85868870b8e6b59bcb6f8d73f9f25a435c9e229a75245571c03c742633
SHA512 0a83bcd3d31782414e5c07468f1bcc1076048921395b82a8ab42a9a842ff6849c68ecfa98fbc724551245d79a884464a9484a72f3dbcd7563ea1b4f0aa6ec400

memory/1936-7084-0x0000000000950000-0x0000000000960000-memory.dmp

memory/1936-7085-0x0000000005840000-0x0000000005DE4000-memory.dmp

memory/1936-7086-0x0000000005370000-0x0000000005402000-memory.dmp

memory/1936-7089-0x0000000005360000-0x000000000536A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 830d297776b7a9badfa0449f8344fa74
SHA1 d176b162c2ecb1eb470a1800a991a894d7fed81a
SHA256 d6610295335e7f95504254be60b7930816a7bd65cb089dc5591c08dbf3a69fd4
SHA512 2060559d0f11623dc69e0c8eda9628d1745ad58c3a530bfb2fb3a91c9cab240b03840bfd8b1ee58bd595f598750e1cfc4d86a22ee49777d7a4f07023ab1e7511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 29abc2bfa63f54cb6b495dea7b300378
SHA1 ec6f35e240c1e5b7450998a1dbb18f5a508f287f
SHA256 69ce2b7ecd3e59484347ff252e87b1133427e181644d1b4bdb9f7fd6e7b95100
SHA512 380eba59ca11536812c760daa156eb7916bb702af6ccfc3e4de39da9a9d96cf8b0a37d293850b50f5910a7c38d1e2772eafcc60cb664a22dfd152cd14d2a2a10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 8bd66dfc42a1353c5e996cd88dc1501f
SHA1 dc779a25ab37913f3198eb6f8c4d89e2a05635a6
SHA256 ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839
SHA512 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75cc92bbe055dfa6542a07cf5a8ae838
SHA1 b9ef0c1e4f382b34574948e19419212ab4422a5a
SHA256 1264aaedbda7ce3a9b931f039b94c348d7789479a12a62f57e02d10ffad994bf
SHA512 bbda497acf0a32dbc0a8cc55d8089f1d3c5ef8f2fa9c45ecd084f0179d53f297f83864f18737e59664372870767758168b7e8a0edbd81a91804cacb5f353c617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab38839ce713b020abe782d92467a5f0
SHA1 1a7705a99a530b08b6b4a1be39bafc5ae1316bfb
SHA256 4c9f3502ae6e994e5e3dc16d589f682292b6b06d2f040e8e362e3d63b0b16c6f
SHA512 d8e7dca5a8f8d2a14a2baecc4684513c9dd8756550ea675833d0925fc4bbe9882664b384d531ba2a07de9cb268f464db931ad7f52d8aa8eda01e1e2125ad81e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b4

MD5 fc8b9283e9c3686899120581f73dbf88
SHA1 5d2c3af2bf4a2054daf15098d95992c9aac1bf17
SHA256 27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216
SHA512 9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b8

MD5 4a6a239f02877981ae8696fbebde3fc9
SHA1 5f87619e1207d7983c8dfceaac80352d25a336cf
SHA256 ac546e02b937ee9ac6f6dd99081db747db7af6a4febf09cbe49e91452d9257b8
SHA512 783cf2ae4ba57031c7f4c18bdac428a1074bb64f6eb8cef126ad33f46c08767deeac51917bef0f1595295b9f8a708cb297b7cf63fc3f7db0aa4ac217ce10f7cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b5

MD5 e42ba21fc6ad46eef7210e6a17cbcf29
SHA1 65df7e97d6ec546a85a16beea1a8533788969fc6
SHA256 f41a6b281e24eebdca7fdd637658685e2c4159b9da7c1017e5b9bfafa6821d8b
SHA512 e9b1896224703b80e26411b65a418878d77713a023a8bfb49707f7569359246d9ce1e2307613a1ecae7bd64a78266916d4586aba1b30fda2ecffe05322427ef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004bb

MD5 ab8c6959f7d35bc393a98b6a2db5ce13
SHA1 1289068381b91cc6170c810db2488bc3a46f242a
SHA256 0178bed6aaaa7c7aeb61cbdaad645ebb6701968d04d1778506755251ba37311b
SHA512 ee194274097d7b275292633a9258d5dfb0ccaf28a476e5fac10a34577f3206cadfa0b9c9aef1e7f029ca0d0bbf18e220ee69aaa4e5f2077c167ff0d0803d8d91

C:\Users\Admin\Downloads\Unconfirmed 346058.crdownload

MD5 20d2c71d6d9daf4499ffc4a5d164f1c3
SHA1 38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8
SHA256 3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d
SHA512 8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f9a9ece8bec518d95ee84d75f8c7fb7
SHA1 6586b629b479e941cefb1be10376af5b0b2a7acc
SHA256 e546f4f20f1aae7e374f22d88a28f78d7bc90d10de629368b99cd8bf2e10adef
SHA512 f8f4284f4b1e23d27835a7ad9195378af0ce175bbc66439a6f256e138255ed6595fccd2085292e304cee62be9f4e05a993e7917b5c077f4ba89f0145532a5a52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c658c633c74a9371cd8b846eea22a54
SHA1 6969cb896aa66aeb69195c121d69d0ddecda8df6
SHA256 4f4a4848eb3eaf8a234bcdbc4018fc0f6a02c9040c13a2da7a9f8a9bff6d793a
SHA512 b7bdd1c7a59e8b4ca8c93f88e081e8f8f0b65e4cc8bad89fc7cf56c4c16f43bda1680bff2d15ad5523b8151a6d41ddbf890cd8361a20f2190d013275d54d0dfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 268e279137c6d410ce44897e7a10d930
SHA1 69952be5bc467fcd6f7dabf09e5e08735a24b19a
SHA256 35ac4643d28f21a0f0d694b93f8e1ac0baa78c6241bf497c983b28d28871001e
SHA512 b53bc93c2ae7fd945aabab71b1990447a423b60e44a39ed8c588fae82b3da8d38825b79b7888e98f62a6f256581ebc22a71664396195ea5d0ad7dda15169022d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4201856a5c88d2db2a271d4446bdd62
SHA1 a1d9620841c765d8fac758bab318598e9debc328
SHA256 2dfe937f97e8ce1c02195530789ed7b148393c26dd65ec771f4de2519efbf6ab
SHA512 660a24a470b7b72d213314b8b92f637d98e5df923b02265e396d82f23e222cece078bbe5abe6101192e26580292220cb44344f380cb9f273cbe3703aee172345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8eaf6f960bb405f3cde5b39e1516f0f8
SHA1 30df421701431286a68624a06b73fc5cf3f25c14
SHA256 3b4017c8dd0d3967b7edae5b67817d6a5c64e5582400e61f6506b208bc3a4ff9
SHA512 b1d94dcd51edd98cdcd490a44938b0b60ba070cfdcf788a8c3eb38dd788178d03d1169e2ffa6b4e57f139a1161f29ce6c0db3636a7b2c5b3efd342a6158885a8

memory/1896-7553-0x0000000000400000-0x00000000004A6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0dc1ec34cae470a843b2b2fa1caa252f
SHA1 3dacfe3f9074aa092d174354baf90a9a26db53ae
SHA256 9116a36384a96824b913ee221d80be1d49fadedd5c68e98f91da2d20f0aa8f25
SHA512 c95c218406dc905a813db0084d911a8ddf2c1dd344b93d27be191d7c9c8833d41b7631c7e639f737d01e92b37641f4e935ae4bbe00efefcd2bcc916e44fa3de4

memory/4056-7587-0x0000000000400000-0x00000000004A6000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 756422.crdownload

MD5 e87a04c270f98bb6b5677cc789d1ad1d
SHA1 8c14cb338e23d4a82f6310d13b36729e543ff0ca
SHA256 e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338
SHA512 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3966542cc115bc9f21d922c72d4603d5
SHA1 e0d02d5ebb79b679f15f2d9e68135107bf5f43fe
SHA256 a9ba714e69020cb51a0aed3949331bd14cd4f26bb90ea8c020d52ffb26c54edb
SHA512 3f80f7d58a47d1d9c3716b7e1fac70657ccf022ed47f551e1885140e5f2fbc1efdab256ef59258dd38b5d497bbb31e9fe309644698ae01f78d10cf020bdcf374

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d4ec9e8061d816576245a1761ddf6c4
SHA1 ca8a45db5c1c2eb4cca7592f3c4e2335ed23718e
SHA256 bf4db9679d904073b4abdcc65b6a1d7299b163eb4431f5e7cddbd975111d85f9
SHA512 fca21344a0f9d4bf61d4771aad176e5c22f6a5fab3d7d22ef94fd466d2821c613095988023846e795cd0d60d92d14dd845abb1b15823dd0384b4066315cc6b22

memory/6240-7679-0x0000000000400000-0x00000000004A6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cb0581afe96bba552b3ee86526279c6
SHA1 52e04ece4387cd5cb84f0c32a83b50869893e91c
SHA256 1fd896111dca3051c821139050309950b923a681c37f3ddfd84167278650f884
SHA512 8d75d1ed872ee9ba55a2e239f6b0a71af70f7bc5df1a6015181bc7b06012375bf43c82cf055e5f01b4c1fead9b4611cdfbb48c64fa7e2acfadfd5e40f12aaa93

memory/8-7702-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/6940-7706-0x0000000000400000-0x000000000044A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 adb0f7154d60afe667a7bde0c7122e75
SHA1 61112efb6a11c08419939844a5beb4c07c1ffd65
SHA256 cd32abe1f8e208796111f8e75cec3a60cfc6d7b9e6ab69e4ad5321531437c216
SHA512 486447d1b00e07967f7ac46f6c3b4d4fb58f4f9cf05ad600ce77a7acb5624299eaca50d06a53da78c2fb6f89983ca91c2329a20fd811d138aa682aed793df4af

C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload

MD5 b6e148ee1a2a3b460dd2a0adbf1dd39c
SHA1 ec0efbe8fd2fa5300164e9e4eded0d40da549c60
SHA256 dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba
SHA512 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7086f3f8a0bda99b1125c68a8bb60781
SHA1 8cbe7a4b0e58c2b7475ef16053641de576b000b6
SHA256 ed0cf042fbf1310b9e70f562b2773bc411b3e7b1deabbdfd8c6d4ca5eec17f1f
SHA512 1ba946356a2001fc7716244c27b315a35fa7629447ca10dcd6a77f9891dd229ee91b292912c441255ddb8f80d8526e605c576eaea5f5911caefbe5f4c88cb0c7

memory/1228-7795-0x000001C2EE770000-0x000001C2EE78E000-memory.dmp

C:\ProgramData\Hdlharas\mdkhm.zip

MD5 b635f6f767e485c7e17833411d567712
SHA1 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8
SHA256 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e
SHA512 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

C:\ProgramData\Hdlharas\dlrarhsiva.exe

MD5 64261d5f3b07671f15b7f10f2f78da3f
SHA1 d4f978177394024bb4d0e5b6b972a5f72f830181
SHA256 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad
SHA512 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

memory/1336-7825-0x000002246B020000-0x000002246B934000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59db781691bdaec00a9f08ab468019fe
SHA1 17d9a54bb4465759d109d1ed98542642ab6c1062
SHA256 b7106fa2f11cfc7e87abed692bf9a73286930eaf3621611d365633c2a525283e
SHA512 604344ab324086fe39a95e852abc08419c554b45cbe9afeee898297cfcbebed5165fa28c39335e0e2f16927b60709e399995b84defd8c2172a68a614019d41c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 576d979c2d7a383029fc55a28085c8c0
SHA1 cde111a89f0918f427f5f943a6c4a668d76cd77a
SHA256 c1c7d8907c7f9b3e5609fe7c7c95240d1db247fa25ca82ce0b83de5eb952c9b0
SHA512 4753341baa28fdfa94e69ee41c044fb27c3f40a303a78ec21e597d9b23f03093322eb3b66881ec20163e7281e9039819a90b8e1bd705f9476c525c1ef574094f

C:\Users\Admin\Downloads\Unconfirmed 928573.crdownload

MD5 1d9045870dbd31e2e399a4e8ecd9302f
SHA1 7857c1ebfd1b37756d106027ed03121d8e7887cf
SHA256 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA512 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 060348c4de8de8295ca9246db242e535
SHA1 779df95d5c39644e1bbb93a797c20d59ddc8ba60
SHA256 88c64dbc36f0d6015b4fce5392a93c98511495ebc0ada99bcb581b837681f1c0
SHA512 dc5a975e8063a7279049cf5ae0b7199a7e9f3154f054560ad5db90bb3b5717403d27606c11cdbac4af149389a6f67c43bccdee3dc852fa4ea4bd6308c9428f01

memory/5844-7961-0x000000001BD80000-0x000000001C24E000-memory.dmp

memory/5844-7962-0x000000001C300000-0x000000001C3A6000-memory.dmp

memory/5844-7963-0x000000001C4E0000-0x000000001C542000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63ea69e60f9c1534e34ccc0c196a04e1
SHA1 a3c26f2eb7f7a0c47f5b8647e002cb50cb1489b2
SHA256 72fd220d4c6241c69c5d222405fef7d1e1f30495a5cc005acf685b940016b566
SHA512 364b8f2ddeb4013fff0e49b99c5f15285fad2c856974f351b9449949d5710fd576f614d2ee3f47344f0158b9e4818c4d7d73cb0f4064be43516a35fc6a2aba01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5aaa687283cc9fc35994a56a509c652d
SHA1 5dce571808840077192fa3745c532c56229425ab
SHA256 02a4b704e57fe687e171d31952f1b39ea10448052b5d2b298559e2f8ffeae74e
SHA512 3f8996ddc5c21ffdbb6e64ddcf2387874d83df5fabc395fc9488c41c3d23be6a2ab4c7e316147d3605081f63167443b830a93718b87d2633c77768a55dbb14c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21f026a77fdca065c9caa5eda88b5668
SHA1 b0aa43faf08aa22f6b78fce20d04ed5c0dd958e5
SHA256 f33fb16d9c71fe0dc172d4f5c81651ddcb2e3e2b4c07bcbb17e83fa89f7ac9c8
SHA512 c6e7ffea9903ad7dfa8ea35649954c76bc2f364022e3ed5fbb61be4d4e40fc8aa8d4e278995a94ecb241e37938390ad4fd674c6234a6517676d3a84765b667a7

C:\Users\Admin\Downloads\Unconfirmed 114159.crdownload

MD5 fe1bc60a95b2c2d77cd5d232296a7fa4
SHA1 c07dfdea8da2da5bad036e7c2f5d37582e1cf684
SHA256 b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d
SHA512 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6b8ddc0161bcc051b4238893ed9814c
SHA1 c53dd032d78942d2f16f7eef3cdbb7a8542283e6
SHA256 75acbe55875f3a89f42ad212a0f53cfbc7d6440a68ffd680644f781de6739b9c
SHA512 d46d75a967a4b411515f6d6fdf86c4867edb4de08d4599ad43cff1e36d88f6cda6c4af2a5d85e1cba6f7358763305d4f90ea668576e651fbf3249d1760aa0f96

C:\ProgramData\svchost\vcredist2012_x86_0_vcRuntimeMinimum_x86.ico

MD5 fde1b01ca49aa70922404cdfcf32a643
SHA1 b0a2002c39a37a0ccaf219d42f1075471fd8b481
SHA256 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5
SHA512 b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7d456eb76275d2f38d44c6cf4403416
SHA1 062ef8b46f3cef473b390e2ab4bd7a923af8d0ff
SHA256 bb7d87a7b3e006b864a3e0fffa04c58ef6bd8cafb7eedd41d158801e96052eb4
SHA512 da48584c7209ee7d8f747fc7b0dc98641f35a9216c580bfed5de05e17ce57fac233d135498e2253f6014e87d67a11e01ad0a72a5d5f783e4ac1908ec18df5063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 682139feca0a2d26e2575b4a08c0ad4f
SHA1 527fa6f672aee7e6c2b9aa9701496adec4f0f26e
SHA256 2d2e39c759782c49c55fd0b8ea12dd18c0f2e2aa4c4e0cb02e11fc376ae1188c
SHA512 8ef3bae5081ee4d79ac743de10f1ba711a05f75a3ec721dff29a1d99368d48e0dd7295b15e59a8040fbc209e2f4f23da4a0de30c3837f69e93a4283fbad7cc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378234207015945

MD5 8615504485844affa060ef394886d63c
SHA1 9d2a7de5449d5c231bf53002f0c833b5ce695967
SHA256 96f2f6c78f70a07d4120aec5ca7a79a11319062f33ace6c7f6141486c46df653
SHA512 6daf738d667fad69492fee701f3c79bacfb0cd9292435bd0532db598fa3a9d532aea838cd271b65b857cfe6e24113386947f3c457b349d5627af6c9f06aeb01b

C:\Users\Admin\Downloads\Unconfirmed 695658.crdownload

MD5 055d1462f66a350d9886542d4d79bc2b
SHA1 f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256 dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA512 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd7e02fc8e18602bd02ae661daaba475
SHA1 78bad5805cd9b77d78fa61c414f6f67bcd421f2f
SHA256 1e385e7cbca8d44fda00fd323d3a6f45b47f5e0bfe1662c031b68f789a2f4488
SHA512 8d2d056c2a220abeb611a89b414395cdedea6971881444b1095cafefe2d461ba5d39008471535cc8f0b8b8cb9d8284c1f291f6731cf6097b1485384240465cd4

memory/4704-8461-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c703a54a273c18eeb7b112a6401422e
SHA1 535826de4470569216fbfe5472a12defa10fd2f7
SHA256 da5953548cc776949d90a206040a0b691605145276b972e88ac554ef7835a4fb
SHA512 174e7e467c9749d848d66b66ace54718d08f97dc309c208e8e0c36fdae22405087d5bb7b1e4529460bffbb33295415fe30ffa6d3533caa6e5f160daea1c60eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0fa1a013be2a3283c4d116d4fc7967db
SHA1 a15775fa8b8d8b383db7360b3aeb5ffb6418da52
SHA256 b0caea4b62adb6764058b983ea2e1c37210e9d2b0fbe1a8c0a87d1880f87576a
SHA512 920f4dacdea817b536ab2769b59b05865a80563e2641b82968d6c3242a8b1711330f10f680809de11b252a31b1c68fbb34fdd146e879e9ae1e2191df99ad1040

memory/6512-8511-0x0000000000400000-0x000000000056F000-memory.dmp

memory/5640-15704-0x0000000000400000-0x000000000056F000-memory.dmp

memory/6512-20755-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 936122.crdownload

MD5 b805db8f6a84475ef76b795b0d1ed6ae
SHA1 7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256 f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.txt.exe.id-924DB93A.[[email protected]].ico

MD5 9430abf1376e53c0e5cf57b89725e992
SHA1 87d11177ee1baa392c6cca84cf4930074ad535c5
SHA256 21f533cb537d7ff2de0ee25c84de4159c1aabcf3a1ac021b48cb21bb341dc381
SHA512 dd1e4f45f1073fe9ab7fb712a62a623072e6222457d989ee22a09426a474d49a2fb55b393e6cbd6bc36585fa6767e7dca284fa960ea8cb71819f5e2d3abfaf78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06daf78bdad675122a9d126593e7ed0b
SHA1 203f429ca37a2699d5ad92d467718c6ddfc04167
SHA256 2c62b6c44e19b7546e544c4ee864650ad15cecff3f8e8866d64f3559ec5fe378
SHA512 7f366ee2466a67464c6e6f95b358c664a49c7254ea054d6dcd6cf0f449f53e10f1395f2f434c4932affa831f30b25b59b8432008e386bd6701225134dc3c2e13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6d162d.TMP

MD5 efac086e86f6aee0a5c4a1963bf8a082
SHA1 ea934acf49f376748fb0f94772f8496ad53f4eee
SHA256 453e21932a838476a9a0f482f1a0ccf73f528d1c2c98fb5295fdcfb82a806eb1
SHA512 72b50979dd236926888c3ccdafbc01241935af7218f210a9ffbb602302a74cf990d9b88e68358149d5c7e1dfe37f1e632c0cd972553fd7ecfbf4ae0ad85f2621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c5a300f80c616551e00a96ea2bb7bc4
SHA1 1c13ce8d5c70b25c75fcebbc3d90c110b8e25511
SHA256 7adbe6fda268bf9ba245b5c2371a667cfe0b930b374f06ab5e41647495d42721
SHA512 fd0d1b3f0c217f51f507e9ae877799e5fdbf89782de410295056f2e520234c630e0278426484e679087c03da17b4d64813da425dcbad89a92ad1279b407d8ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\05e2b1ef-b968-427d-824f-a1b31ccb1c46.tmp

MD5 d54259218902e9250cb573a8accbb62f
SHA1 71f308429bf872df70f2c9406d6923ca170fe823
SHA256 7959a81017be40fdf431d9c75ef5e9aa62f1672ad30a373548f2d179575c3272
SHA512 be3708a09f2ae93251a03335deca0b02f8b078683b66bc6a71554e434c55abee71b749c2d400279f485baba4fdbc342498700afd3ff6f8f96feef25959c98f15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 368ec1af3684797cc4aeba945766a446
SHA1 ed6d91e83425c9ac56365025216339709845285f
SHA256 f49535d96371640ad7de1cd547e59b16acfc2a932b46ffb0528fa96e20091194
SHA512 bf5c624d30fd94b61666762646ecad4d4eecf93b0cb03af906197f90fe9a51040106605615fa669b6a3532b22c8c3a2eddbc0637897e2ee608e9f15fd331f5f6