Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/Ioc7Rs was found to be: Known bad.
Malicious Activity Summary
Crimsonrat family
Revengerat family
CrimsonRAT main payload
RevengeRAT
Dharma
Dharma family
CrimsonRat
Deletes shadow copies
RevengeRat Executable
Renames multiple (559) files with added filename extension
Office macro that triggers on suspicious action
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: triixy_foxy_640.gif@webp
A potential corporate email address has been identified in the URL: phoebewilss_640.gif@webp
A potential corporate email address has been identified in the URL: cassiejays_640.gif@webp
A potential corporate email address has been identified in the URL: gianafantini_640.gif@webp
A potential corporate email address has been identified in the URL: lilitmorningstar_640.gif@webp
A potential corporate email address has been identified in the URL: hannalopa_640.gif@webp
A potential corporate email address has been identified in the URL: parisrosee_640.gif@webp
A potential corporate email address has been identified in the URL: sarawalsh1_640.gif@webp
A potential corporate email address has been identified in the URL: chloesmith_640.gif@webp
A potential corporate email address has been identified in the URL: emilystockman_640.gif@webp
A potential corporate email address has been identified in the URL: airikimura_640.gif@webp
A potential corporate email address has been identified in the URL: alanahell_640.gif@webp
A potential corporate email address has been identified in the URL: luzbella_640.gif@webp
Uses the VBS compiler for execution
A potential corporate email address has been identified in the URL: darinalee_640.gif@webp
A potential corporate email address has been identified in the URL: asshantiy_640.gif@webp
A potential corporate email address has been identified in the URL: mileyms_640.gif@webp
A potential corporate email address has been identified in the URL: abby509_640.gif@webp
A potential corporate email address has been identified in the URL: duckyisone_640.gif@webp
A potential corporate email address has been identified in the URL: miapey_640.gif@webp
ASPack v2.12-2.42
A potential corporate email address has been identified in the URL: airafoster_640.gif@webp
A potential corporate email address has been identified in the URL: nicole_anyston_640.gif@webp
A potential corporate email address has been identified in the URL: millieveronic777_640.gif@webp
A potential corporate email address has been identified in the URL: alicericci_640.gif@webp
A potential corporate email address has been identified in the URL: mia_valeria_640.gif@webp
A potential corporate email address has been identified in the URL: larak_640.gif@webp
A potential corporate email address has been identified in the URL: milabliss_640.gif@webp
A potential corporate email address has been identified in the URL: monicaxrousey_640.gif@webp
Credentials from Password Stores: Windows Credential Manager
A potential corporate email address has been identified in the URL: honeybunnyy_640.gif@webp
A potential corporate email address has been identified in the URL: kittyblosson_640.gif@webp
A potential corporate email address has been identified in the URL: penelope_perez_640.gif@webp
A potential corporate email address has been identified in the URL: bellacoleman_640.gif@webp
A potential corporate email address has been identified in the URL: roserose_640.gif@webp
A potential corporate email address has been identified in the URL: zelesttewest1_640.gif@webp
A potential corporate email address has been identified in the URL: abrill_hot2_640.gif@webp
A potential corporate email address has been identified in the URL: aniaharris_640.gif@webp
A potential corporate email address has been identified in the URL: silvanarosee_640.gif@webp
A potential corporate email address has been identified in the URL: katewright1_640.gif@webp
Executes dropped EXE
Loads dropped DLL
A potential corporate email address has been identified in the URL: lauraagredo_640.gif@webp
A potential corporate email address has been identified in the URL: carlotaevany_640.gif@webp
A potential corporate email address has been identified in the URL: valkaliv_640.gif@webp
A potential corporate email address has been identified in the URL: zofia_zozo_640.gif@webp
A potential corporate email address has been identified in the URL: ciararose_640.gif@webp
A potential corporate email address has been identified in the URL: username=xgntkc7jb42hgcvk&password=sdadasdas22&[email protected]&firstname=gaber&lastname=lackson&zip=20710&country=US&state=MD&optionId=258&cascade=20&paytpl=2&
A potential corporate email address has been identified in the URL: marian_giselle_640.gif@webp
Checks computer location settings
Drops startup file
Reads user/profile data of web browsers
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: katiegrey_640.gif@webp
A potential corporate email address has been identified in the URL: krissdelrey_640.gif@webp
A potential corporate email address has been identified in the URL: miamia_640.gif@webp
A potential corporate email address has been identified in the URL: jessica_carter_1_640.gif@webp
A potential corporate email address has been identified in the URL: sophiegomez21_640.gif@webp
A potential corporate email address has been identified in the URL: alexahash_640.gif@webp
A potential corporate email address has been identified in the URL: helenrouse_640.gif@webp
A potential corporate email address has been identified in the URL: belacarter_640.gif@webp
A potential corporate email address has been identified in the URL: brianamontiel_640.gif@webp
A potential corporate email address has been identified in the URL: megganwin_640.gif@webp
Drops desktop.ini file(s)
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in System32 directory
Suspicious use of SetThreadContext
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Scheduled Task/Job: Scheduled Task
Uses Volume Shadow Copy service COM API
NTFS ADS
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Interacts with shadow copies
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-12-09 15:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-09 15:47
Reported
2024-12-09 16:12
Platform
win10v2004-20241007-en
Max time kernel
1432s
Max time network
1433s
Command Line
Signatures
CrimsonRAT main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
CrimsonRat
Crimsonrat family
Dharma
Dharma family
RevengeRAT
Revengerat family
Deletes shadow copies
Renames multiple (559) files with added filename extension
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
A potential corporate email address has been identified in the URL: abby509_640.gif@webp
A potential corporate email address has been identified in the URL: abrill_hot2_640.gif@webp
A potential corporate email address has been identified in the URL: airafoster_640.gif@webp
A potential corporate email address has been identified in the URL: airikimura_640.gif@webp
A potential corporate email address has been identified in the URL: alanahell_640.gif@webp
A potential corporate email address has been identified in the URL: alexahash_640.gif@webp
A potential corporate email address has been identified in the URL: alicericci_640.gif@webp
A potential corporate email address has been identified in the URL: aniaharris_640.gif@webp
A potential corporate email address has been identified in the URL: asshantiy_640.gif@webp
A potential corporate email address has been identified in the URL: belacarter_640.gif@webp
A potential corporate email address has been identified in the URL: bellacoleman_640.gif@webp
A potential corporate email address has been identified in the URL: brianamontiel_640.gif@webp
A potential corporate email address has been identified in the URL: carlotaevany_640.gif@webp
A potential corporate email address has been identified in the URL: cassiejays_640.gif@webp
A potential corporate email address has been identified in the URL: chloesmith_640.gif@webp
A potential corporate email address has been identified in the URL: ciararose_640.gif@webp
A potential corporate email address has been identified in the URL: darinalee_640.gif@webp
A potential corporate email address has been identified in the URL: duckyisone_640.gif@webp
A potential corporate email address has been identified in the URL: emilystockman_640.gif@webp
A potential corporate email address has been identified in the URL: gianafantini_640.gif@webp
A potential corporate email address has been identified in the URL: hannalopa_640.gif@webp
A potential corporate email address has been identified in the URL: helenrouse_640.gif@webp
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: honeybunnyy_640.gif@webp
A potential corporate email address has been identified in the URL: jessica_carter_1_640.gif@webp
A potential corporate email address has been identified in the URL: katewright1_640.gif@webp
A potential corporate email address has been identified in the URL: katiegrey_640.gif@webp
A potential corporate email address has been identified in the URL: kittyblosson_640.gif@webp
A potential corporate email address has been identified in the URL: krissdelrey_640.gif@webp
A potential corporate email address has been identified in the URL: larak_640.gif@webp
A potential corporate email address has been identified in the URL: lauraagredo_640.gif@webp
A potential corporate email address has been identified in the URL: lilitmorningstar_640.gif@webp
A potential corporate email address has been identified in the URL: luzbella_640.gif@webp
A potential corporate email address has been identified in the URL: marian_giselle_640.gif@webp
A potential corporate email address has been identified in the URL: megganwin_640.gif@webp
A potential corporate email address has been identified in the URL: mia_valeria_640.gif@webp
A potential corporate email address has been identified in the URL: miamia_640.gif@webp
A potential corporate email address has been identified in the URL: miapey_640.gif@webp
A potential corporate email address has been identified in the URL: milabliss_640.gif@webp
A potential corporate email address has been identified in the URL: mileyms_640.gif@webp
A potential corporate email address has been identified in the URL: millieveronic777_640.gif@webp
A potential corporate email address has been identified in the URL: monicaxrousey_640.gif@webp
A potential corporate email address has been identified in the URL: nicole_anyston_640.gif@webp
A potential corporate email address has been identified in the URL: parisrosee_640.gif@webp
A potential corporate email address has been identified in the URL: penelope_perez_640.gif@webp
A potential corporate email address has been identified in the URL: phoebewilss_640.gif@webp
A potential corporate email address has been identified in the URL: roserose_640.gif@webp
A potential corporate email address has been identified in the URL: sarawalsh1_640.gif@webp
A potential corporate email address has been identified in the URL: silvanarosee_640.gif@webp
A potential corporate email address has been identified in the URL: sophiegomez21_640.gif@webp
A potential corporate email address has been identified in the URL: triixy_foxy_640.gif@webp
A potential corporate email address has been identified in the URL: username=xgntkc7jb42hgcvk&password=sdadasdas22&[email protected]&firstname=gaber&lastname=lackson&zip=20710&country=US&state=MD&optionId=258&cascade=20&paytpl=2&
A potential corporate email address has been identified in the URL: valkaliv_640.gif@webp
A potential corporate email address has been identified in the URL: zelesttewest1_640.gif@webp
A potential corporate email address has been identified in the URL: zofia_zozo_640.gif@webp
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Downloads\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\AccountPictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\svchost\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\3D Objects\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | F:\svchost\$RECYCLE.BIN\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\k: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\z: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\r: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\x: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\y: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\j: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\w: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\w: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\y: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\r: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\p: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\i: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\q: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\y: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\b: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\t: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\x: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\n: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\m: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\o: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\g: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\r: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\v: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\v: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\b: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\t: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\u: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\u: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\z: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\s: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\h: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\g: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\j: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\l: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\w: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\h: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\m: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| File opened (read-only) | \??\e: | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\process.logs | C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe | N/A |
| File opened for modification | C:\Windows\system32\process.logs | C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe | N/A |
| File created | C:\Windows\System32\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Windows\System32\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\resources.pri | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestsRunningInCleanRunspace.Tests.ps1 | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\TEMPSITC.TTF.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Diagnostics.Tracing.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fi-fi\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_kn.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\DenyClear.jfif.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\vi.pak.DATA | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-100.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fil_get.svg.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\selector.js.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons2x.png.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations_retina.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\New_Skins.url.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\LockInvoke.ogg.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\PSReadline.psm1 | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msolap_xl.dll.id-924DB93A.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{9F67512C-EE99-4E82-8794-C5913C5FACEE}\8tr.exe:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Hydra.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ScreenScrew.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Avoid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Cerber5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 346058.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 928573.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 695658.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 725821.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{9F67512C-EE99-4E82-8794-C5913C5FACEE}\8tr.exe:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 842892.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 936122.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 756422.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 114159.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/Ioc7Rs
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5fa846f8,0x7ffc5fa84708,0x7ffc5fa84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color C
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AC6B14831204048D9723B6C347D7B276 C
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7236 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x384 0x324
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=7948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8360 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HwidSpoof (1).zip\HwidSpoof\Hwid-Spoofer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color C
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://temp-mail.org/en/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://temp-mail.org/en/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc5fa846f8,0x7ffc5fa84708,0x7ffc5fa84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9516 /prefetch:8
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=932 /prefetch:8
C:\Users\Admin\Downloads\Hydra.exe
"C:\Users\Admin\Downloads\Hydra.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12108 /prefetch:8
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12400 /prefetch:8
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12164 /prefetch:8
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12504 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7964 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\oeotd-hp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF9A1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8ADA07BD4F24089A41CFCDC898B352.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cmhrwqta.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA9B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCA4A70A94E724E8F956FC997D5E52F35.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\z3dg8ml4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB47.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc722262007E924E1A93726D5A77FF768.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wgezpib6.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC12.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8391DBEBDC534676B8C285A678FAEA9C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_fot2j47.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFCDD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9A1DCB6171B047C69887FFE899C0C4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yqxk-y34.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDA8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8E575B657A9A4219BF881D198E53B28.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rif-wpna.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE44.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA7BD82F1240741FC81943ABB1888465.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\93egl6se.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFEE1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDECC0CFCE7A4AB1B3849AA2D1BB9CF9.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8668 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5rqrqim7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc82A955AC10AA409FBB12E5DDD81F5644.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nbcnxd9p.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1A0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc37B324672F0F4ED59A1E8B413C7BF9E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mffph0du.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES26B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3F7B47DD8DFB4600BF3E4984492B346B.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jj66xpfc.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES317.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc330FD460FD404A3DA5C5FB8CE59DB6EE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gt7mey3s.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDDDC12AC226345BE9F4D4F0D244F927.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\789uihy8.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc93926F37E8864E588A5F5C157DF6E5B9.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ftv6yzgb.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4FB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc11DF4AB3DBCF4129907AE761C33A7455.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\omujswou.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5C6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9E21375F1BA64810B7E6A446B9EF32ED.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jjuuts6z.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES662.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEA8A98A5832B4027B149E73671A3C91.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\iksj0efd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6FF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc333C57A3DD6A4F7EB89A518E2D7F8B36.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uwnieupz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc85B82FCC423645EAA6AD81BAC2185847.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dualjn-n.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES866.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1B824549B5B74B3497EEB76B886AA470.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hsdgxsjj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES931.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc144CC80BBFE94DA8B39B19404DFA4C95.TMP"
C:\Users\Admin\Downloads\Cerber5.exe
"C:\Users\Admin\Downloads\Cerber5.exe"
C:\Users\Admin\Downloads\Cerber5.exe
"C:\Users\Admin\Downloads\Cerber5.exe"
C:\Users\Admin\Downloads\Cerber5.exe
"C:\Users\Admin\Downloads\Cerber5.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\whcjydsw.cmdline"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD5D8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc414E9F982BA04893B03EEBBC53979BC3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tks100ld.cmdline"
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc63DA6B44FDC94AC2B98A29BC5E9A422.TMP"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zpb6ntob.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_5a8novm.cmdline"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\doac1ztx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1070.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6711D9E7209D4FE385CCE146D42186DA.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c99fumqq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES12A2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA9A470B471CA4E95B0D0CCA4F7104FE3.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11391784511209130991,6604065334213873895,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12500 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mlhr8txe.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1439.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4E3D4C4A473A49A4BCD7C21533ED2A0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uhoyu8pw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES14E4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB95DE8AD696B47DFABD6C8E9EFBB4A67.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_shkxhvo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1571.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc467AF782B17843E8B5D1F3BEF2F7490.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ocd6rw5t.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES161D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC2495595ADF42B79923C11DCD713B88.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6aevkzjd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1736.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBB954356E4C74C7781A54ADBA35A7FB2.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\np7ax9jg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1801.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB21935A4C8364565B16E3291949B891.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j6h7d2bp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES190B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcABC1113ED3A84DEAB22EE84C12273B3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\utaehumk.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES19E6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCDA084B8A6B24FBFB13C8E548AE2E077.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\z-cqa4xw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1AA1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7A2E2DF4F0294D2D97873470EB37B242.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kosxp6pr.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B4D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc552E7A0F8B8546EC904B534E2556C3D0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2fpmckzz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BF9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD5137AF16E774007BF4D1EB57291FBBC.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\offxv9na.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1CC4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc327F31BA3F3B4E05A0AA66163A579CFA.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pf55qjvp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D80.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1757B26C68984D20A4C3E38BEA18192.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6mkdeuu8.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E4B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc812A94D4BAE74CB5949B3EA4A884FD1.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bnyny-pi.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1EF7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE7FA8363803412FA9DE5F2FBCA7CB5.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\06vh0aeg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES201F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDABB33FBB20548E399124026BFB4FDA.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tkwybmdg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2119.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc94F125493AA64BD4992BAEE6B3EED9.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\eehhyykx.cmdline"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7fcf48781aaa410a8d97667ab42a6000 /t 8916 /p 8892
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\28f67f7fee2b4aa995787b254a711348 /t 8884 /p 8728
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cold-eu-mad-1.gofile.io | udp |
| US | 23.142.26.218:443 | cold-eu-mad-1.gofile.io | tcp |
| US | 23.142.26.218:443 | cold-eu-mad-1.gofile.io | tcp |
| US | 8.8.8.8:53 | 218.26.142.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 95.100.195.132:443 | www.bing.com | tcp |
| US | 95.100.195.132:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 132.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.139:443 | th.bing.com | tcp |
| US | 95.100.195.139:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 189.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www.babylon-software.com | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 8.8.8.8:53 | 129.88.138.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 104.26.14.104:443 | edge.marker.io | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 104.26.14.104:443 | api.marker.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 95.100.195.180:443 | www.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 180.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 23.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | ads.traffichunt.com | udp |
| US | 34.195.242.38:443 | ads.traffichunt.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| GB | 64.210.156.23:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.23:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | th-cdnv1.akamaized.net | udp |
| GB | 2.19.117.89:443 | th-cdnv1.akamaized.net | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.178.27:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 38.242.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| GB | 64.210.156.23:443 | ew.phncdn.com | tcp |
| US | 8.8.8.8:53 | chaturbate.com | udp |
| US | 104.16.42.196:443 | chaturbate.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| GB | 64.210.156.23:443 | cdn1d-static-shared.phncdn.com | tcp |
| US | 8.8.8.8:53 | 196.42.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.static.mmcdn.com | udp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| GB | 64.210.156.23:443 | cdn1d-static-shared.phncdn.com | tcp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | evtubescms.phncdn.com | udp |
| GB | 64.210.156.4:443 | evtubescms.phncdn.com | tcp |
| US | 104.16.92.18:443 | web.static.mmcdn.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.92.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-pub.highwebmedia.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.17.80.200:443 | static-pub.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| GB | 64.210.156.19:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | pix-cdn77.trafficjunky.net | udp |
| GB | 89.187.167.20:443 | pix-cdn77.trafficjunky.net | tcp |
| GB | 2.19.117.89:443 | th-cdnv1.akamaized.net | udp |
| GB | 64.210.156.21:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.80.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.167.187.89.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | jpeg.live.mmcdn.com | udp |
| DE | 131.153.88.86:443 | jpeg.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | 86.88.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.mmcdn.com | udp |
| US | 8.8.8.8:53 | edge1-sof.live.mmcdn.com | udp |
| BG | 131.153.94.31:443 | edge1-sof.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | nwr.static.mmcdn.com | udp |
| US | 162.247.243.39:443 | nwr.static.mmcdn.com | tcp |
| US | 8.8.8.8:53 | realtime.pa.highwebmedia.com | udp |
| NL | 18.239.18.92:443 | realtime.pa.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | nwr.mmcdn.com | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 8.8.8.8:53 | 31.94.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.18.92:443 | realtime.pa.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 92.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | cv-h.phncdn.com | udp |
| US | 152.195.34.118:443 | cv-h.phncdn.com | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.34.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | 18.156.210.64.in-addr.arpa | udp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ads.traffichunt.com | udp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| US | 50.19.94.201:443 | ads.traffichunt.com | tcp |
| US | 50.19.94.201:443 | ads.traffichunt.com | tcp |
| US | 8.8.8.8:53 | pix-ht.trafficjunky.net | udp |
| GB | 64.210.156.20:443 | pix-ht.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | th-cdnv1.akamaized.net | udp |
| GB | 2.19.117.89:443 | th-cdnv1.akamaized.net | udp |
| US | 8.8.8.8:53 | 201.94.19.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| GB | 64.210.156.18:443 | pix-ht.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | edenai.go2cloud.org | udp |
| IE | 52.210.174.128:443 | edenai.go2cloud.org | tcp |
| IE | 52.210.174.128:443 | edenai.go2cloud.org | tcp |
| US | 8.8.8.8:53 | lp2.edenai.world | udp |
| US | 104.18.10.109:443 | lp2.edenai.world | tcp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | api.ifriend.ai | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 57.144.120.1:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 57.144.120.128:443 | connect.facebook.net | tcp |
| US | 95.100.195.175:443 | api.ifriend.ai | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 95.100.195.175:443 | api.ifriend.ai | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 175.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| DE | 87.230.98.78:443 | delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | c.delivery.consentmanager.net | udp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 104.18.10.109:443 | lp2.edenai.world | tcp |
| US | 57.144.120.128:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | a.exoclick.com | udp |
| US | 8.8.8.8:53 | syndication.exoclick.com | udp |
| NL | 95.211.229.247:443 | syndication.exoclick.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 89.187.167.39:443 | a.exoclick.com | tcp |
| GB | 64.210.156.0:443 | hw-cdn2.adtng.com | tcp |
| US | 95.100.195.170:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | ssgtm.edenai.world | udp |
| US | 216.239.34.21:443 | ssgtm.edenai.world | tcp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | sync.atsptp.com | udp |
| US | 66.254.114.220:443 | sync.atsptp.com | tcp |
| US | 57.144.120.1:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | sync_events.atsptp.com | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 64.210.156.18:443 | pix-ht.trafficjunky.net | tcp |
| GB | 64.210.156.23:443 | pix-ht.trafficjunky.net | tcp |
| GB | 64.210.156.19:443 | pix-ht.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | htl-cdn.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ctrack.trafficjunky.net | udp |
| US | 66.254.114.154:443 | ctrack.trafficjunky.net | tcp |
| US | 66.254.114.154:443 | ctrack.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 154.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trk.alibabatraffic.com | udp |
| NO | 54.240.174.120:443 | trk.alibabatraffic.com | tcp |
| US | 8.8.8.8:53 | trk.felistrk.com | udp |
| NO | 54.240.174.72:443 | trk.felistrk.com | tcp |
| NO | 54.240.174.72:443 | trk.felistrk.com | tcp |
| US | 8.8.8.8:53 | www.ndj9sjld.com | udp |
| US | 34.117.88.169:443 | www.ndj9sjld.com | tcp |
| US | 34.117.88.169:443 | www.ndj9sjld.com | tcp |
| US | 8.8.8.8:53 | flingunited.co.uk | udp |
| US | 34.111.196.6:443 | flingunited.co.uk | tcp |
| US | 34.111.196.6:443 | flingunited.co.uk | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | api.consentcollectors.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| BE | 35.195.163.35:443 | api.consentcollectors.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | www.flingunited.co.uk | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | s.orbsrv.com | udp |
| US | 8.8.8.8:53 | s.magsrv.com | udp |
| US | 8.8.8.8:53 | ad.twinrdengine.com | udp |
| US | 8.8.8.8:53 | s.opoxv.com | udp |
| US | 8.8.8.8:53 | s.pemsrv.com | udp |
| US | 8.8.8.8:53 | s.zlinkp.com | udp |
| US | 8.8.8.8:53 | s.ds2gs4.com | udp |
| US | 8.8.8.8:53 | syndication.realsrv.com | udp |
| NL | 95.211.229.248:443 | syndication.realsrv.com | tcp |
| NL | 95.211.229.248:443 | syndication.realsrv.com | tcp |
| NL | 95.211.229.248:443 | syndication.realsrv.com | tcp |
| DE | 148.251.2.75:443 | tsyndicate.com | tcp |
| NL | 95.211.229.248:443 | syndication.realsrv.com | tcp |
| US | 34.111.67.216:443 | ad.twinrdengine.com | tcp |
| NL | 95.211.229.245:443 | s.ds2gs4.com | tcp |
| NL | 95.211.229.245:443 | s.ds2gs4.com | tcp |
| US | 8.8.8.8:53 | consentcollectors.com | udp |
| NL | 95.211.229.246:443 | syndication.realsrv.com | tcp |
| US | 8.8.8.8:53 | 72.174.240.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.88.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.196.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.174.240.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.163.195.35.in-addr.arpa | udp |
| BE | 35.195.163.35:443 | consentcollectors.com | tcp |
| BE | 35.195.163.35:443 | consentcollectors.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 216.67.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.2.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.flingunited.co.uk | udp |
| US | 8.8.8.8:53 | ads.traffichunt.com | udp |
| US | 8.8.8.8:53 | ads.trafficircles.com | udp |
| US | 50.19.94.201:443 | ads.trafficircles.com | tcp |
| US | 50.19.94.201:443 | ads.trafficircles.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | basetraffichain.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| DE | 168.119.149.123:443 | basetraffichain.com | tcp |
| US | 8.8.8.8:53 | cams.com | udp |
| US | 69.165.103.130:443 | cams.com | tcp |
| US | 8.8.8.8:53 | se11.securedataimages.com | udp |
| US | 8.8.8.8:53 | img.securedataimages.com | udp |
| US | 8.8.8.8:53 | gs1.wac.edgecastcdn.net | udp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| US | 192.229.233.94:443 | img.securedataimages.com | tcp |
| PL | 93.184.220.44:443 | gs1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | 123.149.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.103.165.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beta-api.cams.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 69.165.103.130:443 | beta-api.cams.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dynimages.securedataimages.com | udp |
| US | 8.8.8.8:53 | sentry-new.cams.run | udp |
| US | 69.165.103.131:443 | sentry-new.cams.run | tcp |
| US | 69.165.103.131:443 | sentry-new.cams.run | tcp |
| US | 8.8.8.8:53 | 131.103.165.69.in-addr.arpa | udp |
| US | 95.100.195.182:443 | www.bing.com | tcp |
| US | 95.100.195.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 182.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 95.100.195.191:443 | th.bing.com | tcp |
| US | 95.100.195.178:443 | r.bing.com | tcp |
| US | 95.100.195.178:443 | r.bing.com | tcp |
| US | 95.100.195.191:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse3.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 191.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.porngames.tv | udp |
| US | 172.67.218.20:443 | www.porngames.tv | tcp |
| US | 172.67.218.20:443 | www.porngames.tv | tcp |
| US | 8.8.8.8:53 | cdn.porngames.tv | udp |
| US | 8.8.8.8:53 | cdn.usefathom.com | udp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| FR | 143.244.56.57:443 | cdn.porngames.tv | tcp |
| GB | 143.244.38.136:443 | cdn.usefathom.com | tcp |
| US | 8.8.8.8:53 | 20.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | live.trmzum.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 46.166.186.6:443 | live.trmzum.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 46.166.186.6:443 | live.trmzum.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | edge3-sof.live.mmcdn.com | udp |
| BG | 131.153.94.33:443 | edge3-sof.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.186.166.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.94.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | access-the-website.com | udp |
| GB | 108.138.217.58:443 | access-the-website.com | tcp |
| GB | 108.138.217.58:443 | access-the-website.com | tcp |
| US | 8.8.8.8:53 | vrfuckdolls.tv | udp |
| US | 104.21.65.165:443 | vrfuckdolls.tv | tcp |
| US | 8.8.8.8:53 | wmccd.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| LU | 93.93.51.189:443 | wmccd.com | tcp |
| LU | 93.93.51.189:443 | wmccd.com | tcp |
| US | 8.8.8.8:53 | 58.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.65.21.104.in-addr.arpa | udp |
| US | 104.19.230.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | mkt.solution.coupons | udp |
| US | 192.124.249.179:443 | mkt.solution.coupons | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | pt-static2.ptwmstcnt.com | udp |
| US | 8.8.8.8:53 | pt-static4.ptwmstcnt.com | udp |
| US | 8.8.8.8:53 | pt-static3.ptwmstcnt.com | udp |
| LU | 93.93.51.200:443 | pt-static3.ptwmstcnt.com | tcp |
| LU | 93.93.51.200:443 | pt-static3.ptwmstcnt.com | tcp |
| US | 8.8.8.8:53 | www.safelandr.com | udp |
| LU | 93.93.51.200:443 | pt-static3.ptwmstcnt.com | tcp |
| LU | 93.93.51.200:443 | pt-static3.ptwmstcnt.com | tcp |
| US | 15.197.129.109:443 | www.safelandr.com | tcp |
| US | 8.8.8.8:53 | 189.51.93.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | galleryn0.vcmdiawe.com | udp |
| US | 8.8.8.8:53 | galleryn1.vcmdiawe.com | udp |
| US | 8.8.8.8:53 | galleryn2.vcmdiawe.com | udp |
| US | 8.8.8.8:53 | galleryn3.vcmdiawe.com | udp |
| US | 8.8.8.8:53 | scripts.azshopp.com | udp |
| US | 8.8.8.8:53 | cdn.solution.coupons | udp |
| US | 104.18.42.227:443 | cdn.solution.coupons | tcp |
| US | 104.18.42.227:443 | cdn.solution.coupons | tcp |
| US | 104.21.32.226:443 | scripts.azshopp.com | tcp |
| US | 8.8.8.8:53 | 200.51.93.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.129.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.42.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.zrmtrm.com | udp |
| GB | 89.187.167.38:443 | cdn.zrmtrm.com | tcp |
| US | 8.8.8.8:53 | 38.167.187.89.in-addr.arpa | udp |
| LU | 93.93.51.189:443 | wmccd.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | edge28-ams.live.mmcdn.com | udp |
| NL | 131.153.86.96:443 | edge28-ams.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | 96.86.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chaturbate.com | udp |
| US | 104.16.45.196:443 | chaturbate.com | tcp |
| US | 8.8.8.8:53 | 196.45.16.104.in-addr.arpa | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | cdn.porngames.tv | udp |
| FR | 185.93.2.244:443 | cdn.porngames.tv | tcp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| US | 104.16.45.196:443 | chaturbate.com | tcp |
| US | 8.8.8.8:53 | nwr.mmcdn.com | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| NL | 131.153.86.96:443 | edge28-ams.live.mmcdn.com | tcp |
| US | 104.16.45.196:443 | chaturbate.com | tcp |
| US | 69.165.103.130:443 | beta-api.cams.com | tcp |
| FR | 185.93.2.244:443 | cdn.porngames.tv | tcp |
| US | 8.8.8.8:53 | access-the-website.com | udp |
| GB | 108.138.217.58:443 | access-the-website.com | tcp |
| US | 8.8.8.8:53 | interactivesexgames.tv | udp |
| US | 104.21.12.85:443 | interactivesexgames.tv | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 85.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 172.67.218.20:443 | www.porngames.tv | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 46.166.186.6:443 | live.trmzum.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.usefathom.com | udp |
| GB | 143.244.38.136:443 | cdn.usefathom.com | tcp |
| NL | 46.166.186.6:443 | live.trmzum.com | tcp |
| NL | 46.166.186.6:443 | live.trmzum.com | tcp |
| BG | 131.153.94.33:443 | edge3-sof.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | fapdolls.com | udp |
| US | 104.21.72.250:443 | fapdolls.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 8.8.8.8:53 | 250.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssgtm.edenai.world | udp |
| US | 216.239.38.21:443 | ssgtm.edenai.world | tcp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.safelandr.com | udp |
| US | 15.197.129.109:443 | www.safelandr.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.porngames.tv | udp |
| US | 8.8.8.8:53 | access-the-website.com | udp |
| US | 8.8.8.8:53 | static-pub.highwebmedia.com | udp |
| US | 104.18.239.194:443 | static-pub.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 194.239.18.104.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.26.6.95:443 | temp-mail.org | tcp |
| US | 104.26.6.95:443 | temp-mail.org | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 95.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.paddle.com | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 172.64.149.8:443 | cdn.paddle.com | tcp |
| GB | 159.65.211.77:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | web2.temp-mail.org | udp |
| US | 104.26.7.95:443 | web2.temp-mail.org | tcp |
| US | 8.8.8.8:53 | cdn.perfops.net | udp |
| US | 104.21.60.173:443 | cdn.perfops.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | t.fullres.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| NL | 18.239.70.135:443 | c.amazon-adsystem.com | tcp |
| GB | 159.65.211.77:443 | t.fullres.net | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bt.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 172.67.134.120:443 | bt.dns-finder.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| NL | 18.238.243.114:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| NL | 18.239.18.78:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 8.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.211.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.70.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 8.8.8.8:53 | exchange.cootlogix.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.18.27.216:443 | ex.ingage.tech | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| NL | 188.166.203.175:443 | rt.marphezis.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| NL | 18.239.50.10:443 | hb.yellowblue.io | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 18.239.88.34:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 104.18.27.216:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 240.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.27.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.88.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.22.99.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.34.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9f4ead81d67291032c067453c42c582a.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.1:443 | 9f4ead81d67291032c067453c42c582a.safeframe.googlesyndication.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | beacon-ams3.rubiconproject.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| NL | 69.173.156.131:443 | beacon-ams3.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.update.rubiconproject.com | udp |
| IE | 3.255.235.138:443 | s.update.rubiconproject.com | tcp |
| NL | 69.173.156.131:443 | beacon-ams3.rubiconproject.com | tcp |
| IE | 3.255.235.138:443 | s.update.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.235.255.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 23.192.21.141:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 185.235.87.238:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.114:443 | gem.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| NL | 69.173.156.136:443 | beacon-nf.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| DE | 52.58.106.52:443 | x9l5148zejl9rs77.test.resolver.perfops.net | tcp |
| US | 8.8.8.8:53 | v1lfjqbav31k9to7.test.resolver.perfops.net | udp |
| US | 8.8.8.8:53 | gisxn3rya52r6i1r.test.resolver.perfops.net | udp |
| DE | 52.59.104.159:443 | gisxn3rya52r6i1r.test.resolver.perfops.net | tcp |
| DE | 52.58.106.52:443 | v1lfjqbav31k9to7.test.resolver.perfops.net | tcp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.106.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rum-cdn.perfops.net | udp |
| US | 172.67.198.235:443 | rum-cdn.perfops.net | tcp |
| US | 8.8.8.8:53 | cs.ingage.tech | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | hb.trustedstack.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 23.192.20.32:443 | contextual.media.net | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 23.192.25.42:443 | ads.pubmatic.com | tcp |
| GB | 104.91.71.10:443 | hb.trustedstack.com | tcp |
| US | 143.198.164.101:443 | sync.cootlogix.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | perfops2.byte-test.com | udp |
| SG | 101.47.95.100:443 | perfops2.byte-test.com | tcp |
| SG | 101.47.95.100:443 | perfops2.byte-test.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 159.104.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.20.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.25.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.200.67.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.164.198.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 44.196.65.202:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 104.18.7.198:443 | gum.aidemsrv.com | tcp |
| NL | 18.239.18.61:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 3.234.155.171:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| US | 64.202.112.159:443 | b1sync.zemanta.com | tcp |
| US | 64.202.112.159:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | rtb.bid.com | udp |
| US | 8.8.8.8:53 | sync.contextualadv.com | udp |
| US | 34.1.237.34:443 | csync.loopme.me | tcp |
| US | 3.219.79.107:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | sync-service.net | udp |
| IE | 34.248.74.5:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| IE | 99.80.11.107:443 | jadserve.postrelease.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.95.47.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.65.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.236.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.155.234.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.237.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.74.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | djlzvy5xcvhxt.flashedgecdn.net | udp |
| NL | 18.239.94.122:443 | djlzvy5xcvhxt.flashedgecdn.net | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | devnull.perfops.net | udp |
| US | 8.8.8.8:53 | rum.perfops.cdb.cdn.orange.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| FR | 80.15.255.0:443 | rum.perfops.cdb.cdn.orange.com | tcp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | cpt96125.shopvoxpopulus.com | udp |
| US | 34.107.229.149:443 | cpt96125.shopvoxpopulus.com | tcp |
| US | 8.8.8.8:53 | perfops.gcorelabs.com | udp |
| GB | 93.123.11.62:443 | perfops.gcorelabs.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | cdnperf-rum.cdnetworks.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 163.171.130.131:443 | cdnperf-rum.cdnetworks.net | tcp |
| US | 8.8.8.8:53 | 107.79.219.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.12.62.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.255.15.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.229.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.11.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.130.171.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test-perfops.ldgslb.com | udp |
| GB | 38.175.44.17:443 | test-perfops.ldgslb.com | tcp |
| US | 8.8.8.8:53 | cdnperf.qwilt.com | udp |
| US | 84.201.209.98:443 | cdnperf.qwilt.com | tcp |
| US | 8.8.8.8:53 | perfops1.b-cdn.net | udp |
| GB | 143.244.38.136:443 | perfops1.b-cdn.net | tcp |
| US | 8.8.8.8:53 | proxy.canary.scrubbingcenter.com | udp |
| US | 156.154.243.138:443 | proxy.canary.scrubbingcenter.com | tcp |
| US | 8.8.8.8:53 | 17.44.175.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.243.154.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test-perfops.haproxy.com | udp |
| GB | 104.152.117.107:443 | test-perfops.haproxy.com | tcp |
| US | 8.8.8.8:53 | perfops-cds.s.llnwi.net | udp |
| GB | 178.79.229.21:443 | perfops-cds.s.llnwi.net | tcp |
| US | 8.8.8.8:53 | perfops-ic-b5d7b000-0a73f3-a4x2.s.loris.llnwd.net | udp |
| GB | 178.79.231.15:443 | perfops-ic-b5d7b000-0a73f3-a4x2.s.loris.llnwd.net | tcp |
| US | 8.8.8.8:53 | ovh-cdn.perfops.io | udp |
| FR | 46.105.200.68:443 | ovh-cdn.perfops.io | tcp |
| US | 8.8.8.8:53 | eo-static-perfops.qcloudcdn.com | udp |
| GB | 43.132.64.190:443 | eo-static-perfops.qcloudcdn.com | tcp |
| US | 8.8.8.8:53 | 107.117.152.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.229.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.231.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.200.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.64.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perf.qinglanbaseunicast.com | udp |
| GB | 79.133.176.172:443 | perf.qinglanbaseunicast.com | tcp |
| US | 8.8.8.8:53 | 1596384882.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1596384882.rsc.cdn77.org | tcp |
| US | 8.8.8.8:53 | perfops.byte-test.com | udp |
| GB | 143.244.38.1:443 | perfops.byte-test.com | tcp |
| US | 8.8.8.8:53 | cdnperf-rum.quantil.com | udp |
| US | 8.8.8.8:53 | 172.176.133.79.in-addr.arpa | udp |
| GB | 174.35.118.91:443 | cdnperf-rum.quantil.com | tcp |
| US | 8.8.8.8:53 | medianova-cdnperf.mncdn.com | udp |
| DE | 31.3.2.84:443 | medianova-cdnperf.mncdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | perfops.swiftycdn.net | udp |
| GB | 94.154.158.19:443 | perfops.swiftycdn.net | tcp |
| US | 8.8.8.8:53 | perfops-static.freetls.fastly.net | udp |
| US | 151.101.2.79:443 | perfops-static.freetls.fastly.net | tcp |
| US | 8.8.8.8:53 | akamai-cdn.perfops.io | udp |
| US | 8.8.8.8:53 | 1.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.118.35.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.2.3.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.154.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.2.101.151.in-addr.arpa | udp |
| US | 95.100.195.166:443 | akamai-cdn.perfops.io | tcp |
| US | 8.8.8.8:53 | medianova-cdnvperf.mncdn.com | udp |
| RO | 185.22.163.103:443 | medianova-cdnvperf.mncdn.com | tcp |
| US | 8.8.8.8:53 | test-perfops.blazingcdn.com | udp |
| NL | 188.240.13.1:443 | test-perfops.blazingcdn.com | tcp |
| US | 8.8.8.8:53 | 166.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.22.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25748s.ha.azioncdn.net | udp |
| GB | 179.191.165.65:443 | 25748s.ha.azioncdn.net | tcp |
| US | 8.8.8.8:53 | ultrawaf.canary.scrubbingcenter.com | udp |
| US | 156.154.120.124:443 | ultrawaf.canary.scrubbingcenter.com | tcp |
| US | 8.8.8.8:53 | test-perfops.idevops.suijinetworks.com | udp |
| GB | 193.118.32.53:443 | test-perfops.idevops.suijinetworks.com | tcp |
| US | 8.8.8.8:53 | 1.13.240.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.165.191.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.120.154.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.32.118.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3888oxgux3fey.cloudfront.net | udp |
| NL | 108.156.60.81:443 | d3888oxgux3fey.cloudfront.net | tcp |
| US | 8.8.8.8:53 | cdnperf.cachefly.net | udp |
| US | 205.234.175.175:443 | cdnperf.cachefly.net | tcp |
| US | 205.234.175.175:443 | cdnperf.cachefly.net | tcp |
| US | 8.8.8.8:53 | 81.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perfopsrum.akamaized.net | udp |
| GB | 88.221.134.131:443 | perfopsrum.akamaized.net | tcp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perfops.r.worldssl.net | udp |
| NL | 50.7.24.82:443 | perfops.r.worldssl.net | tcp |
| US | 8.8.8.8:53 | media-edge.1e100cdn.net | udp |
| US | 34.104.36.46:443 | media-edge.1e100cdn.net | tcp |
| US | 8.8.8.8:53 | benchmark.1e100cdn.net | udp |
| US | 35.190.26.57:443 | benchmark.1e100cdn.net | tcp |
| US | 8.8.8.8:53 | 82.24.7.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.26.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perfops.s.llnwi.net | udp |
| GB | 178.79.229.30:443 | perfops.s.llnwi.net | tcp |
| US | 8.8.8.8:53 | perfops-ic-b5d7b000-0a73f3-a4x.s.loris.llnwd.net | udp |
| GB | 178.79.231.33:443 | perfops-ic-b5d7b000-0a73f3-a4x.s.loris.llnwd.net | tcp |
| US | 8.8.8.8:53 | perfops.cloudflareperf.com | udp |
| US | 104.18.32.27:443 | perfops.cloudflareperf.com | tcp |
| FR | 80.15.253.0:443 | rum.perfops.mdb.cdn.orange.com | tcp |
| US | 8.8.8.8:53 | 30.229.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.231.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.253.15.80.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| FR | 80.15.255.0:443 | rum.perfops.cdb.cdn.orange.com | tcp |
| GB | 93.123.11.62:443 | perfops.gcorelabs.com | tcp |
| GB | 104.152.117.107:443 | test-perfops.haproxy.com | tcp |
| FR | 46.105.200.68:443 | ovh-cdn.perfops.io | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| GB | 179.191.165.65:443 | 25748s.ha.azioncdn.net | tcp |
| GB | 88.221.134.131:443 | perfopsrum.akamaized.net | udp |
| US | 34.104.36.46:443 | media-edge.1e100cdn.net | udp |
| US | 35.190.26.57:443 | benchmark.1e100cdn.net | udp |
| FR | 80.15.253.0:443 | rum.perfops.mdb.cdn.orange.com | tcp |
| US | 15.197.129.109:443 | www.safelandr.com | tcp |
| US | 8.8.8.8:53 | secure.customerlivehelp.com | udp |
| US | 76.223.3.158:443 | secure.customerlivehelp.com | tcp |
| US | 76.223.3.158:443 | secure.customerlivehelp.com | tcp |
| US | 8.8.8.8:53 | 158.3.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.update.rubiconproject.com | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| IE | 3.250.187.153:443 | s.update.rubiconproject.com | tcp |
| US | 95.100.195.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 153.187.250.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.68.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| US | 95.100.195.47:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 47.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 95.100.195.150:443 | r.bing.com | tcp |
| US | 95.100.195.150:443 | r.bing.com | tcp |
| US | 95.100.195.183:443 | r.bing.com | tcp |
| US | 95.100.195.183:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 150.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| US | 95.100.195.183:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 143.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 185.136.161.124:6128 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:6128 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:8761 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:8761 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.135.250.11:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.135.250.11:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.135.250.11:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.135.250.11:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:11614 | tcp | |
| US | 3.135.250.11:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:11614 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | edge28-ams.live.mmcdn.com | udp |
| NL | 131.153.86.96:443 | edge28-ams.live.mmcdn.com | tcp |
| NL | 131.153.86.96:443 | edge28-ams.live.mmcdn.com | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| GB | 92.123.128.135:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 135.128.123.92.in-addr.arpa | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:15822 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:15822 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_4792_MVGLFSFPJDVCINUD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c24f0ee4db5624205510af4c492286e |
| SHA1 | 531ab8d1dad137d3be7a7f5824a099c56b39fc34 |
| SHA256 | 950a35b9de66e9ba6eb76f301613df7ad90eaa9c0f5db5a6e76eb601c307c03f |
| SHA512 | 6324229c71b3c9e588e7f232da9d568d097bac4284b3af81a1577fc126b6b5d6c47e23d76ca18972f280e72cb1209489aa1913976533976073012a3177546410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8755b79057300b215625c89015c1497a |
| SHA1 | db8041885a8797fcae648f970c44662f1b1db2b7 |
| SHA256 | 789b80974f914b5483e79a47a06e331000432075dd8dc8134f63cbf3d5b3677e |
| SHA512 | 2a4b3c1825852999bd18c77c3155a8126341bc9aacb84edca8d078ba2bafcac76f04dd95fb20da93d6e37e9c6a79c613e836ea0745d418d7a3185a0cde91ed24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42629a89ca224b6cc8009beb42375472 |
| SHA1 | 0b52b5e4f568c437bffc2ab3c6404ae1bed0d973 |
| SHA256 | fd9cd9ccc1a64a948ad7220bbc663e4fb694d0734707ae4bf8e5db24500f87bd |
| SHA512 | 04645aa211d1d6ddade940fbdc86595d6ce9ff8755b2256e3d117611739074a2677abde3928c869473b769deb262e2e06cd4c51ab8cfb87ce52a9c7f3f095382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20948dfa2d56e028ab9ee339979be78d |
| SHA1 | 20850d109094f309bbf6e45293c9e320dfd0831a |
| SHA256 | 8dbfee0a75a47b660f0cbbb270cbb34a9ce75a8281ed5a241323af25e51ff4df |
| SHA512 | 5bc311a74771b4d26e787c2322b36f862bf31c9cce9373e097c2f6f2443f04090c31d7e686d8bd7a5daa0a9f2cd369c677e950e77a4360af715be2f2e1cbc892 |
C:\Users\Admin\Downloads\HwidSpoof (1).zip
| MD5 | d1b872106ce934e038e40658f3661b8c |
| SHA1 | 139b53ad815068e160850350a5a082fdd837bc61 |
| SHA256 | d209888784d5eb5d16f73172a5f464cf4e4b024ce906c23aafb9cdb64f411e58 |
| SHA512 | d26079a5c9f5712c4926023aad2fc551b02b2feb62dedd4cd4f242826331db93f162533931cbcb130824280971ba94b87f12f288d92a947ec287d04c5c2a6c36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 597bb34d216a63a6d10044676135594e |
| SHA1 | 03834184c9f82bc9e61613a4b02b104727c32ada |
| SHA256 | 257735ffb82b5ef616db6289ee59222ebebd8de3aa70dd985a39cd7d6b17174f |
| SHA512 | 503d2ea2084e30790112703e1ca583f283fe8fd1ea2caa2e44e651a38b9b9beb6ebe90cef3f746258d526294d7c6bb0b7d23a19910b5b6186f24efe0b7fb94ae |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\ucrtbase.dll
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\python312.dll
| MD5 | cae8fa4e7cb32da83acf655c2c39d9e1 |
| SHA1 | 7a0055588a2d232be8c56791642cb0f5abbc71f8 |
| SHA256 | 8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93 |
| SHA512 | db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\base_library.zip
| MD5 | 763d1a751c5d47212fbf0caea63f46f5 |
| SHA1 | 845eaa1046a47b5cf376b3dbefcf7497af25f180 |
| SHA256 | 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7 |
| SHA512 | bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\_ctypes.pyd
| MD5 | c8afa1ebb28828e1115c110313d2a810 |
| SHA1 | 1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a |
| SHA256 | 8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0 |
| SHA512 | 4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 4653da8959b7fe33d32e61e472507d54 |
| SHA1 | 6d071b52f40dc609f40989b3dd0fb53124607df8 |
| SHA256 | b7e186a946119791e42f17e623732e23f864f98b592c41d95b3da0532ea9d5f3 |
| SHA512 | 81e17cf4b64ed5efba191d35b1877384544557c3001efa0321a755a35413740ae66e39e39f573d3184ef8c893c739a74d37f170fe540f81177a83b44bc18ba6d |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 9bc895e2cc140e168fa55372fce8682b |
| SHA1 | 579d71e19331625dda84baa9d8b81dd3bafc9913 |
| SHA256 | 287f80b2b330cc5f9fdf47de50b189993ce925b5e2b7a6da5cdaef9c7d5f36c1 |
| SHA512 | de0e5c6f9656106fcf2443d863d26c4b16bbb5b40e676199f9c459be02b4837a2d32bddda82543eb2e0bf14a27edea7f5d506914da8d63da77ed7ccd2204aa65 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 2e657fe299572eacdac67f4b9f603857 |
| SHA1 | eb4fbc0147d4df5d4ef81953bc1265d505a19297 |
| SHA256 | ec3c2bff10b9469ac9c6ed109307731a1a4694fb54856ddd082a2ffd3cc34df2 |
| SHA512 | ee3899584ecece342accbd73d681358cfe8b4fd2ed07cf3034b14f3d04e3b03e5d6d041a0afcb0b2b2b5afac118032317b5eca00d11f7703d9d0dae0e3ac38f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 4a3342bce6b58ef810e804f1c5915e40 |
| SHA1 | fe636cca0a57e92bb27e0f76075110981d3b3639 |
| SHA256 | 2509179079a598b3e5dfd856d8e03e45de7379c628901dbd869ec4332ddb618c |
| SHA512 | f0c626f88f016c17fa45ea62441dd862a9575666ec06734f61d8e153c5f46a016fe1d9271293a8e29afbd167f7a381e3ee04cb413736bc224ac31e0fe760341c |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | dc8bfceec3d20100f29fd4798415dc00 |
| SHA1 | bd4764be2833f40c1cc54229c759f83d67ae5294 |
| SHA256 | 4950d0a97cb18971355247feccfd6f8ea24e46bca30f54540c050e4631ec57a8 |
| SHA512 | cc7899ad716a81af46d73b1cb8ded51aee9619f2accc35859e351fb8ee4f965f5bcc9adbb7353ca7a3c8e39d36c09481f66519cb173da1d2578718c764fb6fae |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 38d1c8d2aa2023d85aca69286d79fb78 |
| SHA1 | a97e806268dc4ee781ec2bfb654ed8bf91c2a83a |
| SHA256 | 381a09a63b5818a2499144adbd8c5f6bbcfce93d643e9920cc54485006fbcc48 |
| SHA512 | fc71441009ebe69dfbc04a791cb401306cb88f7bed5290cd899e234d290209917dc7fbd0d0d1a16ceb056858c77306b8ee5f3c17432f3594904b73b20162738e |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-math-l1-1-0.dll
| MD5 | a12569b252b6761a6330d2ffb6c2983b |
| SHA1 | cc6bdb88b252144af816976a181d2b3b961ce389 |
| SHA256 | ab0de0cf89f88b947e01a5ab630d71384ad69f903cef063ccb10de54d061ea2e |
| SHA512 | ee9cb0e2c613374348a34e4a65c83da8d35e6e841f50eed726ff397c7bb6ec430ed200b3b1a541041a91ebe5ae0c96270ee7b891c8c173b340c82abd2cdf8750 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 78fc4a7e489f64ea5e0a745c12477fd8 |
| SHA1 | 51ab73b5142ee2f742abdaedf427690613a19f4a |
| SHA256 | c12c28e3391a8c8adcabe4632470de824118c56338f46fcd8b99257709f50604 |
| SHA512 | c9064ff0b39421b28720e65e70695a997995cbec80f1534d88b886bda1797a7316d9b61e458b894b528c7bce21c36f1d4acd916de96d0cdfde59107ea93cd5d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 481282554b34e19c77978dc7888434e6 |
| SHA1 | bd33f1189fc79ac57716f9d030ef0bdd30205115 |
| SHA256 | 8895c5ab2152a7f25f0c44a3457867229046952106d422331a1c57ad7935b47e |
| SHA512 | fbe98fda91618dd980709babd8e56b8c4c4ff370e6de23075f89303aafffd723dddfd270f388c573914385e957add756bfe2b1fcef5f9f86cb30e111177a52e9 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 1fd59e1dd71eb3bdadb313029710dc33 |
| SHA1 | 82f5de117d9c55247da873ab8ad23f4e07841366 |
| SHA256 | 953e4403094ec0c3e8c3a9ab38012cc36d86ac5fe3fff2d6b6c5f51f75737c46 |
| SHA512 | 69608ff0127587b93db86c8cb27a932fa4b550c7d8d908f9fb8579ba2bccc6d43e7283363f7b46dd39a40a8c790a030028a78302703658fd5d68f5ee9452a5aa |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 4eeb879fceeae59927f98a1a199b59ca |
| SHA1 | 3bb833edf4c10b42b7b376b93644ccc7f9a4b0f8 |
| SHA256 | e1b95e27cad9da4f0bd8bf4c913f49b9b8da6d28303f2946b55da3bd7feb36a3 |
| SHA512 | 6a43eb0c660395a60d17401e948bc4da010261197ea13b5c9e043e7ee93c30eb17efb9b6b138ecdd77ddc3d0caa98921b57bfc244f6cd554417a0fba5c9407b0 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 55e742035343af7b93caeeb71d322bed |
| SHA1 | 121134dfeca618ec3fae3fb640e541141d0c7b65 |
| SHA256 | 2364fa428deba813b8a27b369acea8ed365aa5c9da776d57e146576920746f0e |
| SHA512 | 601474b8c9185cb734df191f4382590f1466c0a32773e17c73afa5c1446dc648253d44e4ebad6ce0d29288afb1d7794c09ff0d7cfe81a3adc3dc26b3da46103d |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 43760078912b411595bcded3b2eb063d |
| SHA1 | bd00cd60fd094b87ab0cff30cd2afe0a78853f22 |
| SHA256 | 0a9bcaa55326373200396bb1af46b3058f8f7af7be3289544dddbafdec420fea |
| SHA512 | d779f67bbb6e9867bcef7667c28e0032c01f36b8ea418504e9683240a6c0d9640b24d1dc5fa78cc9dcc4515f7be0d314f27ebcebc047b2e0f71680905d87827b |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-util-l1-1-0.dll
| MD5 | 85a8b925d50105db8250fa0878bb146e |
| SHA1 | 4b56d7eb81e0666e0cd047f9205584a97ce91a01 |
| SHA256 | f3324803591d2794bad583c71d5036976941631a5f0e6d67c71fc8ba29f30ba8 |
| SHA512 | cb074508052fafa8baa2e988e0f4241411a543e55a6a9fee915029c6aa87c93cce1f0b14fe0658361b6b4ab6880b31a950c215404c0d71d8a862d4e74ab3b797 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 953c63ef10ec30ef7c89a6f0f7074041 |
| SHA1 | 4b4f1ff3085fded9dbd737f273585ad43175b0a3 |
| SHA256 | c93954167c12e15b58ac95240d2e0a2fbd94561d739d9f6aca906d9c30453496 |
| SHA512 | b4534785e4d02ad387e3c6082884d438cc4b3cd8758aabcf99620052f5842dbd298351bc1723c274d4f7d3fce0cc940df3d47865fece2f07cdb1151376ba852e |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 1f0ab051a3f210db40a8c5e813ba0428 |
| SHA1 | e2ec19439618df1d6f34ee7c76108e3ea90a8b14 |
| SHA256 | 2d4cdda6d6aec0b1a84d84528380c5650683b8eed680f3cafd821ac7f422070c |
| SHA512 | a8ba535580d6756ac30e725411980a8d17e9a8aa1229233bb7a9b15c55b18b61136772d5d75cce0edf21b0f300bbd4d2458a4c69762261e928ef3cb7d5a14bdd |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-synch-l1-2-0.dll
| MD5 | b865442fb6836a9b933a216109ff3d0f |
| SHA1 | 15011fcaea649ca016fa93996639f59c23b74106 |
| SHA256 | 498194cfe8b1138385595a7db3863adf29a9663551d746fb64648ffd075186b3 |
| SHA512 | eeb9fa00a941c4b30320fbb9ecc2717e53d13cd12394500d795be742dbe25c5fdf8590e9fe7f3b210a9d9aa07c7392419823a6a947591e7a38707a87309a2b76 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 2c4be18e4d56e056b3fb7c2afb032e9e |
| SHA1 | 9620c91a98175dddccc1f1af78393143249e9eb9 |
| SHA256 | 56657da3db3877624f5dad3980df3235fe7e1038916627c0845b5001199d513f |
| SHA512 | 18cbb5671ed99b475c7f6ff2d41943ba6d28fbbd781884bf069d1aa83f051c00d61baa11459dcca4fe2a4bc26c3540e1f598e4e0ae59a5e18d340a68b695ed78 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-string-l1-1-0.dll
| MD5 | 9ab1bde57b958090d53de161469e5e8d |
| SHA1 | 8452aed000b2e77040ba8b1e5762532cdf5a60ad |
| SHA256 | 199c988d566f19e8c67f4cd7147a7df591cd2f2d648cbc511a5e4580346e75f4 |
| SHA512 | cf53c6885e154a05f8773d6b66a605049d70cc544f22a11d423c885608cd387446306ce6dfee2cc4ee9387cdc0a50da55948b5e55ad94acde7c7fd04fe38a137 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | c03daa9e875ff8638f631b1c95f4b342 |
| SHA1 | 71eaeaccea8a302f87d1594ce612449c1195e882 |
| SHA256 | a281ae7a487ecea619e696903e5a8119ae3f9e9eb2f0b64b31a8324b530a4d35 |
| SHA512 | efa6ca2710f9827888f2cfcb87a321d66593b39988ebf743f37e2b8fe77dba9517bdd8571d0be7573cd6e1c786c1edba10857cfb6060e315aa0d46a16523d43b |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 430d7cdd96bc499ba9eb84bb36aa301a |
| SHA1 | 48b43f6e4ffa8423966d06b417b82c5f72525dd9 |
| SHA256 | 3e16b030a162ee3b4f6bf612af75d02a768a87f2d6a41a83f5adab2ec3c24dd1 |
| SHA512 | 51042ebca24086e1d0015fa921816a2f3c56065e1e15190b48c58656eb88610d64acacb87584981963cab501985c2cb68e53075cf5e0c65761bbddaf56fbbab0 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | b1ba47d8389c40c2dda3c56cbed14fc5 |
| SHA1 | 2eef9ffa32171d53affa44e3db7727aa383f7fac |
| SHA256 | c7277c05dc6b905fad5cb930b0ecfbbc4676b46974b4571e54ca44cb6f6be404 |
| SHA512 | 466e31f17f73bda5149343b23f4966502a8597d2a2e43f9a6c9c32387451d92c6b658ccaae27044e68e4a9fd0ef9c89e32dc7639d59fcf04c596b6abfa09658b |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | d21be88a58960edfe83ccbbdf5c4103d |
| SHA1 | 3cb0d010837b77102e77ca62e1033ef4eb5473ac |
| SHA256 | 3e909b4951e485de391f9a101e513b32c6d3507674c4d666ad3105b939b25c24 |
| SHA512 | 99b1fda3ec9292a59ed528ab243b4f8ac63e2d7b219135f26050bb7dd124a5d5dc4a14a69383a8aa0b03f0f0a3bccf0c233ef09b8e3d3bdf43d0aa1cfc1a3992 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | df64597430e1126c3ba0fe5ecf995004 |
| SHA1 | 3e32ad558501fb9d108f885a55841605be641628 |
| SHA256 | 9638950211cbdcdaeb886cab277573391bf7dda2fbdb24fc18d31125dc8a7c24 |
| SHA512 | e16c1f5468bf2fc90b66b4b66dbad62cdbe29180f8da8ab8ad28d1b0c418cb96eadf24bb54f2ee9bcfe3176256d05f7eb591b6f908e47bd420ba22768fe0ea61 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 94fce2f4b244d3968b75a4a61b2347ab |
| SHA1 | c5898af5fd941c19fcdd949c6b4e2bb090d040d2 |
| SHA256 | c513bdc265654d2e9a304423f299fb46953631f0d78af8c1d397cd58b491475a |
| SHA512 | 1afe1f3a9b803c5758ff24376fe040d856b5ca814717b490464260c9c78e70ce6c166efbcc98e26ac12dd6173285b4863da7df4ff644d1d8150f8ac4b47113e1 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 5e93bf4aa81616285858ca455343b6d3 |
| SHA1 | 8de55be56b6520801177f757d9e3235ec88085f7 |
| SHA256 | c44ec29a51145281372007d241a2cc15b00d0bacc8adfaac61e8e82efe8ea6a3 |
| SHA512 | e6a46dad1d7125dbaaf9d020100d7ec321620e38fdd1c931af74e8ec25e841c52555ec9646a895ad4450de94f70e82e9a237c2895ddfd16769b07cb73ad827e0 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 0414909b279ea61ca344edbe8e33e40b |
| SHA1 | 4ece0dabe954c43f9bd5032de76ec29c47b22e10 |
| SHA256 | 05b0c773a77850f3d50ddb4b82cc4d5f19316fe1aaa65e21b4709ae73f60a28e |
| SHA512 | edbd33540cd1ef69f2ce824cfb991903ec6e4edda815f07d610247594ceeb2ebc78f05a44b4de8c5c937191b7e8b2ef221423c06df303d73deea721c25d15eed |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 5eb2d8e1b9c9bd462c808f492ef117c2 |
| SHA1 | 60d398ec6e72ab670a2d9ef1b6747387c8de724e |
| SHA256 | db85f9aae6e9a5f1664326fa3fb82fe1002a3053857724d6c8d979a07c1221a1 |
| SHA512 | df0ef770368f153104f828f1c2381bea9a79e69defd43af53bdd419b7d80144831e0c4cc8695baee9f26928f0c4a00fe4837c872313c37bce1b23e6690a93bda |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 5a1569efa80fd139b561a9677a661f8a |
| SHA1 | fb0c824688e65ed12f52fa961ef3bae5674f32af |
| SHA256 | 41c1eaf5545109e871abef7386ab1abf9d2de1762cb4720c945afa8424858b00 |
| SHA512 | 1d2594c7f9757a95b41a9e6496f89c81fc96448b32cacb0c10d0db8c28a95cf33b3ad23348bcd8fb37d82bd72865d3c60944206f2e795686440de49bbcc39d7e |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 5846d53ac41102bb6f7e1f78717fea7f |
| SHA1 | 72254f1b93f17c2c6921179c31cd19b1b4c5292d |
| SHA256 | 059dfa16c1bbe5ff3a4b5443ba5e7ad1d41e392a873b09cfef787020ca3e101f |
| SHA512 | 0c29c0f562f1cabd794d8bf7f5cef0b0213fcf52a71eb254e0122f88c6e03558cb2259caff6b46d3b055101ef5422318e48d6c7568cbf2423212b8ed4e8f0f7f |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 53b1beee348ff035fef099922d69d588 |
| SHA1 | 7bc23b19568e2683641116f770773f8bcf03376b |
| SHA256 | 3a52229bf8a9df9f69a450f1ed7afc0d813d478d148c20f88ec4169d19b0d592 |
| SHA512 | 85c7ffa63483d69870cd69bf40e2b4ea5992d6b82607ee9bfc354c3bd5079e18cfe2ca0bcaa2fe493b42226f4a8097737116ea023823ce3ef177596dd80edcdb |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l2-1-0.dll
| MD5 | 50abf0a7ee67f00f247bada185a7661c |
| SHA1 | 0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1 |
| SHA256 | f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7 |
| SHA512 | c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l1-2-0.dll
| MD5 | 3473bc217562594b5b126d7aeb9380e9 |
| SHA1 | b551b9d9aa80be070f577376e484610e01c5171a |
| SHA256 | 0d8190fd619feb20df123931108d499132f7051f1ebb0ef246082f4c52c88b22 |
| SHA512 | 036b93457ade632ad68264d81ff26ee1156038e234c606882386d6babcbe722a18e9ced1655f97caecaf5fd514e261dafe999a3e9fec00cc677e177f0bf8e203 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-file-l1-1-0.dll
| MD5 | ecee1b7da6539c233e8dec78bfc8e1f9 |
| SHA1 | 052ba049f6d8cd5579e01c9e2f85414b15e6cbf8 |
| SHA256 | 249d7cd1c87738f87458b95ace4ab8f87b0de99eeefb796f6b86cba889d49b2c |
| SHA512 | ea21fe20336b8170b2a8cd13df217e9ee87aa1d2b0ba476bee2a97c3fce57648c9ab664b9ba895d5bbbcd119f2bb6633bedc85dafbd7bf6853aa48b168a927f4 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | 73dd550364215163ea9edb537e6b3714 |
| SHA1 | c24fcadfee877d5402e2b4f8518c4f5f4a2ce4b4 |
| SHA256 | 0235c78780eff0bd34fce01d1c366e5e5936ea361676cb9711a4cfff747d457a |
| SHA512 | 2406d9d44d3ed86a95248b25cf574e0c06533cd916048a2facd68f4db48e49e8e8ce1917091bcfb273d0acc210697ceb659930c896e51464c300ec06476d8cc2 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | a17ff429442d4e5298f0faf95950a77d |
| SHA1 | 522a365dad26bedc2bfe48164dc63c2c37c993c3 |
| SHA256 | 8e9d1d206da69da744d77f730233344ebe7c2a392550511698a79ce2d9180b41 |
| SHA512 | 7d4e31251c171b90a0c533718655c98d8737ff220bcc43f893ff42c57ab43d82e6bd13fa94def5bb4205caec68dc8178d6b2a25ad819689f25dad01be544d5ac |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-debug-l1-1-0.dll
| MD5 | c68a86c180ff1fcac90d1da9a08179c1 |
| SHA1 | c287951441c957931dc4ebbee4dc9426a4501554 |
| SHA256 | 2c91c4861e88c92693a1b145ebe2f69ffb90797cd42061e2d84f3d7fc009a941 |
| SHA512 | 857fbf9852596ef7263d8faf970128487413c859246f58b15cec32d11576894c47211a3bd9005f86c2a28fa6b67fba96831c4953c0fa24e2373a6daecb85e121 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | d7ad8db12ff42d620a657127dada1d88 |
| SHA1 | 0ca381c734a3a93dc5f19c58dadfdca9d1afccd8 |
| SHA256 | 26054d8febab1aacf11aa5cb64055808cd33388a8e77d0b3bcbc7543b0eea3bd |
| SHA512 | 7e2d6b60adbf97b22ab4b66691e483827d5755cfc6fcb5224369ada53cbd8cda43c4694a000ea4b5cebc69a475b54df0e9694c20afd9ec62b4db7b22241bdc45 |
C:\Users\Admin\AppData\Local\Temp\_MEI9242\api-ms-win-core-console-l1-1-0.dll
| MD5 | 4a8f3a1847f216b8ac3e6b53bc20bd81 |
| SHA1 | f5aadc1399a9da38087df52e509d919d743e3ea7 |
| SHA256 | 29b7d786d9f421765a4f4904f79605c41e17c0a24d7f91e44c0b7b0dea489fc3 |
| SHA512 | e70d2b719517c413fa967ca1a8d224299af55d988b3cc28013aaa3677660fae9ecb6f858d31c08cd8a0888f932af1384f0eaa928c002200f0710c2d5bddced1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 787bfea3c895088598be8273e6b26ce8 |
| SHA1 | 51c9e1d18e593353fadcc4136c88adc22d663a9d |
| SHA256 | 1de93e0c091d913e0ae88771d4f3115a9fecc6d69923a78d47ecae1dbe25e3e6 |
| SHA512 | 904b270c62d73521fae0eb9937d035dde4a1f642329c27f65cbe1611bc9d97e045324c0189ceb201a50d0cf2a688f44c7ca15be90b4924a866ab864ae9267b1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 23280b325a103e6536e053c0b635b075 |
| SHA1 | 0707d1e2f680a70f7ea77a586716fd9f970937cb |
| SHA256 | f623147fcd61951858fd7157778be74b61608283bfe014e924e5ccd94efc0060 |
| SHA512 | 2cf2fc1c729e60a7696a080700ef47c082dd77b3fe1ecbee39b312a69c02e79c4f03e822ac9ab1d2ac078680257b7a761ef6911c0fca856a7276af86575e9c93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 958f0e1f0e28361abd2baae987bcec9f |
| SHA1 | 834f55da43b2ba2f644bf1cb3e79a52e55e22eb7 |
| SHA256 | 51dad1d166c907721bcb27caa74efd55039fdf6ee6aa694b486335c95c89f788 |
| SHA512 | d736ba67da379175ccaf7ee6bedc99057910d731177feb8f5cb46d547567cddb8b5538d315bb0dd0b4ef0dec3eb495307bc0c53ceed91a581f6d0c21927368c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 735f3db1920cfcdf31486594cc065e2f |
| SHA1 | 041b8e74c09142f67d0a3cf3df833679bf315efe |
| SHA256 | aefb0af3048d9cbbe8475b913be7d4846ded9ca8179fea0caccecc9162869ec3 |
| SHA512 | 66e53e6e9771e841730e70d05a737e4133637b393bba7e961d51df399f2802d96255cc0ad2cb68bfcfede421bf426858a9f9f5bf3099f84911e0b67ad867373d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aa895.TMP
| MD5 | 83c7aab18275476e5dd0673f4aed8651 |
| SHA1 | d09ab8664a69ff53da8191a32c18db245c728396 |
| SHA256 | 6bec96976d0a02576f3d9b4e33097314e7859041e127a624d244add85f94dac4 |
| SHA512 | c0e3fb27793dffda391ddbafcc169f264db7ed1d3be91baca8143afb2bd357883f15c27092e91da2a54085db438e97424f47f8a17a9d53732e1e1b7adff36b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fa915f76136db7bf30023402d2ef8f4 |
| SHA1 | eef4b4597ceb36d3b7f7749db5d643fcadf211ac |
| SHA256 | f526bc11cc2b7820e02b66076aa7354778cad85dd433f51d901cccf7fd1e410a |
| SHA512 | 8a48b4ac166f5886be8c543dafac77d02de88bcaf8bcc8b719cdc1ed71bc418d481952ccd3a60da18e62b634df71f3020276fdfa6b5b490454e225210b03ff11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4358c4dac49d2069c123e816652c1e5 |
| SHA1 | 283c6d706f35c20092d88e7306054cb9316abcd0 |
| SHA256 | a4c710e0755ac1d561ec72238e90dc2a80f58f7725fad39ef5942330592bc937 |
| SHA512 | 7dbf757c13e0a4a2242ad30031ab082c911ccaf387d72280544309c52696948617d08f56ce116f17624d074edab899f3f34319c5fd51ca367a6934b7f818bda6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e2a31150b6536df3f2fc9f1bbc5498d |
| SHA1 | b9c387bae2dee3a85d0b9b0a96f6cef5dee43c39 |
| SHA256 | 2f1c6eddb422585d2d1d34e27ddf15085637a65d6f5be56bdbfddcf3cbc460a8 |
| SHA512 | 01da6e3b5b670241c10edf831818f9542b586b990a921a192e5de6f34615d99a6423d44c9fadfc345befad90dfaad0ddfb8f4526227d64c2682bca115b846c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 62f827e67d19a5bdb3a5adf6bb4164da |
| SHA1 | 8ba103943985ee6c56ad1e06a5501e8915b2e5ff |
| SHA256 | 67562e57c19a2d55850f1b6d2c6ba587a0f5b8ecf0547fa8d26ed1a49d7f6766 |
| SHA512 | d871fd8330a968e96cb04b8658ec5bef18dd79cfa507cecea49013c5c847379a42d2fbbf1ef9b14a88496fef2b03d008e268c78694d973a0a6762f6c08302400 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff480395397653d91cde2e41a1642d46 |
| SHA1 | 09cfe4945c47b0430112cf7dc8e22f3757446203 |
| SHA256 | 345784a80af7d7708869ab5e2c45edda5ff390be93c3cd559555b85936cf01c2 |
| SHA512 | 3e7ab62b90c2d8a7af6c0bcc490bc362f0e0e331279ce431d18a25ecacb65dd276a3344e274bf947471c33085d745d6fd4b08046cbe9c42a1f418416af8877db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb5b30f9d87c716165a79c26d0c00773 |
| SHA1 | a1a40c6638928b092a35cbdb2cca6235f2a00fd7 |
| SHA256 | 0b0069bf8e3931530fb0fa43c5a048727c71efdf36a5b8cf6e1497b9621501c6 |
| SHA512 | e84fee297f08e404cb266851509c0e929aea578483b16f19505ffb6fc7d7a4066a7a284a6fdcc201adb4b78bc0220147a1d5784ee925de400be42d399ce0f8e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a59765d8135afe69324acddb840882d |
| SHA1 | 1ff7dfcea9c60b14ab879b051b776fa459a759a5 |
| SHA256 | 84033237c31b11f26ba29e7765272e033acf53c388489abcf6712ff40aab6586 |
| SHA512 | 8cbd6f1a6d40a280b9c92d5bbc3745b2e729a7b420c9e96b5adbbae0b245d9a2e0cc879437f8edc208bf1774fe3455b83d4b28910f78632fdf57e784d3f52e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0fcb95a85b00147129dd10583a155f5b |
| SHA1 | 442684fdf7b13953a2666c16560e27ce68230b1e |
| SHA256 | 0569e8e9493d471a25400650a1cf8c1f65dd7e7b2989eab0fb5507263640431d |
| SHA512 | fe6ae385bcbaec934038eb72410ee09a0c590c71b01d41bdb7196055a55242c9f72e41de345b3dd4e5590fb4ad250c4382caad02506986c5c7fee0a1029dbb5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e4c05b4222499f67f24ee91ff2d31ca |
| SHA1 | bb30be226e79b421d0ff340c320f5ff7a625a339 |
| SHA256 | 94199e147a6029d3f1ff368b91d487b8e3a6f4e9a7e4e55605cd73d0794c2338 |
| SHA512 | b8b6cf9a6f098908548287b4c0ed25ee1e568094fdfd38bea515e067719832fe0b550fa839ab6aac8c74c756761e8c5f947481f54aa89fe7e9a02b81cd142951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5322397615a61d53129ff39a295c2a7b |
| SHA1 | 3ca71a520abd61cd07d819ba6871a7e24d5cd16e |
| SHA256 | f40b4820899bef786cba6911d4ac7e9625b29feea23c643aede6f308d566b73e |
| SHA512 | 131fe489bb6fabaee159eaf0c800e8caf3cd7c3cce97cc8f7cc7d1c0facb7b0b10dc8ccfa118bdd27502548a473b61e3dde8b7767905c5f8705a6c7c5a8dab7f |
C:\Users\Admin\AppData\Local\Temp\MSI5117.tmp
| MD5 | 6425466b9a37d03dafcba34f9d01685a |
| SHA1 | 2489ed444bce85f1cbcedcdd43e877e7217ae119 |
| SHA256 | 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d |
| SHA512 | 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371 |
memory/2436-842-0x0000000002630000-0x0000000002657000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll
| MD5 | a2d4928c9836812735b3516c6950a9ec |
| SHA1 | 01873285eec57b208fa2d4b71d06f176486538c8 |
| SHA256 | 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8 |
| SHA512 | d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79266b84c1c91d33dab04732259ec5fe |
| SHA1 | 4854e58b2481db937be903061c68971f7ddc572e |
| SHA256 | eb37a6aee7bef0909c0442845cd5b637cd9502bcf63a419547738e981f4f47a8 |
| SHA512 | 8496cda2ae6aba8d8abcb3a58ca9ab9c125eefef4e9892e2df74c9b91ff9173be5bd1d079b012caccff16e4257ededaa7c59896edb861c6d11a825a0e0069f2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 342346dcd7ed2f0edde64ad60b4b5ceb |
| SHA1 | 0a429ed39d5eef59c6e0eadd7c5d40cd5bb91c62 |
| SHA256 | 602948324fb1d9b35b89711dcb3382967e606c69b50093bbd8bd94a21a91d31c |
| SHA512 | 5b2bb51ae2750c1b419e975dad9131fca8fdbb2daa03b74d66e7e4125259683eac3d0a5fdfc31984c0acf1a123ce2afb87b0b169ce2a2db6fc3746411d18111a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78ad45c518f480115f8794d63f094dfb |
| SHA1 | fc85001faa8ca5dd772c165ed636fd49edd5917f |
| SHA256 | 98457531443ef89396b192ae5380091e6ed476453d6992b70be7ba46d37c7965 |
| SHA512 | 87ae771c16ca4403ec223e0a0cab290646842b4608121d7a8f42cc8036bc946d87e15a5cbbcee268aa6618334ae8d3280699406cc80ba79a9afaa5c570464b86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d7864efe8c33ad8bf8c688babe7d182d |
| SHA1 | 03a0b602da5e2bc29e20ccff13c2c9689d6c644c |
| SHA256 | 3bbedc812258bc8734d98cce09914fdbf0b3c8b8a427b9cc004ad75a7b8187d3 |
| SHA512 | 6b215f2044d98ef5ec5e1d39e1f30ee87a54992d9ee60f88c99add655a18e8a10225d800ce8605784a6648552914b5ca576a3fbb6f9613f496781f7bf704ed5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70ca0b2edd85afafe630b139d60fc56a |
| SHA1 | 106b6e51086a64fbf831eea552b6a17576f5fa6b |
| SHA256 | 1ec996a09444768528b8961599a98968a246f5f53d725cfe964b96e6ecf2e318 |
| SHA512 | 532fd70a0535a9ea456725ed98eaa681101c08fa6a740bbddd2352ba073fd3042f19758fdd8f0b263627b91ebd7ac4eacb4ad31e5338416a739b2cc0dd5d3665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0de99b607c23befad29cf623ebea5c9b |
| SHA1 | 0d1a7d99f13119e6af95b9b5299ccce16b357948 |
| SHA256 | 17952e37da7fd12f2fee370a45622c3ead0e29554b0dc595a494450ed248c5b7 |
| SHA512 | 2e4e1ddbdc5bcad9a9928edce79bcda4e617a4974769f7c414b7a88a8115fa947c6abeb83f286c5ad8e5bb2934d374b5f0d9e699553fab1e5ba4b8d23ee0ca28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 732659d85fe863625e192f5c211625bc |
| SHA1 | ff4861a26526047641262f9cda63f416cfd4197d |
| SHA256 | 80e6fd1453665815c96efb4986dcb95d9a12e3b2812c57f20ac39d866e090c71 |
| SHA512 | 819fbbcd28d428aab5ebc058d0f7579d4502ff06e7cadad99b3de36a2cc7f73b9a3b2936e8ed5a3ffd3b4c3802ca10900d7fc4ede31537065cc1026b65acc6a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fa315e8133b4ad8538318b344ef96b4a |
| SHA1 | 85596056ea509c82eca934a5db8a9004386ca181 |
| SHA256 | 1b52a273a0f8df12d6630e5c0cc9def616402bc623530b6f5779df3247b5a6ab |
| SHA512 | 1043c761a8115a57bfcac28712bb0fd28f08a164ac79bab2fba70a72b03f6ea10043e937af049e1ee6e0e21971aa581fd7556619c6e233773ffa7e73c570239f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d2993.TMP
| MD5 | 299d339ba3dd2d3a8d022d845e55eb7f |
| SHA1 | 654875bf17716a5db2d0ece0c537fdb050ab30fa |
| SHA256 | 9f2881fded9ef92b98e40d9518bd6bb4147a1ec97afc1f2588e165e326edfa8d |
| SHA512 | 49d566c9a06efc7d5c58f2d5a302c42382fb2ea9df580cc532413810452e5a9cb05ac3f298dc356ec4c9bb37640e52686ff5cb6925aa59f60f2dfa85c02ca81c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b73e55907c8caa40e2ae8b4f24931e7 |
| SHA1 | 538d3f750894dfc34d03c28a7692c7f12499378d |
| SHA256 | 6b297642c372895e443f938aa5248fa798ce64ba7b0e94aeb5511edafc6d36c8 |
| SHA512 | 2618de4de95a958bc5d28e5afa801ec52e2123e6f8417e848bbdb9bd847c0ca1e97192a5ad7bc626015f1b522a6e202cd1490cd2b780bab0569732b9bbda31e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97c7f2b0cacd81e715054d88717cae77 |
| SHA1 | 0389af136247b0c5b570de352b446bc8a8dd6cf6 |
| SHA256 | f5b15a75a5c8dcb782d5b5c733187efb46a3199342a64a498ce3dab449fa86ab |
| SHA512 | 347b4e34e7e7bb8a31f489dbcd6da1795fdd149c0c2be3892f3819a197ae38a714aed4bc560609e3713e9d5ed5296fe29390868dea9f82479f9a8d9c2f5080e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d4c8b9b23d91f108933ac6671feef6b |
| SHA1 | 7f3bccbb6836612b4a398ac61ce5d61fa7b0e796 |
| SHA256 | 5f9f196870e6309c9e243bec7b796e3adc33b56b76b1130a6d971e8eaff78c1a |
| SHA512 | dec8c552115ed890d54e280fd8572286ffad13b9f6ff3845ded9759e9682682aa7090749eaa5fe3b3252ee4235bb9bb11d63ab29f63ddd1aff87f883c3757c56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 035413c7a4ad054f2c201b7d7be1718d |
| SHA1 | 989299d83835cc25b2e9fc5a0846ab4318eacbd2 |
| SHA256 | 301b5ac5b5b2796558aa0830adbb272e5e3d6baa44bbb22341c10af8b865fc75 |
| SHA512 | c127526dc631c8336a7603975c3fa1ad317d4cb98f948ce53c5e10962fe15b0f145dbc0595aca2e77c49b3d5c0bb7d38b9fb8cfe9cc07a5b99b5486c7ec3f4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1dab90aa5d16438c59360e97d96bd9be |
| SHA1 | 12897e9e5409e9fe03a469d756f80060257d128d |
| SHA256 | eaf4aaf808d52994a4ae6bd6ae6619173b0203b5ee24fb32888a0050c606f10e |
| SHA512 | 5ad7cdfb08604b5a45b60374d909d697d26c2d4139becebd37e068aff22b10206f897afffeed6e5fe1062dc5155570d53c4f4ff872525b47dc169586e201cf70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b079dca9a8f4a6da24629c67bc77af9 |
| SHA1 | d91771fefd78d395bfe022e9a79d12acd76ff77e |
| SHA256 | 4434b1c26bd591f9817fcc4c607cf29ae377ea16e48144c93d1086dd3b9cd778 |
| SHA512 | fcc97a6e2485c650b61bc3d242673ffc443d6bbf5b6a26b806c62d84e4e62e22452aa5ee21bf802490aef0bf4a9fcd99ab120f7f2fbe110e6bba5360f88d09d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f000145394c8102b588453ca35acba3b |
| SHA1 | 1c96669b2f4d7d150674b6ab576d5d7cf2fcd8ea |
| SHA256 | 5b7d61ef76e601cd0af6b038758682dc8a4538fdac56c055cb5b820ea76f0f57 |
| SHA512 | 2f3794463e4ab540cfa617f72769173a7b20795b5719338a36f70d1766e770aca58d9663b417162ed9cbc1aab84a30d8c1965eef7d2c7ccbe7abf8d438b1c664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a7a7b7c68e3e068edadb5cbbf66b5dd |
| SHA1 | 964b644b315bca6f7b2670e4d5210472d2de7f3f |
| SHA256 | fced6c51757e2433aafcf87dceea3e1025e7fa835fcce6d084359a58e4be5d0e |
| SHA512 | ef41df10230d57cc6e5315d3600f483d5c109445b9e1602098baa65612c49a384a4171fd2ecaedc933783cb6fdb1a66db9a217dc123571894a7c87ebb1f2970d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 555fb839b2818643762b36188cb49f57 |
| SHA1 | 7697a2a0fa512c6f99198b040670fc4edc2ac99c |
| SHA256 | 7aef838877764f39d90366e054cfb460600da52cf45c40cc88d832e93ebeefa5 |
| SHA512 | 5c0746a0abbac2f31f40515717791eda3e863e4b436d4e350abeb0fff94af51e91a818e48ebc7158300a0d82e719d95f087b75cd2669d98f9a9181387efcee46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | cacfb74b6db8ec937cadbd7a4e239694 |
| SHA1 | 059f1501f9536c549448169c293d0fa1e3d00031 |
| SHA256 | 3c21c8fd28579bd102c6d48522db328a689c5c8c6048453bb736a1f0d27567cc |
| SHA512 | 4765d09795339da2afcd22f305b9c595921b6071f8766bfc0285ab6e8e1589a0c262bd86f20caed7258bc2fedfe6e81a1f649dfe25bbaa75569340c8c7ba0c1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | b21ee56e1acb5b9a3ffcc222c761e54a |
| SHA1 | 9273fd0cab63c8a0264019a2ad33e31cde2773f1 |
| SHA256 | 70e9fc85fb604d1ad7b964ef16c65abcc9b7f6078248dba31343456848d1946a |
| SHA512 | 44044935c4fb8c2cc79b252437604f2590c00fc4ef62ce4df0b88a9ec7cf011848ec748a3fbea27fc972b89698fc6e91e16418c19ef264529a6d091ed29f89ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | 83e882d25fbd69825c2361e2dc3c7c48 |
| SHA1 | 24ee0e5d3a1a1bba1b22e62b49101d9c3887d1cb |
| SHA256 | fd8e58df34c9f9e2b91cb79b76dd6059d2e7d10c829d16eb0aeea9e04e5b6a14 |
| SHA512 | 049335c8205826f3d12314ddae0b58788f0dcff100382b4ab4c95b157136a6c1eeab8653ce8f94b370bbad2fb54466ccd3294c2905d1862ec0d021daf145bf9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | f85e85276ba5f87111add53684ec3fcb |
| SHA1 | ecaf9aa3c5dd50eca0b83f1fb9effad801336441 |
| SHA256 | 4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432 |
| SHA512 | 1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2bccd7063c47bbf77ae1c66729206bb0 |
| SHA1 | a06f49b2c42d0fb1601cd7c24927d0e9a717c7ff |
| SHA256 | 3b054b672c46b0c8e167a4f6eb4ac1a471f3ef2b3c13c9c92109f2c080bfdf51 |
| SHA512 | 6a095ad549e8ddf11147177c68805f182c2bd2906eb35e7c25c3e8cfb17f184433c9cefc7889264d1c0bd550116c195ff41447df1fd3c9d862394362b2b29e01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43ab9c496f54356d517d06eaacbbb09d |
| SHA1 | d8014485963436e4df3fab91b1fd610c8dc3beb9 |
| SHA256 | 263a5db88701cef9651b56c32343988e9087b82399501455d9448ef069c71d2a |
| SHA512 | bf23dc8744fc7224fb20db098f98657994d002b1ea0f2770a9ecd33167b6710b6daa7223df88213515be46c66d4bb1c01ab3260eb05c8fe47afbd414051a9ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93cb677a7dd82445eea17d5d7a2727c4 |
| SHA1 | 731c094f3289445f70925b8df85b1a46fee8f9ab |
| SHA256 | 85640e9d86c36f4a04286f50e1afc46e6d3039f45592d3843bae2a0f98f32206 |
| SHA512 | 5b475bd16ffc6461a464c5197c476398142400ce78dcd51f1de9e7a4dbeeb1f03957645c321d91547701054533d56defb08b8ca08319f7c101f4d293c3614af9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc21ac19774af6b39c3e9eec733dc840 |
| SHA1 | b6b05860bb0ab84b583be92a59b287438b778f76 |
| SHA256 | 27c587efc6de2c68b079ccbc88d82f19d571cc7e5598a787e585c0f5f0bf34de |
| SHA512 | 047ee50e8639768f745bb1d362aa40683d8bf7ea72d48f71591bc6f8dc054ebc9e01504b52f5afcf62bb104b4d753082737b658e5a6659cc0a2ec024f709946e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | f8e0bb6a9c3bf7ab7556d318c6519b55 |
| SHA1 | d792d6f59b53cae4e970c8742c47af238b160dfa |
| SHA256 | 052ba529fc7e277bd7bb0e036c32240d3584fbb1359b3364dc2d6c684b95dece |
| SHA512 | 62d25f336d73cc80c221fe41071e66c27e0b68d4fc383f92032205c33190909f28db527d41bc6342bf3c8923a410d828967588428109793b5e829192e425807e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | 29be3f4c1685374185295c0577a0fbc4 |
| SHA1 | c720338b90479756d89c4c0bd6e1b2c126e741e2 |
| SHA256 | 84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80 |
| SHA512 | 6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081
| MD5 | 358c2b4e75a8cc9d4e0c7a731fadf860 |
| SHA1 | a279b045c884faf2e0e61957ccde44267a4c0043 |
| SHA256 | f509779df49ccc415ba8fc4d9e314033daf03ff92b9d70c51517f660dcc18b2b |
| SHA512 | 6f89059ae405938f28ab15865624a4282b2a1047764e7f747dd6e6735db961e0d292c77c50a242461d053f67cae2605dea0f48e5154ea5567aeaef0a71df24b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 59ed857e79cf81f6f5da62b5f1d95f5f |
| SHA1 | 78a139fbc54cadefcab3db01c5b49fac187340c2 |
| SHA256 | 05a048574f39e48c743beee8f3a942ef0f295b18a400d33777fc7e3ec32f3be2 |
| SHA512 | d90ed17488279cad61920a00cd0993abd239196a919c55c1403b73ac4755522a4beca87c1760ca1a355ce834c2747df83d86333fe80ea7317312e80d21fcb8ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4abb05e7af856fa08de9a67ad513a33e |
| SHA1 | 62efdf18c2d1cbf6cae5269eaa3804feb939d98f |
| SHA256 | 967c46d8e3cf23d1eaf0180cddefcd768b509b785a9e66dc6696c053190818b4 |
| SHA512 | 586baabae4b21573a2a01432b72b444f61b86888444d250b8204e617211c754ce889f414689997a38d3137e5bc9971080d279cba95e4877a4737c39b032a3e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f486405005a267d1cdc1fcc4803b8ddf |
| SHA1 | 7af992b541d20636b29f8b30a59ffeb17c2915b4 |
| SHA256 | 309cebdebade14973e87e30b687f2d3b7a6ab3b54ff83d4c7252139bd66c460e |
| SHA512 | 772454a3a0878f47cebf0cd4d69f793d7e9131c25b4cea710253279eb9d90f097f15723d7ae3b02376c743a5344912b62b27ef91f651f94882a9682bdf2165ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 005f95a573308769b40474e4d465eeed |
| SHA1 | 94530e5f12379ebc361180977a48939d9c5c280d |
| SHA256 | f4a7a2f595326bc7b8508cb17793c76adfd9f66ab2f14ceb58be860130e24a05 |
| SHA512 | 56e4d5cfb1960b46384793cab2085b309db39a4db86f49c2cd33a1df50165bcb64a1db8d8265b4e6d65325242acc683d5051cd71b245e49d8ac39733121346d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a
| MD5 | 5abcf8c2effbe1b208f521d6d5912171 |
| SHA1 | 465dae46f53d4b0a97a0f42fa11cd2442d636213 |
| SHA256 | cd731f70ef3f1dabcd8a31eefa4ac9d5aaa954b81073947310aff54f98815c61 |
| SHA512 | 90de93855431b6343d0550ce82e7fc14b2ceaac246b9a5aa9f95682d0f01a547dd60b75ec4d9330458f50edf112986dacecad212653bed8e68a7c60c7b6203dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016d
| MD5 | 10ac62aa705e892cdbd9e2067b770e6e |
| SHA1 | 14de576a658198a7dd056f5d0b1b032d9f9b286e |
| SHA256 | b091268f8a6be0694816a177fbb25930599afe4ff717e3679a2b1b21b19c7eaa |
| SHA512 | 1fe117c3a018b885db55238b2f067a95b22a9603c65f87a506743bf56809aed0c3700b609b4fab75dd8275b0c48ba638235fec26ecf4ae1828579f8b8d2d939c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bcd70ce70f13e3bec4591054586e5cf9 |
| SHA1 | 53aea9318e0dba17303ee5ae7381a31fd94a743b |
| SHA256 | a2128f7644318c218cc5581126ed1cc76c7115b3f09c8f628dde0420b87a99a7 |
| SHA512 | 543cede5f588c2e6629d8e6ff30abea6ca8ef67e0f04d47ad39dc60537ce35a9cee9dc9318ed736bdcf57f916e8628a04b2552c44a732b4ef8a7cae0bf1a4d80 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 956cfc91aec98b400d6c8490f1805f77 |
| SHA1 | c2d56b177a64c259f61eb67acb611a0e417f01ff |
| SHA256 | 88d21482c98e4e7745bf5119862dfa08b679b88ae35ded20771c6bfa61c230eb |
| SHA512 | 27858453e99c7d400c40cf3077556cf37e98c11ac772a57dc94fa72e374f65900746f14e77ed354f6b67fabb3b920e5ed75cc14d37043e83c7bcb4ed560f3801 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0ea9e77bcbb3c7c96217d9199126aa47 |
| SHA1 | 1dc14ab267ade8f8d5b4c959347848267c3b373d |
| SHA256 | 32b473ac27e87d9d07c11f359ffddc376481b8b1391da0738c5840251ba88e24 |
| SHA512 | 91d190ea85015eee9efde6ebaf2b7454163b5f3d80d26ccbffb242b73b257252c19f376703c66b62f466ec8392dcfd611e16720eae54b1c696985aad6a3b09d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000198
| MD5 | e319c7af7370ac080fbc66374603ed3a |
| SHA1 | 4f0cd3c48c2e82a167384d967c210bdacc6904f9 |
| SHA256 | 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132 |
| SHA512 | 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12775c10bcd7714fbb746f22453584be |
| SHA1 | 179a5dd44cc3e11cdad9c50ea6e1fef959bdb2b0 |
| SHA256 | 63bd7b6e8136b7f4c6c562e43522695af07ed4420a74f00674050c3f19a72666 |
| SHA512 | 8781e433369db7e3feb5afa3323638dc6da32ae9ee608cb44c7873a26f03520111946cf6e7a8f3d0db8d53a6ae363a7a12d684362a27caf90ee37f0a3b056791 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59da83f945edc8ffbd1f2e3f3eaa4bc8 |
| SHA1 | 5fe6a08e26beafb683e6c0b41e364dd42b7c92c1 |
| SHA256 | 75c8111c886951f84144fb6530ce571fe2b684431706251064269f6f46b9221d |
| SHA512 | a227b1436a3be7111a531e5506af48f5def1ad859ffadfeb16a7984cfc6e0db6252e287c34e9d0dfcb1fc7772ff4016e7fc35bf50ca0433946cd428900fbb86d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 523b1fe9e6c136a2e6d7461f1045997d |
| SHA1 | adff1df7d0075b3504247da664853632326d2dfb |
| SHA256 | 6c95c11f1555914c938c12973d85382ffea922795e192e0d31354a0fc4411edb |
| SHA512 | c3b55f55f5081d63d18d240047d897f8433a1128c800e0b60a64b014cc71cb3e2c5528d68c6c940cbfc2bc74c05f8ec26c1b74e5d8fbd94036211663e0f635aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | f26bbba7e176ea7ee28bb8d1bb559e46 |
| SHA1 | 04efbece4b8f5160b177211e1451a649b844b775 |
| SHA256 | e1fd5de2bdb5c05b81918158dd6f841338028f72ceee214de7c67813ed2a8155 |
| SHA512 | c23a748d54d6829127e50a912a0af1f8e9e611bb919a972697a0e71ba812843dc51642f4d72dfae6b6cfdbc65503828456a7773338e1fa83a2d88f889741fd45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d1a1a607d0efe657bf534d2b7e92263 |
| SHA1 | ed4b84b5fbb1ebbdcfc24d12ea41fe74f6f2e720 |
| SHA256 | a78323938ff9909b49c1e4ef34ccdba82f00cd66107ee412973c766f9e5cfbc1 |
| SHA512 | bb4eebbfdce6fb71347fa7c8e6ad019534873c1f4b4a62ee64347816c7d6f0a5fc848fae0a3ed5e0f471c40dee94d3dc7df7d0a1c618727b71df0a1c7084058a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0aaab0f9bc5b0252728bb7968dc1a6f1 |
| SHA1 | 480e5471ae342bd79cf4510c7f2e31c66f429c0d |
| SHA256 | 4bd3c59f96c0b0e2f5b8dc1544b963624a4dd6f721b605caa2cacaccf2557fc9 |
| SHA512 | b45ab11115ced9202cfe0f83a11ed22dcf4c983bbe8da0f55c756c51bae1a55313250481a802eb0abf67351b8bda118173e3fbfa1c32d9a20a72070166519dc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00022b
| MD5 | 81c6fee022f8b57be2396468e8880b9d |
| SHA1 | 1f394d048f97c9a3a6e3daaf972e17a4e5c7c676 |
| SHA256 | bc6fcc35072fcd54d666644508065dfc987735d25a5085db3ba0bbed6b3770a9 |
| SHA512 | 22f21a0da0b3c758bdba842132ef68e326a5237c35cb12acd10380ee434c183a76ce950fbb5256e9804afe4a5c7e16a1e924d883d7ec58925334e07ae233e344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07a5a5eac6c932ad89e119d0e7bc73f6 |
| SHA1 | db6bcb9560c0a377323d480d777144baf7f0e874 |
| SHA256 | fbf39adab4a39d9d5e3ba3eb06c86ea2d3b0f64a2ef2c7f1f09ee085e5b2f096 |
| SHA512 | 901750ecb97d2627571d73cd56d8f7d8e547b1c84eeb17fe9aab1b201d319f9904cdae8a2f0fce23e3d90493adc4d8bbc8fdb2612e0eb5ba8c13276540c4be5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ace614aa13e982ae0d1a7d317e358df5 |
| SHA1 | 0e1723184753d9e94310a3308e19c5a29a4b6c04 |
| SHA256 | d771c77fd940281090002a400f734960b9e004e31ef8284d19e189e0440bb327 |
| SHA512 | a1e3f128e83abe9539eda8e85a2359cdedb2508a6607848ab61c1190b40e7f00439781a7ea8e5a3303bdbe47af9700afa8c0dc6ef72be6db208f6cbad0b5c71a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1c0c418594a75f556a2b504063bf4a41 |
| SHA1 | fb88370c85e99e744ec493d7768851ea217cb3c9 |
| SHA256 | c601e7f542ca9e25675b92db427a6cca186ca6840cc1687a8c8593c7bd14ac73 |
| SHA512 | e902d11ef2537814d4c85a27f2282fcf3a489213744cdfbf8199d65ddd57b3d95136031d6ac029351c0551895f2bbbbb58bb5042b14a71d28862720d29272b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a92106261d239fe94df9300b6f803ba5 |
| SHA1 | 646999918b715c3658548ea2e84ebc06b03dbfd1 |
| SHA256 | 4271835346e4a99bf529278e0c6817af661c0d6e84183e2af207d001d357088b |
| SHA512 | 76c22a93aa6ff56e8b69d9c1e04e00807e06ae6fc17a9331e63e4146d91b3e06d39ede29f5af2b28c1751f5f9f9705b5861f5186b68c6c87be72f51b70636455 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000238
| MD5 | d9a835eb75ea80d8ca2fc7ff7df4f9ef |
| SHA1 | 70ec0defa506882b3e5cc2561434070c76d6dbf2 |
| SHA256 | 9cd6ab87b0a01ce489c5c350f7e85a434157d3092ea4b58a6e9a9cd95260abab |
| SHA512 | d49af0edf769a4a37a12c781fe38ae69e0de13419a59fbd9f5c2ab06e57210f0ccca6137e47fb38f80b6072b4473c50330314b0c82a7ddacd6061094c51829c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc55a3fc7cb4881a3ed0ea02d78f923c |
| SHA1 | 3eca9c637cfd7799321dd8cd13e08d8e3aab5c27 |
| SHA256 | a5ef573d825909504eb894c3278e86d85e763e02ed8b0198f509e9d7d54c3a82 |
| SHA512 | eca04f8d685e137093e57d4d59178e713be4130a99c94f7df6873932e1c94a36b033475682f9c466d35eda815e33c2f5a270d1f880bb3534faa5ed07b7650d61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 728fa5f8660f174fcbc33c19629284b4 |
| SHA1 | b034dda78d96ea62366b93edb2ca33d11db90781 |
| SHA256 | 513add0a24d9bc94ed8f90586a071f291d9ca3780041520b152f1396a70d027d |
| SHA512 | be4a3fd937a275c75ec59f5f8d2b20c7d844f01e4fd7cb6dd0bf1df6bcbabff5f47c20f275d0963a2346e3f4ead9d600ecdc870b670553c245441959c80b61ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | 67158db423ef2688d765a32d79e233c6 |
| SHA1 | 758c9e5e0169991dafa0c435a0765eb651fe1967 |
| SHA256 | addb80795f9f9eefbf1140f88f86e268d461f1e116cdcee6fa91c8445a80cb6e |
| SHA512 | 8ebfb1aaf61c46b80ee5d900ec0749e52d29fd9e14e7117650dfa269de1cf86b6e4ab75d13af141a9c23c891512343cdbf75b897364ebfd41fd412c509acd787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5865d5c2fed1e49deefd6b667c8067a |
| SHA1 | 3b6975844357ddaafdc9a05706af6d6e7d9de94c |
| SHA256 | 9255d8a63e397ef90e5daebca93d472479a7b6544059229b51ed911590c016d9 |
| SHA512 | 2256159c7da5a2fa783832e1fedd7230f384874a26148e5eaee7be9bcb66aa9d007b1bba923ca794c73c9c65298610753631083fee6369678da07a57d3c5ce50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6dafcb01901fda811ad5bcd3b39650ea |
| SHA1 | 45ac666ce56ba7c8674461aa99ef554142675120 |
| SHA256 | 93ce85f0e874b53afc5fa69676890db74d61f0cdc4589840d5f2dcec98985775 |
| SHA512 | 36ef58bcc13d4c03e8627abf977a4e70dbc3033065c78892fc564d047eca4341717f9690944168084158e7b88e1b153e9131f248cba941c5b952513a3f7e12d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b46478fbfcb5a7b2e022004e107390ab |
| SHA1 | cb86f907ee5b2d5ab27710eead83b0d77299bb9c |
| SHA256 | cedfe6c36bd2d1c92f6c4b6c145fd5f512464a7aac30ffd9ed37c238cfb7cec0 |
| SHA512 | a43ef9c842b4b0f7650a3b749b0974efc67c9cdbddd4b11132d8f389bb657813b85ac8643e9d1da86ba372e72a859b3e2cc6d0993e54ee148792d204cad9909a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7cf6abdd94342669e423965d31d584c |
| SHA1 | b199b2d1b0793bbef1f4c668791459da86aef251 |
| SHA256 | 96ec941218b7f6d6396414b4fad0bb22da59ad710d7ee6b18717379bd7e6b40d |
| SHA512 | 523a74a65096a17217ff6a63c1e417fd202bb802ca9fbc668dffbf799e90e1f525d242649277efda2b33a076bbd9dfcc75a08185cdb251cb70eb3fb5b8b56fc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3dde226b021c3c3662cee6d1491f5588 |
| SHA1 | abe995b0a62304746da23e29a41629234d9f88b9 |
| SHA256 | a631b23384aee1fc5433accdaa23274e32dbce10512c9de72beb22c6bbc18e0b |
| SHA512 | dd04cf520583e3a63bd14e7fe7114c931276a0d5939420d44b9ef00cc3dd4250bf6dc024ffc5a8aa271cf36e5419aba4c0b85e338a5a8793eccb2a9486d5ab15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cdn.porngames.tv_0.indexeddb.blob\1\00\6
| MD5 | c03192ab9eeb218d45216a48435fc186 |
| SHA1 | 641a04f1777875c93b118790971b2059d0eaec16 |
| SHA256 | 0f6543fa3de4001fc0b74d83357bb562672e4269efb24eb8362b2f567b190ddf |
| SHA512 | e7d19109bc99df5c8caee9b5fcdb5c8556b2af0af62975eccc910d8a0431d5fdf7f1ba68823cf6990505c96f6b86c6bf0bc9b29efcf515b72471256070da9444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 99d2bd31b1bea557c847d9ba63b7b68f |
| SHA1 | d2b2c85c537190672cb778d35a7caae2d84e1859 |
| SHA256 | 21b82c421d0f104f37ce5ef46987fd0a673ed703144ba9005e4bde1e781faaad |
| SHA512 | b7c692dc75a5a6088b532a0c13563ae77ad928e0c8ff16cdaee186a10a48d43462650fde592bf17067c421bd6a957566484367596e6d7ed27b5191c7342959a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1bd5dc370f278b23973a816a2196db1a |
| SHA1 | d2b199f0f9c98c2955a84f41961f41af217f5a21 |
| SHA256 | 3eb434dc63e7c4a0b78a172f2b3a8479c10c49d6f5a320a8474abf6e062b7a20 |
| SHA512 | 602bab3dbc175dda5e419ee59d3a0d020d98a2a8d49646986a7cc28c109592c177d9b620994313b801a8648dcd3974d6a6530cc1dc2e2fbe690ca29ba6c1a537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e3784bd6c79731c599ad0806396220d |
| SHA1 | 32637192dc916ee684b001f478a178f8defe042a |
| SHA256 | 537992c9e49e7f4b998562dbb4ce8f6c9fa88d2643ec9b75afd6ca845398efcb |
| SHA512 | 392cd97dfe98ebfd3b576a556da659f05c1787f51f6ef6b9d505bd600d7e2724626177902f2e6e00904cbd1413a2fc5a78401a6251c1dc3d7a38d9b09b5503b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8d75c62ecbf05c46ec794626d19397d |
| SHA1 | 0f51d3e83823ea9a2edee18ddd1bde1af87d7d30 |
| SHA256 | dbce197e1270a7595a931747a4dbb0b7cb8fbc16cfd0b48680da19eed9111caf |
| SHA512 | 07334e00b184405034a9ebcabaa97e4c37add7a68e39ff611561fcd1a19688382ce52f0eeeda32b5dfbeabed9b6ac78b0647ce40d5f94828e473488aa448c4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 347ac059202b1ca009c8d701078baf9c |
| SHA1 | 82a0e2258411af7b48c258d8486f74eded0500cc |
| SHA256 | 7d574e3f2821e3075b19e7f1cfadc5761ed4d8510b5118a28c70736b2dc4a701 |
| SHA512 | 4cfc57c7a7aaecd66828e7806cf598a0a919d2246b3676fcbc4913ac03a098f53de2198ab52aad47bc19d9ad1a1df58b48b3ae30d764a799735687b4f59e55b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9bce6cf4126022ef7aa63c1fc248fcaa |
| SHA1 | 0e28299b460b4051d2d55872497f37f086f1aa9a |
| SHA256 | ea031d9822991749f94ac47c272a72febf44041a003f254c3c370e80359915af |
| SHA512 | 840ec02e467894f70f05e8b287dab6f3f2ff0ffb029a03a66b2136acfb3e71ce9adc19921dfe60f2e5815a7bd73fd30b0d61df339b426b4662e2c75b8c8b811e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce0cf6855e5730ca56b2de71e9ba4f1c |
| SHA1 | 9ce594d9a8e12ed4ccf747ca13f1742c600e4de8 |
| SHA256 | 8a4065493f4df6882505caa90b782f2fc25911bddee665eb7b796e6d5f235771 |
| SHA512 | 9b21e3af3dd5fa339ea2ae3552a20f1bdb1160e1e65df933be76f9ed14173fd291489fe9e1f36525fab9b071c90ca6c81da60098d45b93a61189e371d561a3ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b1b7576b451813763eb9d32fded0ed7 |
| SHA1 | 3870bf9e234b0747b3b96323dfc9aefbe4cbe02e |
| SHA256 | b16c8b3a5bbb062e7485eb06d090f833a4ccbea7731e6f9442baf086d5a0d2ab |
| SHA512 | 92d9242c0e3e81a83886b8ea5aab93995abf98c58d89791565275ccd192e35a90eabcd0879b899fbf5a30bac7fc92efc29535efcb76246fa252c18fd7fdd21c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf8e45d18c8e217e62d40e9c2ff62b58 |
| SHA1 | c762555cb4423abd26dae33ec86d21f6130e72cb |
| SHA256 | ab583d82d19ad979812600579afc2458d97eae9575deb397c941542b3954d399 |
| SHA512 | 36d7d201bcfe9087a5bd0752138c127aaeda07b10b36ca37c24f16b6253cf03425442ff49b057e2ec8a4d2708c38686ecca4ccd687432d17114c4acf6fec88e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cdn.porngames.tv_0.indexeddb.blob\1\00\1b
| MD5 | d2c8be344d1a098c59abbb89cac5efe8 |
| SHA1 | 65ceeb20cce72d1a3f62f548b18d13f2f106cd94 |
| SHA256 | 86e43adb33b0410329e3733fea1c44a764dc33129c51a6fb50c593766815f4d7 |
| SHA512 | 3c1bdf566d5c30de25bdc19be1d201cfca150d7eee9ded63f7fae9350eee13332fc956091650ba6f86c14c13e0c7122bc5dfb743bc481e3db3473a3c6efd1a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1124f7013dfb74c9ae4793bf703b496a |
| SHA1 | 47faa08a59dda2875abed65e68395740e635c4ee |
| SHA256 | c272d0c4392aa42e7773424eca675c9aaf56c9b7ca6ae24d3c343bc37b5db3f3 |
| SHA512 | dd939ebe40ae960ba9d6e939dc9f456be523c5fa046cda3e2cff456013b7db83aafaddec6150aaa200069c663a2cb7507bf7d0ee0f4a75d125ffadcb2770f048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000321
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 27f44b9088a128de6b032ff29ac3654c |
| SHA1 | a680bf2eaf26d970e8d9f29c31d0743a4adc05ef |
| SHA256 | 704b09f6939db22e4a87bf28f8ea018794dd9a2e36fbf9124c16cd63698fe889 |
| SHA512 | d18f7d27b7340866bfabdf5e74ca398df799b0d89570c6c48fa75725c4edbd82b34f259aa3dcc91bb01bb4b75e634bed8ad6591fe780f3e7e7b3cb7118fcb2c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00031f
| MD5 | 2527d6a825e55dc11305500fabd9f927 |
| SHA1 | 6c05b86f0bb97c274c9bc6e5c390d78059233d8b |
| SHA256 | 685c723bfe40cbef1381c7ebf2f1ae55b6db6b5678cae93240616432c66501ef |
| SHA512 | e9845b915b4245816af24b766cd791a58f8f718a50953ac221a6eee6e225fec07e1c7614a3ed5cc873f6b9f9a241f0ab7d06c43c0c47b96c7be17d0e0cd2d5ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00031e
| MD5 | 673afb0695deddbfbca98f4ae6be78e8 |
| SHA1 | 0b5b69458f27c54f8aa43123c0e7be176ae9c158 |
| SHA256 | 54ee1d04294bc25c447bf6c1f74a8fa78b37175f48c0e2f49d1c056af550ab15 |
| SHA512 | 8269865a0dbb226c5a64e9bbdb59efe6987964f32aba40052bf4334d4fe0ed271a04754604cf142a97fa3044e10ac48025c190d29b7f346fd432af780091e9a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0908f1300ffa621b2f750554d26bba3e |
| SHA1 | b00942871c8ad1d214382806ade71125ff33ed14 |
| SHA256 | 4460d7f366a2e06eb491a7f6c6f3f8bd0d121f76f9394590a4a0115e06d18785 |
| SHA512 | 6b893814ad1495f64b7dd67493fa9f106b2a78857a3f20e20e25fd5c38ec49f943171b2fe924d550a304b6115a46521dfd4c740552fffaa94922657af31c6b29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000320
| MD5 | b3a9102f6fa29908bb5a66fc7f30d038 |
| SHA1 | 47d0ecead9f6e9d55973f5745ca11671bcd62852 |
| SHA256 | 8e337894fab5e08caf5dc7f44941a5aa7cdb2f8e22a68e4019c0e1628e5f3695 |
| SHA512 | 6c55bf7806e63006c6fd6258d8cc4705969cb9819aecb25f92d9deb8f6fd41ab232ce4989283ed48196456a5c45c28c9da690f0b9e3fa24fc171e95993515f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000323
| MD5 | 9c2ebf3cea3644ee784430a8290b13f5 |
| SHA1 | c22e33d260aa82171ec01b87d89978c66a787ddd |
| SHA256 | 9d461f76dd3aea8545eed697520e1ea3303c9ff095f3f581be4095efe010f4e2 |
| SHA512 | d17ba193725f738a7ef644a00043b0f16dbc5b81b2223b8121c6e86b48f8cf138bcbe2d6fe87b6f37907a9d7c3ef8958d409a816f74488f6bc7e0e5347593831 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000322
| MD5 | 01cdd6bda997908d721f0170740692ee |
| SHA1 | 231c76c5d910e3628378efd70e8e4854c9937bb9 |
| SHA256 | ac8e1b91eaf3accfe3c414d6433111bfa96f64db65574f8d6e703390fe4a7f20 |
| SHA512 | 39694a3d1b55c2779347dcdfdb7edccb744e9e53c51a7fd8fba223160b68dcb90e34332058b2197bd350e426de90e6bb6c9726734b3cc2fe12a172d1251fa1c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89e3d5c2a73f1da065795eb1103f1da0 |
| SHA1 | 6ed3f1f98281de52bea5f3a9cf89283a157ca0f1 |
| SHA256 | c406d3b83a62a43989fb1536b37aaf4fe9925b0bab72f7331e07328bffb8fe73 |
| SHA512 | 88e82d0a898e023ab0a48d816682dd98c3f50939b6bfbbd9db4503f5036b6aacf2160b72d6dd55a88a74d8b63e6b5db39ad6be48cde640c66259128214fa541b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000325
| MD5 | 824168fc14a65886ad6b49dc449800ba |
| SHA1 | bebdb3d186b45ef4b92d7c8de88cc2039d2d5dc9 |
| SHA256 | d8362d32bcd8fa233d718321871fa441387221228b78d8a9d83d426573911c2d |
| SHA512 | b7e8f551da50ca46473c67977f1a51c9d8045d6f58c85edf4cc5021448f2af85c94b35bb58ef46108b5d01f9e477094bc53babc9bd91d6b4d9f799c324c21ba2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000324
| MD5 | 3887b162c0527117d932a9404522cfaa |
| SHA1 | 03c973ad5977050b4246d97db77f22a9f77d3acf |
| SHA256 | a6eedf36871aa1525bc327903741cfe3e8dde136a49b3698a8e21e1b22ea6e04 |
| SHA512 | b73968b8945db9d25731b95f68e431bf43a7c210228e2399c131614a376e278a7dd1f0a5505d3934ac443e31a62cd6e05d75a202e100b8aa96cd4d7d92f6464a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 763d4b4c3a68057f35f2cd005e6a4bbf |
| SHA1 | 575f3cd6afd0d91228ee08187d9089eaceda1492 |
| SHA256 | 89250571c589e8f4288383fb2a69f64db93e448b55d05721aff5a0fa04dc3126 |
| SHA512 | fc9b579e3d608e55a31531bea2a1e48c60de057bd96a68034321dd36fd84b1f7c8a25d63d09cea22d11c870b16d9fb79f3602ad6d01275d14fb07d9d830308a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000327
| MD5 | 56a62d26c06389e983d8fb51d3d350dc |
| SHA1 | 933f2d4772f00c50ae97cd1f9c5ab42f58c6d621 |
| SHA256 | 8ee102620be76d96f2eecc761829df0bf1fba0ce9918e338508e516d0206b540 |
| SHA512 | a35ab8bdc63a57462412f7b8d826d23a28377a6935adb66d555b97418d3c0f6f085c0d62f3d7a37d4c99de52ea8b2e7ac3c21eb1e71a0af38468059b0988deff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d380d631f9fe4dbc182b728cd56bc74 |
| SHA1 | 71a6e0edf594d54f65d19d4cdc674b94685a038d |
| SHA256 | 112b6fcb017bf8ee6a2643e622898affef163c1410554a4dd1dbdbfffd216b4e |
| SHA512 | d2f5a31de83108c56c1eedd73afe6b2542e97356142345fa4aaf5a5c722119408ff9e80bfb6f996dcf34bdc55c52acb00fea47c54cd7eff9d54b8ab002afecc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec115b303918af072894fbebf6f286f8 |
| SHA1 | a993d74f142fc32f1e0bf4d4165bca30cfa0b0ef |
| SHA256 | 8e3f702f93a3addf1f837736e28498b0e9d4c9b4e5a775c52975ac379ba7d93c |
| SHA512 | 927675480bcbb13dffdbfaf6a5ec46a0e8adebd8b826e5e16597cd8da3025a9ea5828ce8216a3823c8c5cd2850f05bd8cfd2dcffac39222b4de1f8bfc96cc6c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000377
| MD5 | d79ff88f0a7bd07543ee1b7db027a5a6 |
| SHA1 | 87a9ee8844639b1cd625a5d62d6d78e9f586ffb4 |
| SHA256 | ce82c8dbf377ca9a5ee8ca04c1494a831b36df0efa2d01836cb4e4892ad17344 |
| SHA512 | f65fd0ae60961c92d1a5c723e1023f30565410f15eb724de6dc1de86812bf9fe5290908a9338205dbf25c7571e5310987d4f4bab41744d5616341900f61f11d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000376
| MD5 | a7a49915bbb3360c7aff653ee96047fb |
| SHA1 | 1ddfe9bfcd20cb791d7b366e31d2fe647567f447 |
| SHA256 | 996ccda77254502385ed85b4a3123385449132625e258fcac83ff5bc0b4f4109 |
| SHA512 | 0c8723b2edb75214b7e1abfbf22d600a46073d50da189a8e4e7a61f4352ef5f0c62ad05bca728433614431bdff89418d4d6d6f6f910bbb909d88573b243d505c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dce685cfb1d8ada65c5278d71557802a |
| SHA1 | 306992b3fb615c28959324518ff231a8e96a6ab7 |
| SHA256 | 89cb4ba14686ab76c8867cc33511e1090949efe5d12e5cb9ff7304e2bc836df4 |
| SHA512 | 5b70c7c91f07d2e9f887cc6f75e86a0650890e19b8bee93f85825ae76ef275ec231beaaa940078d851ec56678b87ff5e02dda031af7196f0cc25b0ddfdbbe221 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2519edd3e2cf354fa1595a0a34a79fe9 |
| SHA1 | 9a71f7ac31e8a20dfc55cff706777baf3557866c |
| SHA256 | f44b0b9d56c427818dad7ab4794b302c7aed783c7404e52d549b8fe50eb371a9 |
| SHA512 | 303c6272fdecbf42bf5714e9766bc9e1666597cb1998db880a7beaff9084b7335cb698fd7b47d70a0ca5240f5eeea61cadebb60aa002c5fd3ad817feadb6785c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5160872184e7fa8c914525a7d7c88f29 |
| SHA1 | 575bb82613f643f558b14119d162fb620c24f76b |
| SHA256 | 61cd3c4f7a16cc1090047aab516c3d950a16ca288faa8d8533ca20b3584634a5 |
| SHA512 | 7d32418dde4036f5b286ad39c4c82e603ed5944e2a6a0dfd1d11a208ceeeba74866b9502668a9df2fbf4800b6199f1a76bfd765ae5089946cb9e9f6915cd085e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037a
| MD5 | 9856bc0e0532e5d1c89fd404a91acc44 |
| SHA1 | 81bfd8e81317bdbd0a6a86ac4a766b131d1a9597 |
| SHA256 | 6380a3e256ceaf3b986b14b8e5a7e1180a2587a3a98a60d485d1a293511543a2 |
| SHA512 | 5a0fd2064b083093bce7816b846bad330aee510e0c363cfd24db7354882b8c98ef14b0930f6e58688ba19300a53bd48e9f3e2db187b057643248e3ad95455170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037b
| MD5 | f06edb6d4480fe5d05d6a2bc3b2491e9 |
| SHA1 | 6fd61e6fee0a853d301863cd7037891a3ccf3e69 |
| SHA256 | e4d16ecc439527bc57c56f4a5811932cf129470d2957231cbbec7b972ed70cf0 |
| SHA512 | 1be7355ccf52e17adfc1e1f9a7571cd32d59d0bb6eb83488b0a00160ddd79026c8f50f162878556356359f2accf4d2d13bc76ee82a6e985c4770cd9f391674f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037c
| MD5 | 3cfbf8464018c80558c1705b04f7ee28 |
| SHA1 | d3159f121c2bae0c3920912b9c5419f71cd06bbf |
| SHA256 | 793fcd1475afe7638503c3f74fc9f074a6d8fa40319cd9dfdd6609e0a00d9519 |
| SHA512 | 53cf44c0fbc45244c0d05908641c8a104b41ba4ec3b4be26db2cf74e1819a104ec94f55fa3c5e030da134d05976cade8b5b46f387d1d0238fa60e59bd9d96ec5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037d
| MD5 | 4771d3afec63cbad94a1d2b7ab91c1d0 |
| SHA1 | 523fb4835f9cbb0efc14fe524426a1f6ae38d310 |
| SHA256 | 86412f58c894a1207ae52df68b3d4ac352b036f8421bd6a5c2dc6cbfb54f81ba |
| SHA512 | 68bef8cf3979befee938a1a6047f310f71f1baeac7d0a62b4e81914ce70bdf02448ce14d27b40781939bfb2ae343a86b887cbb2a03b8dcd03d9f1e3a60c3105c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0de4bcc22c59904014849d87c257b388 |
| SHA1 | 289c117f3025513fbdb77cf51e198c8086f9a9d9 |
| SHA256 | a92129113cb7c414fbbf2c63df8022089486bdf6d2f8b9bd2c79130fd60f302f |
| SHA512 | 1d0dd7084e78e23bb70857684dfe34ca06077d851c83d9a2c98c831816b499601f24bb1fd254abf3acfa6d14336290a6a08fbaea7060f39730d558656d348d4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00037e
| MD5 | eb1e072c6d04665335169fc1faa3390a |
| SHA1 | 41da2d2abdaf7a1ea4546e08716aa264a2fb9594 |
| SHA256 | 67877d4e89fb5f1f89cb29e5e42db6b6304218553f73974d79fba8d648552925 |
| SHA512 | 2de40989c398c8bf8bd3d39bb6003d4b2adb2859eec05b4ad0fdd25ba988b9b1b951c539fa090c35b02266e7a7dba7056a7c4be8f76ec0dc3019af09fab47f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039e
| MD5 | 3fa78808cea64707fac84126877c786f |
| SHA1 | bacfb75b9de528336392589d63d19de5f5f29028 |
| SHA256 | 98cb784d1733bdca442aad84640fda31c7119fb314808eace64679457c164f8e |
| SHA512 | 96022c34c533eab8157f1d5ec9fc9981a9b350e896e7fcace76ef7300127004bf2645835a8e5e12ddd8b6d7d81aaee22b3551f90ba38cd2ffd9918f9d25ec7ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20fe8182cccf40254a709f304cb1cdda |
| SHA1 | e893e109a3a37b1d405fc000b5a50b660bbf6dad |
| SHA256 | d56fc863a0b992ea595f94446c431e6e46c0bce02c972ba7d30a36e4647010a4 |
| SHA512 | a87376e309e610966ec53b8161dd6ec78c0cd484938104f36b8c90adee8e76de0e8d5bac333a63aa5faf455ca7afe4bf9902f1f6cde2341e980f12ace0661043 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c80ce704d3f7e30cdc25e60ef4dd4fa |
| SHA1 | 31a0d7cb093d7008cd768108407c53d23292fc6a |
| SHA256 | f4841ef40caa8fa564fd4da985b1d49c266d774a9dba705a7570e473b9e52940 |
| SHA512 | 84a3209eb654853c05e40d6c7eb9c1d52b009caee317f8020db9d34f7cbf482eb574989a3ed9534475dcfaf381239861aa77c985bfda45c7972ebc477b5457cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40c948b96c2d036d77d038f88181c98d |
| SHA1 | 7381107a41077be078f5cce30c5c86efc6fdc5c6 |
| SHA256 | 5bbf1bcda2646c96672dcd856b8e1728b90509a12ec10576f45234a26fed6eba |
| SHA512 | e54e6882a9e30e60fd7bc4768c99cffeb3dac465eb72e0c9ab97b392702477bd8365acc9221ba9609686fa6dc7012d205af8f183adee39b28b04e4fa378064ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d5027b66bd121faed13e782c9bb3cac1 |
| SHA1 | 402ed7402204b8389e8e1910275c0c16a4f1d336 |
| SHA256 | 1c347af4bff1bdcfac7681e13a90ed2647b760fa23084845d7bb37c1a0ecb77a |
| SHA512 | a5961962bbeb452f7d7ccd136ede15f7fbd02a61e60301eddf072e1aa23164d0ab789752c9b0020152675949f1b90b329b3720e55ffa84ef8f929265fdf0cf29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f0eab9bd023b8b794ad28ba18e2f57f2 |
| SHA1 | 82736e92e59e301e8b2c42e35831d05b5cf9d5cf |
| SHA256 | 635acb58538914ff1f1d45a51994f52105eb12ee4e885287f3d2d022e60f1b5d |
| SHA512 | ab9ae407a7ac1258d23fcbfc2616f4885db24a48b709404ef8f605a29ef77f00168aeabcdb228232938a752d7744add7563c428ee9183d978009395b1430fb72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039d
| MD5 | 50b140b1e97d859d6d0603414f4298ee |
| SHA1 | 500e4872ee1ba9cf89f1ba626d64987b0f9ab5c9 |
| SHA256 | fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1 |
| SHA512 | 55ef84e956a7943e3fc61a8a349e64e9f35b7dfc63402ab52b995f43a7cd4b1d2acd300126dcdd610d0b106af426848f998ccf154f712034422d242d6ad9130d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039f
| MD5 | a6cc72818ed87e0a3b2c65de60fe8de1 |
| SHA1 | d5ec400f24c92231618c21096ffa9df919923d82 |
| SHA256 | 82fca6dd9a1b9110a3a143ad2d24b68b26ad7e3422d8348e5ee554e09d799bcd |
| SHA512 | 4aa7b83667a9aae8c6ead01c638ef1ee9e02e4b8575a4317fdc0a264e13c4928d3d09c46d084cd7e05aaa56dc5a8b1695c7d6d3fbdb00f1dc8b90e6f5e95c0f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4aef0ea6d6c441ea1d5cbf0c7a71dd8c |
| SHA1 | dc91b3ecc76a5a1d0238d3aa3bfb67895aedfd7c |
| SHA256 | 31c37eeb49f4a97342bb085dfb882d26709e04071845bc8f6d7de042513e26ee |
| SHA512 | 04f34c18b18e64eeaaac410c35d13cda80c7dc7848c5c2aa6c9c2c0aacf8a0cea418a1d6c3268b3cbf3018bd35829e01f504cf39f99d23a346887f2fe10879ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3714640c8232379fae46f859a7b773c5 |
| SHA1 | 1d414345ca4340494be314b1643b5fe5cedb380f |
| SHA256 | 8278c0ea050ddf5b2556b60e5ac0f5a7cb6d0795dfc9b03ffdc53155419f6d0a |
| SHA512 | 52377ac51991b06ea2af55d0942cce607e24470afaedc05202c774dfb8ead4984e7647f2467ffaffa90dc908f2eb86aaf694ae8795f567138233e54fafa8023b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b31e30934b6b99052db22ec12b3fea95 |
| SHA1 | 75c9093b781429e76c34a078d86a0ad30987e8b6 |
| SHA256 | d9107fb194dd77d9bf136d3e7e26b26ca535eb9c58a346c7373f2ee54ee34b8a |
| SHA512 | ed067a7f0a362e78b41043079d0914f84f0de4ec59641f4c4ef6fa041c6ed15074e8ecb59dca77ee9569778ca5cf8f502559662da6d1efab1f165d5c802257d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3230677a3cf19f14dae4040861418185 |
| SHA1 | 98b801c1083d8dc691a435c9caa2e5522ad2a51e |
| SHA256 | ad4ea45fa1be49f1949cdb0e8761c3df5a4cf8ae93dd36904d562aa0ba7e4825 |
| SHA512 | fe37b03e9979ac60cfd607c45f7cba89207ed31795ce1c2a6a00858e4f01b054ddd04a5660bf4fd690e6a1a78327b483f7562b8bfe2b9ec6fee1b9fe087ee6b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\409d7f8c-2c60-4d95-b56a-37d133c849f5.tmp
| MD5 | 98ee9ce1372c05087683c86ba4664a34 |
| SHA1 | 6d4b2e8090dc7f26c9e6f89744bd6cda95c0550a |
| SHA256 | 09573ecb487fbd07753d7ac1710eab0e57d8dc95a9f9a846a8520e246b1bc085 |
| SHA512 | 56a860d351d7ccccd8392483c344f4f115712d49205f3e3b1bd45afeac1bd2d50ac45e4d71d106ac80a2d494979af22fece91fd2534dc838d30a98de1b12bd83 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c1865e546b64eb1f5c8fc0769c918c0c |
| SHA1 | 4d96b7cd3992d844f4056083d292827796362e8d |
| SHA256 | 0309f6d0c4436a346923c9218ecc83529f156ae5e2752a42885274edd193ff81 |
| SHA512 | e095012d76dfe02932fdbcba6fd75f6a8353b9d79d387d5e9b164e87e65f99616762b164010be0d754e87a27125ace12ff28eee868a2204eb948d4d2372b6223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bcdb16c1870b133da2bbe5464ff0130f |
| SHA1 | 0f8fe507df225a49dd723dec980adc56db108b95 |
| SHA256 | 2ad6948658ad8ef3fa06702c2dd0408b566cf9a19b4f2f9da2ecf89c7f00dea3 |
| SHA512 | 2f3ddd671a5df06fefc39871e21916a798afba22b8356f8704efd1ff7ec6d86dd5b45c7cf25832eb51c0c66afc6c3569dbd2a2ceb43f7cb165143047e0763494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6649a4dcffd814ae2819b3c35894ef85 |
| SHA1 | 321e2327a1457f56618f28919342c2af0cea02cf |
| SHA256 | 3a13ad211c9d090d1ef3ae272f826b4ad643b623819da92281f999cd979da77e |
| SHA512 | 29a279bb0ed277937fd38afb80834ad988f56ec0645d1b4c5cce33522cdf769ef790dd34fced3e6db4689bbaf384ecf000f15d6d01231390210b093608e8bcf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e82646a2492f048143167b202bf6d27 |
| SHA1 | 7da6b860daf5d4643e9745391c1dc10ffbd43892 |
| SHA256 | b41429d5f4a7eff35a0faefde138072e4e25971019e2948f7a9fc46d05fb5439 |
| SHA512 | 8c5a9a4a971f7cc64e10e86dfdfe6cf0697590227bbeb9836aa55c767195d50ceef08cdf77ab2f20e579afbe098270f6c44ca32469fe6729c0b2d6e01dd00aeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b19f0e9350fe78ca9916321998a28172 |
| SHA1 | 799515adc8039c7e49affc9e6d105d6374955c6a |
| SHA256 | 18fc79a4bcc972cc63c34db6e00f98fde0cc620eeede420d27aa10b785c30da5 |
| SHA512 | 0f5f5986cdd9dc64fa408cb6d27e61922ecc4cd7a442bac2644017fd29305700d1cc6357ec07779112869908f09b2e93587c5509ed15101bc10712c3a361bc0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a06d43d1558db95acb982be5c91d0799 |
| SHA1 | a4c752442d5775f92e5793a11b821766ae87a993 |
| SHA256 | ee080fb24e3c951667c1b33622c0f5eaaa0e67c23ae3fc8326f3cfffc0869d9e |
| SHA512 | 7bd989f00f8cfda7b9a56454c25887db8d93e87072e9be47372e396e9bb07462a1d6c8e7d7d68e9f7fae57cb2b9533b7a3f9138ab48c1fa3ef6a13990b09e385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000412
| MD5 | 9a56f4eb7af045f304951ceac625d949 |
| SHA1 | 669b2ef84c7cdd419c9dc893899f429fead33109 |
| SHA256 | 0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b |
| SHA512 | 91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000415
| MD5 | bcfda9afc202574572f0247968812014 |
| SHA1 | 80f8af2d5d2f978a3969a56256aace20e893fb3f |
| SHA256 | 7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91 |
| SHA512 | 508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55e23f083a3765fb3d4196ad96f867f6 |
| SHA1 | f313a4729b0e737020c4dd7298ac10ccd5296da4 |
| SHA256 | c572276541c070148b3eb37c4269c2b3be2c0970a3ce5347f13949e7d4cb36be |
| SHA512 | 0e20195013b82c66b30747c304aec7f8a94d0668f57d8cff95021e73b4008a91c67cb16701540a62476096206ca6387aa07c099113f48c809556bcdc6083e15a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 261860b1bdebf7f6f9295c5217ac7d61 |
| SHA1 | 9c00540e93564432337ffb6643a04c1e300338fe |
| SHA256 | afd2aeee9b6dc76e6961d96aef154c686d91060d26ceb1fbd3c8474c8ab6bb85 |
| SHA512 | 2fcce1543175d6faea1800fb2a6cbbe768f931877c4a489538ae3949c498614ff1ebb0b26ab6e1445fbce86ed1598aab7e3cb2cf1e437fe269a4a8c6366506a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | abfd8c85ef6e62a73bbc09707afae377 |
| SHA1 | 7b4a1233d91aef8070b905990441655b49db69ae |
| SHA256 | 573b21bea92792a0665f44a5254534219194ab257fbac6058151eb1b739c1c22 |
| SHA512 | a984b95a9ab19a2a9ef1119cab2e680705ff1eea9d84899d0ac0c38edaf636aa82715c82db8c4383242161b4716edfc1094c457a86cfc0c93bd0738c8532bb10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d4747e9ca6e369d9bf6917e92ca70111 |
| SHA1 | 86a874960c63ec4e94948a2f6f17c94b3afea789 |
| SHA256 | bea90427c4ab87114534c95e959f44ad1f508b35a37aab5452a4454b04eee04b |
| SHA512 | dd44fc1e7b575e2b588d263e5363d42ce9afb1661c355639ac93399cdc7a1649da17c899841e7c8d8b2cbf88559fac18e90f8469aeb437f0cf0a9bae0258d439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0174d7b156299b3b4527330eae08560 |
| SHA1 | ee66b190a3d671198d9d96abad7b45343ad19bb4 |
| SHA256 | d6c5a3f910af458245f46c63b5a1ac96208be67a925704a369c0e2b10bd6867d |
| SHA512 | e449ad540e6019540346b59f86f4d31f36b66c3b9133adfc97f62919f062a55b71ae2d3a92cd04eacd2f8944f9cfd4917b83995eb4ba5d9e03ae0b6cdd4bed48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d369ae2cbd1c8996b5ba1575454c3808 |
| SHA1 | e65fbc74a704f2bc909b449296d0434a1e8702a0 |
| SHA256 | b8299f4d3bcdc422476c05dc07660edeb2fcaaad2fcb719e1d9d70163106888f |
| SHA512 | b0c6e185141573d3ed04422c1ea8d15c02a4a35f109452c7591e099032e3cf9b9eda059ec2e47b893e9ade6d6ea2378ad9f6e76cf25e820681e5af202e713ef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a5a5c200d0420c763cc10719be04fb8e |
| SHA1 | 46f620215f4ea9e0870878102bc3c9bcd2a2c993 |
| SHA256 | b8ee7be6f406fb5742f6377675ee71623ad37544f15a1a64ca47b89a8de03071 |
| SHA512 | 450fc871b510e84b2ed7e340230a8ad56813574b8d1a7304e2573d51e83f05818502e8758345bdaa2e070b092f6438c38fd746fc12b04e60c372a22e608c2811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a6585cc2-6b6f-4bf4-ad60-23c0e0c99be7.tmp
| MD5 | 60985d747f6a5aabd3850192acefce29 |
| SHA1 | 608b0d6cd0250c894c6e33afd114e9857621f329 |
| SHA256 | e5887b336735e0b6906439ea1591e4c66704093bfee8bc530275e83c93a332ca |
| SHA512 | 8dd32ae14ac1f2aa4c40b0bdbdf6bcf48a8d3158156818020bd52c89ba8631597b807ca6b1513a73b11fec1b6137e907490456f2e44adbcd5bd80c9937679425 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c76126bdd7e54adaaf5c2a0d9974817e |
| SHA1 | c81e1bdd37f0670af12153283696a1c1f11c9f62 |
| SHA256 | 327b9839d6c49f35d883489a16eec49a7025e32fbbb4a6d997a559e928f8f52a |
| SHA512 | e54ae271ad9d5ee3eb1c8ede4af2db227c0c3c7d1c985d937780d075d3cde03eb16839d28d7e92edeaf2f439437ee15aa319cd33108418ce157b812ff5b628d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\987e8d21-88bb-475a-91e1-1392204f6b3f.tmp
| MD5 | 945d18c4fd37d7a86a5719efae0a26c4 |
| SHA1 | 6f1768f88f813fb23761b16bd2d37dc03f8ae322 |
| SHA256 | 8bc6bcad31e80d6751b92e51c8f4f6d45272dd575e7621d0552cc9070a8a624d |
| SHA512 | 539eb775a40016eb7933989415f933d968902360cf742018c01eeb5fd43b5efa90907f8af1c2357e71d558ebd9c77db88c03c6987f7b14417116b552ed6dc02f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 50b52f14d0755f0467b095e5da11dc20 |
| SHA1 | 7e0f2d02e6a4da03eb0cd9642d5672c9a4866ba2 |
| SHA256 | 0ba66921be7355c60708b2e1b3ab89e8c5065042cef43fc60f94f2e8d0dbb540 |
| SHA512 | bfb85ec1a9f7f8809a6533f04fa01288b67f7421f4105d19c682e813d247f065f5ef9410bc7b760dd75983cb07062df5989db3644a5480e06f197d70a615ede5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24805ecd7c31f06221f23fc91ab2ee0e |
| SHA1 | 5b1871e0b997cc5cd61a7427b32a6a81504b6ace |
| SHA256 | 9a634c46419de95b174587937d663abc7de60cf6a321e98820a84d41a753a214 |
| SHA512 | a1530f6ebe17de1bbe74edd3410cbf2546463b423288e9bfc877d317a2a4cbbd1f31624ae4594e56b12f83abffa1ad2213fd03bb8f4a814560a39ac9617aaf08 |
C:\Users\Admin\Downloads\metrofax.doc
| MD5 | 28e855032f83adbd2d8499af6d2d0e22 |
| SHA1 | 6b590325e2e465d9762fa5d1877846667268558a |
| SHA256 | b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e |
| SHA512 | e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34 |
memory/1680-6198-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/1680-6200-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/1680-6199-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/1680-6201-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/1680-6202-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/1680-6203-0x00007FFC2D1D0000-0x00007FFC2D1E0000-memory.dmp
memory/1680-6204-0x00007FFC2D1D0000-0x00007FFC2D1E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | c2fc5d0c1664ca8577845eae716ff3a0 |
| SHA1 | 08fd855456480c85c6ba4c4369751335e1f0940a |
| SHA256 | d9452dfe79a48fe3fd36613c0bb1a313ea78b0529ba88ab96fa95e9174548fc6 |
| SHA512 | 1f56331db9288ccacc99565a0d5d73a15308a7576d4b91dcb695dfd743752bdd7f9da5668b1ce3f8c34146ab208b7773c4dda5bf1596d911edb02e1f0cfbb93a |
memory/4808-6232-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/4808-6231-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/4808-6230-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
memory/4808-6229-0x00007FFC2F330000-0x00007FFC2F340000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61e0d491e5a376e49ed6e82182cc1223 |
| SHA1 | 2bc408f017f9c7b5a8fbbcdc17e2812062c58f87 |
| SHA256 | 863cfd844866f10284b0b414c1b599a3e727fc4af49826f431b75f82728537c9 |
| SHA512 | 3efd6fa799322e4e0d81507c5d589f0562995cc27178b8a0608e501d19aa69adc92ae760ce97e8566c3452b0f63322da0c29ee0886301d5a674f0ccef4fd94e1 |
C:\Users\Admin\AppData\Local\Temp\vbhja.rtf
| MD5 | 8cb093eff0ed2d5b9acfcf2e13962a11 |
| SHA1 | 6d09125aa6e06abf6641539371b23ec9bf82e71c |
| SHA256 | 07a0ac4730ecd649331d33d6488ca871cbf394cd5ffe32b49a0a96c1620147c2 |
| SHA512 | efbded3a68d0cc306b9672581db7102ccf5a8fbe2a6537381e16959037480dbe21612ca9addc10ac0abbc8afece77c0b4334d0d820d57822d3b3df37cd985985 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\70B1992B.emf
| MD5 | 0ed5bc16545d23c325d756013579a697 |
| SHA1 | dcdde3196414a743177131d7d906cb67315d88e7 |
| SHA256 | 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3 |
| SHA512 | c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4498ebfe9cc6454357a4d9267fe57bdb |
| SHA1 | 7d6af98ff24ecf87ff0ead8a6529e3d61b3ee5ce |
| SHA256 | f31ac1a89de35cafdf0ad87c52667ba0b6f9fed78dfb557cabfddf0ad7719b07 |
| SHA512 | b073aca8a4b076bc5526299f320002bdab2af81c86b9ee3ab9c96c7b91d891a3c204a2e6666051f61f6a0be66951ca5af0135b145a1817a7ea4dc1a0c6aacd33 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 2a1a8bf68680c2991e9060e22cc5616f |
| SHA1 | 81e9fc0776e5b41b86d70a672b06e3571fe87067 |
| SHA256 | a0b67f4568a05ea16a6e83c31dd5845fc982c777961877f3147d1ed2cb7ac8be |
| SHA512 | 2b77ca78692123c4cbb1269c6adf546461780360e6e0fdc09e8cc97336708dbc977562b9f1d216085671bc716f4cf5c9902c568b7be6bbfd53f18516153a298f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | d67edead8568b59e47e7dcf8e321b922 |
| SHA1 | a6c088e7f48863dd3f46e7ea9219d0dd7836c433 |
| SHA256 | 502386bce49390b25c2db759db16edc7a16795da32277198ad67daf144e3aeb2 |
| SHA512 | fa04cce7b520247992b0e4973c45676b75367284a30d36c13bcd43057bb21c5345abb63f7b6870a78c1249098e876565dd1f1dac6acf998ef1491fd20dd00d26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfe7cc035578d5dc795ee8d869f6c491 |
| SHA1 | 414c01ae3c57ed9394158d358e21a54c271c9bb6 |
| SHA256 | 3a2dc376951619e415f46dde880c0633568dec514d086556fb99c8baca35eb33 |
| SHA512 | 4b51c785f32f6c5ffa819c7aa525131a3414a4fedc508625473980bd5416e8c413bf39f8f2adff56e378b51b07c403a115d7c5068fa2066734720377c2748747 |
C:\Users\Admin\AppData\Local\Temp\TCDB29A.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 5dea626a3a08cc0f2676427e427eb467 |
| SHA1 | ad21ac31d0bbdee76eb909484277421630ea2dbd |
| SHA256 | b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6 |
| SHA512 | 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1550c957adc142f87ec0c1312b505760 |
| SHA1 | 5bca9bfb0a97d55bd54bc252a7dccb7a24f16ad7 |
| SHA256 | 29ede3e283d1077caaa7f14aedccf1a79dcdbaa2e8b0df690608c5ad6437fd4c |
| SHA512 | 436494e48a7e5be0e5a3733185ae66ff891fd084e9adea5b39fb68edeea1b817491f6d628b9d3d4ddc352f91310ff821df65b329bc57af35fea157a5d3d5e42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b3579366b085548beca15782dad5ef2 |
| SHA1 | a75e9c4cbbf22e84acabce6742730e283e2c0e66 |
| SHA256 | b83f48ed42ac2c38bc630da05813cd7a572aca8f1b73ae20ff7fcbf8b0fa9bd9 |
| SHA512 | 60eb275c0eac22e8af15f1a8b380a005bb2502fc234596ef8c1a92ddfaee480c15eb27e6889ea81923caa3230c7db6036287cd6beee494b59a2f1dbb3abc67e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9a72340-57f0-455c-9ee9-56d0e56c090d.tmp
| MD5 | 7422bd69d12082e8eebebf5bcf92a5ce |
| SHA1 | 60a0ad4b425b70e06e331b3114a413a02cc6aa77 |
| SHA256 | 55398386d650eb1bb5ccbc0a7b2b7591e064671186976799475be5b8954be915 |
| SHA512 | 4cf9aee15a08d0776cbcbf8884d25e763273311813ed0150ca45a6765271ab39a8f0eac7b1ec88ef853341c32a56bad7dd61acae2ac0d5a18c9970f3b4fcbd2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03457346d2b7d185101fa33961a51208 |
| SHA1 | ca7845e9f7ff867694baaa7da60e952c9102b04f |
| SHA256 | 1b2dd89b0e8dd7e656a934ad452eae47c85e8e369376f7e989cb2ac89dcd3d13 |
| SHA512 | 306e62579ef8d2ee1df9ba6b440d6d5932ba2ffcd4a74156c040899e8ddd79f8bbf7534cb665e1d58438d7829f9c3a3150a83fc8250ceffa2c4e85f801037a25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 20c56774fd34aba4d31ef6044a37ff94 |
| SHA1 | 6a51b5e354df4ffbcc1b9e93c067aa8767f67288 |
| SHA256 | ee4f75e109dadfe163505dfc4886743bfc848a9cfc629e60337fa1a9473d7a5a |
| SHA512 | 4ca11484dd71a0de63bccf18585787cb6c389614411643ae9be7793d4f8a024e4a6ddc9d34b8973cba71e0b05c5a08cbf9ef4530af53295f9badb80b364f0164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 23c78cf263399eeafbdd0a3226a3aa4f |
| SHA1 | 5603d3eae487a5e7f4fb47d0fefad593f4242746 |
| SHA256 | 94d3a19ab7832ddfbe8239aa99de432fa09687339112486f7c6205e5dd2501c1 |
| SHA512 | 73d9f9e0d420d525dff61256444e29f486558dd9032a499077b33570d37176c54a90ec105faa45b47fc4958a27a65477f32cf91d33e33cf0ef05b7b40de32986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf9a5956ad7e1e74702a00278e4b2c91 |
| SHA1 | 6f8913f7cb4ee4c3eaf02c495a157dbbe1874235 |
| SHA256 | 229a7b3aedce2c447a72fe2418254c02a0f236a777cb28a62824e238f53e97d5 |
| SHA512 | eba98e29845f027ca3274f4dc65bdb821dc06bfd4f8a90ad11de966077ecb34d44608c1375089f807aca04a9afaeed460da1eff784cd1056665da2d3d54a4c1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 339e590a6613bef0a5b4717076458dee |
| SHA1 | f9ac4f7ba5e1df60ea7894b08cc688d0c533fc82 |
| SHA256 | e6b5ef3095b17164a63afcce2f302eb793770f34ec60846bdb38c7c422d62b37 |
| SHA512 | f176d50e28740031f3531c496aa9d0df3b7f9fd00826ff93539854ccbae1273b068ef9b51b7107e208e4207d420c278ed2ce4ff337442ebe98035f8151f27100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97d6d972125a6bcf7e9dc83f4c61311d |
| SHA1 | 1cf3f978be4554e7ee10f7637983a289c1f32910 |
| SHA256 | 9cb2512bfac3140720370f3a5e1fc3699fa3f9af1bb7a9dc5ecfce08e847bd6b |
| SHA512 | 1be68bf230aef9265a1676397cd6ce11c22482950acc265a7b1edec6e9a555382b6d29b66ae5c674583c962ff2defdc87d6180c2e1d16c44c4e6733c85743f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f0e7b42260bd10f81f6e5937b8b4b23 |
| SHA1 | 31148472055e1c7b9b04d1522b29d2e526131330 |
| SHA256 | d8e9b1ff59b850522a42739c5798a63095aa1bd7c8fea37995003ef7fea3caf3 |
| SHA512 | cd41f0a34f3fbed316d8a18c622997ca4fe4b2ca1779708f15ff82d977ef360b072ff664f173e3a447df6d4acd3b118986802bf20462c58e0f54c4c230d44fed |
C:\Users\Admin\Downloads\Unconfirmed 842892.crdownload
| MD5 | b2eca909a91e1946457a0b36eaf90930 |
| SHA1 | 3200c4e4d0d4ece2b2aadb6939be59b91954bcfa |
| SHA256 | 0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c |
| SHA512 | 607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d525f18b73892067327c2db01b3c68b7 |
| SHA1 | 6a77e592ab1422df61f2318601e46b82a52a6648 |
| SHA256 | 0b37df85868870b8e6b59bcb6f8d73f9f25a435c9e229a75245571c03c742633 |
| SHA512 | 0a83bcd3d31782414e5c07468f1bcc1076048921395b82a8ab42a9a842ff6849c68ecfa98fbc724551245d79a884464a9484a72f3dbcd7563ea1b4f0aa6ec400 |
memory/1936-7084-0x0000000000950000-0x0000000000960000-memory.dmp
memory/1936-7085-0x0000000005840000-0x0000000005DE4000-memory.dmp
memory/1936-7086-0x0000000005370000-0x0000000005402000-memory.dmp
memory/1936-7089-0x0000000005360000-0x000000000536A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 830d297776b7a9badfa0449f8344fa74 |
| SHA1 | d176b162c2ecb1eb470a1800a991a894d7fed81a |
| SHA256 | d6610295335e7f95504254be60b7930816a7bd65cb089dc5591c08dbf3a69fd4 |
| SHA512 | 2060559d0f11623dc69e0c8eda9628d1745ad58c3a530bfb2fb3a91c9cab240b03840bfd8b1ee58bd595f598750e1cfc4d86a22ee49777d7a4f07023ab1e7511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29abc2bfa63f54cb6b495dea7b300378 |
| SHA1 | ec6f35e240c1e5b7450998a1dbb18f5a508f287f |
| SHA256 | 69ce2b7ecd3e59484347ff252e87b1133427e181644d1b4bdb9f7fd6e7b95100 |
| SHA512 | 380eba59ca11536812c760daa156eb7916bb702af6ccfc3e4de39da9a9d96cf8b0a37d293850b50f5910a7c38d1e2772eafcc60cb664a22dfd152cd14d2a2a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 8bd66dfc42a1353c5e996cd88dc1501f |
| SHA1 | dc779a25ab37913f3198eb6f8c4d89e2a05635a6 |
| SHA256 | ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839 |
| SHA512 | 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75cc92bbe055dfa6542a07cf5a8ae838 |
| SHA1 | b9ef0c1e4f382b34574948e19419212ab4422a5a |
| SHA256 | 1264aaedbda7ce3a9b931f039b94c348d7789479a12a62f57e02d10ffad994bf |
| SHA512 | bbda497acf0a32dbc0a8cc55d8089f1d3c5ef8f2fa9c45ecd084f0179d53f297f83864f18737e59664372870767758168b7e8a0edbd81a91804cacb5f353c617 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab38839ce713b020abe782d92467a5f0 |
| SHA1 | 1a7705a99a530b08b6b4a1be39bafc5ae1316bfb |
| SHA256 | 4c9f3502ae6e994e5e3dc16d589f682292b6b06d2f040e8e362e3d63b0b16c6f |
| SHA512 | d8e7dca5a8f8d2a14a2baecc4684513c9dd8756550ea675833d0925fc4bbe9882664b384d531ba2a07de9cb268f464db931ad7f52d8aa8eda01e1e2125ad81e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b4
| MD5 | fc8b9283e9c3686899120581f73dbf88 |
| SHA1 | 5d2c3af2bf4a2054daf15098d95992c9aac1bf17 |
| SHA256 | 27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216 |
| SHA512 | 9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b8
| MD5 | 4a6a239f02877981ae8696fbebde3fc9 |
| SHA1 | 5f87619e1207d7983c8dfceaac80352d25a336cf |
| SHA256 | ac546e02b937ee9ac6f6dd99081db747db7af6a4febf09cbe49e91452d9257b8 |
| SHA512 | 783cf2ae4ba57031c7f4c18bdac428a1074bb64f6eb8cef126ad33f46c08767deeac51917bef0f1595295b9f8a708cb297b7cf63fc3f7db0aa4ac217ce10f7cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004b5
| MD5 | e42ba21fc6ad46eef7210e6a17cbcf29 |
| SHA1 | 65df7e97d6ec546a85a16beea1a8533788969fc6 |
| SHA256 | f41a6b281e24eebdca7fdd637658685e2c4159b9da7c1017e5b9bfafa6821d8b |
| SHA512 | e9b1896224703b80e26411b65a418878d77713a023a8bfb49707f7569359246d9ce1e2307613a1ecae7bd64a78266916d4586aba1b30fda2ecffe05322427ef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004bb
| MD5 | ab8c6959f7d35bc393a98b6a2db5ce13 |
| SHA1 | 1289068381b91cc6170c810db2488bc3a46f242a |
| SHA256 | 0178bed6aaaa7c7aeb61cbdaad645ebb6701968d04d1778506755251ba37311b |
| SHA512 | ee194274097d7b275292633a9258d5dfb0ccaf28a476e5fac10a34577f3206cadfa0b9c9aef1e7f029ca0d0bbf18e220ee69aaa4e5f2077c167ff0d0803d8d91 |
C:\Users\Admin\Downloads\Unconfirmed 346058.crdownload
| MD5 | 20d2c71d6d9daf4499ffc4a5d164f1c3 |
| SHA1 | 38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8 |
| SHA256 | 3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d |
| SHA512 | 8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6f9a9ece8bec518d95ee84d75f8c7fb7 |
| SHA1 | 6586b629b479e941cefb1be10376af5b0b2a7acc |
| SHA256 | e546f4f20f1aae7e374f22d88a28f78d7bc90d10de629368b99cd8bf2e10adef |
| SHA512 | f8f4284f4b1e23d27835a7ad9195378af0ce175bbc66439a6f256e138255ed6595fccd2085292e304cee62be9f4e05a993e7917b5c077f4ba89f0145532a5a52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c658c633c74a9371cd8b846eea22a54 |
| SHA1 | 6969cb896aa66aeb69195c121d69d0ddecda8df6 |
| SHA256 | 4f4a4848eb3eaf8a234bcdbc4018fc0f6a02c9040c13a2da7a9f8a9bff6d793a |
| SHA512 | b7bdd1c7a59e8b4ca8c93f88e081e8f8f0b65e4cc8bad89fc7cf56c4c16f43bda1680bff2d15ad5523b8151a6d41ddbf890cd8361a20f2190d013275d54d0dfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 268e279137c6d410ce44897e7a10d930 |
| SHA1 | 69952be5bc467fcd6f7dabf09e5e08735a24b19a |
| SHA256 | 35ac4643d28f21a0f0d694b93f8e1ac0baa78c6241bf497c983b28d28871001e |
| SHA512 | b53bc93c2ae7fd945aabab71b1990447a423b60e44a39ed8c588fae82b3da8d38825b79b7888e98f62a6f256581ebc22a71664396195ea5d0ad7dda15169022d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d4201856a5c88d2db2a271d4446bdd62 |
| SHA1 | a1d9620841c765d8fac758bab318598e9debc328 |
| SHA256 | 2dfe937f97e8ce1c02195530789ed7b148393c26dd65ec771f4de2519efbf6ab |
| SHA512 | 660a24a470b7b72d213314b8b92f637d98e5df923b02265e396d82f23e222cece078bbe5abe6101192e26580292220cb44344f380cb9f273cbe3703aee172345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8eaf6f960bb405f3cde5b39e1516f0f8 |
| SHA1 | 30df421701431286a68624a06b73fc5cf3f25c14 |
| SHA256 | 3b4017c8dd0d3967b7edae5b67817d6a5c64e5582400e61f6506b208bc3a4ff9 |
| SHA512 | b1d94dcd51edd98cdcd490a44938b0b60ba070cfdcf788a8c3eb38dd788178d03d1169e2ffa6b4e57f139a1161f29ce6c0db3636a7b2c5b3efd342a6158885a8 |
memory/1896-7553-0x0000000000400000-0x00000000004A6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0dc1ec34cae470a843b2b2fa1caa252f |
| SHA1 | 3dacfe3f9074aa092d174354baf90a9a26db53ae |
| SHA256 | 9116a36384a96824b913ee221d80be1d49fadedd5c68e98f91da2d20f0aa8f25 |
| SHA512 | c95c218406dc905a813db0084d911a8ddf2c1dd344b93d27be191d7c9c8833d41b7631c7e639f737d01e92b37641f4e935ae4bbe00efefcd2bcc916e44fa3de4 |
memory/4056-7587-0x0000000000400000-0x00000000004A6000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 756422.crdownload
| MD5 | e87a04c270f98bb6b5677cc789d1ad1d |
| SHA1 | 8c14cb338e23d4a82f6310d13b36729e543ff0ca |
| SHA256 | e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338 |
| SHA512 | 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3966542cc115bc9f21d922c72d4603d5 |
| SHA1 | e0d02d5ebb79b679f15f2d9e68135107bf5f43fe |
| SHA256 | a9ba714e69020cb51a0aed3949331bd14cd4f26bb90ea8c020d52ffb26c54edb |
| SHA512 | 3f80f7d58a47d1d9c3716b7e1fac70657ccf022ed47f551e1885140e5f2fbc1efdab256ef59258dd38b5d497bbb31e9fe309644698ae01f78d10cf020bdcf374 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d4ec9e8061d816576245a1761ddf6c4 |
| SHA1 | ca8a45db5c1c2eb4cca7592f3c4e2335ed23718e |
| SHA256 | bf4db9679d904073b4abdcc65b6a1d7299b163eb4431f5e7cddbd975111d85f9 |
| SHA512 | fca21344a0f9d4bf61d4771aad176e5c22f6a5fab3d7d22ef94fd466d2821c613095988023846e795cd0d60d92d14dd845abb1b15823dd0384b4066315cc6b22 |
memory/6240-7679-0x0000000000400000-0x00000000004A6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3cb0581afe96bba552b3ee86526279c6 |
| SHA1 | 52e04ece4387cd5cb84f0c32a83b50869893e91c |
| SHA256 | 1fd896111dca3051c821139050309950b923a681c37f3ddfd84167278650f884 |
| SHA512 | 8d75d1ed872ee9ba55a2e239f6b0a71af70f7bc5df1a6015181bc7b06012375bf43c82cf055e5f01b4c1fead9b4611cdfbb48c64fa7e2acfadfd5e40f12aaa93 |
memory/8-7702-0x0000000000400000-0x00000000004A6000-memory.dmp
memory/6940-7706-0x0000000000400000-0x000000000044A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | adb0f7154d60afe667a7bde0c7122e75 |
| SHA1 | 61112efb6a11c08419939844a5beb4c07c1ffd65 |
| SHA256 | cd32abe1f8e208796111f8e75cec3a60cfc6d7b9e6ab69e4ad5321531437c216 |
| SHA512 | 486447d1b00e07967f7ac46f6c3b4d4fb58f4f9cf05ad600ce77a7acb5624299eaca50d06a53da78c2fb6f89983ca91c2329a20fd811d138aa682aed793df4af |
C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload
| MD5 | b6e148ee1a2a3b460dd2a0adbf1dd39c |
| SHA1 | ec0efbe8fd2fa5300164e9e4eded0d40da549c60 |
| SHA256 | dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba |
| SHA512 | 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741 |
C:\Users\Admin\Downloads\Unconfirmed 982681.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7086f3f8a0bda99b1125c68a8bb60781 |
| SHA1 | 8cbe7a4b0e58c2b7475ef16053641de576b000b6 |
| SHA256 | ed0cf042fbf1310b9e70f562b2773bc411b3e7b1deabbdfd8c6d4ca5eec17f1f |
| SHA512 | 1ba946356a2001fc7716244c27b315a35fa7629447ca10dcd6a77f9891dd229ee91b292912c441255ddb8f80d8526e605c576eaea5f5911caefbe5f4c88cb0c7 |
memory/1228-7795-0x000001C2EE770000-0x000001C2EE78E000-memory.dmp
C:\ProgramData\Hdlharas\mdkhm.zip
| MD5 | b635f6f767e485c7e17833411d567712 |
| SHA1 | 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8 |
| SHA256 | 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e |
| SHA512 | 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af |
C:\ProgramData\Hdlharas\dlrarhsiva.exe
| MD5 | 64261d5f3b07671f15b7f10f2f78da3f |
| SHA1 | d4f978177394024bb4d0e5b6b972a5f72f830181 |
| SHA256 | 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad |
| SHA512 | 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a |
memory/1336-7825-0x000002246B020000-0x000002246B934000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 59db781691bdaec00a9f08ab468019fe |
| SHA1 | 17d9a54bb4465759d109d1ed98542642ab6c1062 |
| SHA256 | b7106fa2f11cfc7e87abed692bf9a73286930eaf3621611d365633c2a525283e |
| SHA512 | 604344ab324086fe39a95e852abc08419c554b45cbe9afeee898297cfcbebed5165fa28c39335e0e2f16927b60709e399995b84defd8c2172a68a614019d41c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 576d979c2d7a383029fc55a28085c8c0 |
| SHA1 | cde111a89f0918f427f5f943a6c4a668d76cd77a |
| SHA256 | c1c7d8907c7f9b3e5609fe7c7c95240d1db247fa25ca82ce0b83de5eb952c9b0 |
| SHA512 | 4753341baa28fdfa94e69ee41c044fb27c3f40a303a78ec21e597d9b23f03093322eb3b66881ec20163e7281e9039819a90b8e1bd705f9476c525c1ef574094f |
C:\Users\Admin\Downloads\Unconfirmed 928573.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 060348c4de8de8295ca9246db242e535 |
| SHA1 | 779df95d5c39644e1bbb93a797c20d59ddc8ba60 |
| SHA256 | 88c64dbc36f0d6015b4fce5392a93c98511495ebc0ada99bcb581b837681f1c0 |
| SHA512 | dc5a975e8063a7279049cf5ae0b7199a7e9f3154f054560ad5db90bb3b5717403d27606c11cdbac4af149389a6f67c43bccdee3dc852fa4ea4bd6308c9428f01 |
memory/5844-7961-0x000000001BD80000-0x000000001C24E000-memory.dmp
memory/5844-7962-0x000000001C300000-0x000000001C3A6000-memory.dmp
memory/5844-7963-0x000000001C4E0000-0x000000001C542000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 63ea69e60f9c1534e34ccc0c196a04e1 |
| SHA1 | a3c26f2eb7f7a0c47f5b8647e002cb50cb1489b2 |
| SHA256 | 72fd220d4c6241c69c5d222405fef7d1e1f30495a5cc005acf685b940016b566 |
| SHA512 | 364b8f2ddeb4013fff0e49b99c5f15285fad2c856974f351b9449949d5710fd576f614d2ee3f47344f0158b9e4818c4d7d73cb0f4064be43516a35fc6a2aba01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5aaa687283cc9fc35994a56a509c652d |
| SHA1 | 5dce571808840077192fa3745c532c56229425ab |
| SHA256 | 02a4b704e57fe687e171d31952f1b39ea10448052b5d2b298559e2f8ffeae74e |
| SHA512 | 3f8996ddc5c21ffdbb6e64ddcf2387874d83df5fabc395fc9488c41c3d23be6a2ab4c7e316147d3605081f63167443b830a93718b87d2633c77768a55dbb14c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 21f026a77fdca065c9caa5eda88b5668 |
| SHA1 | b0aa43faf08aa22f6b78fce20d04ed5c0dd958e5 |
| SHA256 | f33fb16d9c71fe0dc172d4f5c81651ddcb2e3e2b4c07bcbb17e83fa89f7ac9c8 |
| SHA512 | c6e7ffea9903ad7dfa8ea35649954c76bc2f364022e3ed5fbb61be4d4e40fc8aa8d4e278995a94ecb241e37938390ad4fd674c6234a6517676d3a84765b667a7 |
C:\Users\Admin\Downloads\Unconfirmed 114159.crdownload
| MD5 | fe1bc60a95b2c2d77cd5d232296a7fa4 |
| SHA1 | c07dfdea8da2da5bad036e7c2f5d37582e1cf684 |
| SHA256 | b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d |
| SHA512 | 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6b8ddc0161bcc051b4238893ed9814c |
| SHA1 | c53dd032d78942d2f16f7eef3cdbb7a8542283e6 |
| SHA256 | 75acbe55875f3a89f42ad212a0f53cfbc7d6440a68ffd680644f781de6739b9c |
| SHA512 | d46d75a967a4b411515f6d6fdf86c4867edb4de08d4599ad43cff1e36d88f6cda6c4af2a5d85e1cba6f7358763305d4f90ea668576e651fbf3249d1760aa0f96 |
C:\ProgramData\svchost\vcredist2012_x86_0_vcRuntimeMinimum_x86.ico
| MD5 | fde1b01ca49aa70922404cdfcf32a643 |
| SHA1 | b0a2002c39a37a0ccaf219d42f1075471fd8b481 |
| SHA256 | 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5 |
| SHA512 | b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7d456eb76275d2f38d44c6cf4403416 |
| SHA1 | 062ef8b46f3cef473b390e2ab4bd7a923af8d0ff |
| SHA256 | bb7d87a7b3e006b864a3e0fffa04c58ef6bd8cafb7eedd41d158801e96052eb4 |
| SHA512 | da48584c7209ee7d8f747fc7b0dc98641f35a9216c580bfed5de05e17ce57fac233d135498e2253f6014e87d67a11e01ad0a72a5d5f783e4ac1908ec18df5063 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 682139feca0a2d26e2575b4a08c0ad4f |
| SHA1 | 527fa6f672aee7e6c2b9aa9701496adec4f0f26e |
| SHA256 | 2d2e39c759782c49c55fd0b8ea12dd18c0f2e2aa4c4e0cb02e11fc376ae1188c |
| SHA512 | 8ef3bae5081ee4d79ac743de10f1ba711a05f75a3ec721dff29a1d99368d48e0dd7295b15e59a8040fbc209e2f4f23da4a0de30c3837f69e93a4283fbad7cc8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378234207015945
| MD5 | 8615504485844affa060ef394886d63c |
| SHA1 | 9d2a7de5449d5c231bf53002f0c833b5ce695967 |
| SHA256 | 96f2f6c78f70a07d4120aec5ca7a79a11319062f33ace6c7f6141486c46df653 |
| SHA512 | 6daf738d667fad69492fee701f3c79bacfb0cd9292435bd0532db598fa3a9d532aea838cd271b65b857cfe6e24113386947f3c457b349d5627af6c9f06aeb01b |
C:\Users\Admin\Downloads\Unconfirmed 695658.crdownload
| MD5 | 055d1462f66a350d9886542d4d79bc2b |
| SHA1 | f1086d2f667d807dbb1aa362a7a809ea119f2565 |
| SHA256 | dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0 |
| SHA512 | 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dd7e02fc8e18602bd02ae661daaba475 |
| SHA1 | 78bad5805cd9b77d78fa61c414f6f67bcd421f2f |
| SHA256 | 1e385e7cbca8d44fda00fd323d3a6f45b47f5e0bfe1662c031b68f789a2f4488 |
| SHA512 | 8d2d056c2a220abeb611a89b414395cdedea6971881444b1095cafefe2d461ba5d39008471535cc8f0b8b8cb9d8284c1f291f6731cf6097b1485384240465cd4 |
memory/4704-8461-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c703a54a273c18eeb7b112a6401422e |
| SHA1 | 535826de4470569216fbfe5472a12defa10fd2f7 |
| SHA256 | da5953548cc776949d90a206040a0b691605145276b972e88ac554ef7835a4fb |
| SHA512 | 174e7e467c9749d848d66b66ace54718d08f97dc309c208e8e0c36fdae22405087d5bb7b1e4529460bffbb33295415fe30ffa6d3533caa6e5f160daea1c60eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0fa1a013be2a3283c4d116d4fc7967db |
| SHA1 | a15775fa8b8d8b383db7360b3aeb5ffb6418da52 |
| SHA256 | b0caea4b62adb6764058b983ea2e1c37210e9d2b0fbe1a8c0a87d1880f87576a |
| SHA512 | 920f4dacdea817b536ab2769b59b05865a80563e2641b82968d6c3242a8b1711330f10f680809de11b252a31b1c68fbb34fdd146e879e9ae1e2191df99ad1040 |
memory/6512-8511-0x0000000000400000-0x000000000056F000-memory.dmp
memory/5640-15704-0x0000000000400000-0x000000000056F000-memory.dmp
memory/6512-20755-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 936122.crdownload
| MD5 | b805db8f6a84475ef76b795b0d1ed6ae |
| SHA1 | 7711cb4873e58b7adcf2a2b047b090e78d10c75b |
| SHA256 | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf |
| SHA512 | 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416 |
C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.txt.exe.id-924DB93A.[[email protected]].ico
| MD5 | 9430abf1376e53c0e5cf57b89725e992 |
| SHA1 | 87d11177ee1baa392c6cca84cf4930074ad535c5 |
| SHA256 | 21f533cb537d7ff2de0ee25c84de4159c1aabcf3a1ac021b48cb21bb341dc381 |
| SHA512 | dd1e4f45f1073fe9ab7fb712a62a623072e6222457d989ee22a09426a474d49a2fb55b393e6cbd6bc36585fa6767e7dca284fa960ea8cb71819f5e2d3abfaf78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06daf78bdad675122a9d126593e7ed0b |
| SHA1 | 203f429ca37a2699d5ad92d467718c6ddfc04167 |
| SHA256 | 2c62b6c44e19b7546e544c4ee864650ad15cecff3f8e8866d64f3559ec5fe378 |
| SHA512 | 7f366ee2466a67464c6e6f95b358c664a49c7254ea054d6dcd6cf0f449f53e10f1395f2f434c4932affa831f30b25b59b8432008e386bd6701225134dc3c2e13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6d162d.TMP
| MD5 | efac086e86f6aee0a5c4a1963bf8a082 |
| SHA1 | ea934acf49f376748fb0f94772f8496ad53f4eee |
| SHA256 | 453e21932a838476a9a0f482f1a0ccf73f528d1c2c98fb5295fdcfb82a806eb1 |
| SHA512 | 72b50979dd236926888c3ccdafbc01241935af7218f210a9ffbb602302a74cf990d9b88e68358149d5c7e1dfe37f1e632c0cd972553fd7ecfbf4ae0ad85f2621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c5a300f80c616551e00a96ea2bb7bc4 |
| SHA1 | 1c13ce8d5c70b25c75fcebbc3d90c110b8e25511 |
| SHA256 | 7adbe6fda268bf9ba245b5c2371a667cfe0b930b374f06ab5e41647495d42721 |
| SHA512 | fd0d1b3f0c217f51f507e9ae877799e5fdbf89782de410295056f2e520234c630e0278426484e679087c03da17b4d64813da425dcbad89a92ad1279b407d8ff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\05e2b1ef-b968-427d-824f-a1b31ccb1c46.tmp
| MD5 | d54259218902e9250cb573a8accbb62f |
| SHA1 | 71f308429bf872df70f2c9406d6923ca170fe823 |
| SHA256 | 7959a81017be40fdf431d9c75ef5e9aa62f1672ad30a373548f2d179575c3272 |
| SHA512 | be3708a09f2ae93251a03335deca0b02f8b078683b66bc6a71554e434c55abee71b749c2d400279f485baba4fdbc342498700afd3ff6f8f96feef25959c98f15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 368ec1af3684797cc4aeba945766a446 |
| SHA1 | ed6d91e83425c9ac56365025216339709845285f |
| SHA256 | f49535d96371640ad7de1cd547e59b16acfc2a932b46ffb0528fa96e20091194 |
| SHA512 | bf5c624d30fd94b61666762646ecad4d4eecf93b0cb03af906197f90fe9a51040106605615fa669b6a3532b22c8c3a2eddbc0637897e2ee608e9f15fd331f5f6 |