Analysis Overview
Threat Level: Known bad
The file https://example.com was found to be: Known bad.
Malicious Activity Summary
Orcus
Xworm
Detect Xworm Payload
Orcus family
Xworm family
Orcurs Rat Executable
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Loads dropped DLL
Drops startup file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Enumerates connected drives
Drops desktop.ini file(s)
Looks up external IP address via web service
Checks installed software on the system
Sets desktop wallpaper using registry
Drops file in System32 directory
Probable phishing domain
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Uses Task Scheduler COM API
NTFS ADS
Modifies Control Panel
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-25 19:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-25 19:17
Reported
2025-01-25 19:47
Platform
win11-20241007-en
Max time kernel
1800s
Max time network
1801s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Orcus
Orcus family
Xworm
Xworm family
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\host.lnk | C:\Users\Admin\AppData\Roaming\host.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\host.lnk | C:\Users\Admin\AppData\Roaming\host.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk | C:\Users\Admin\AppData\Local\Temp\OneDrive.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk | C:\Users\Admin\AppData\Local\Temp\OneDrive.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk | C:\Users\Admin\AppData\Local\Temp\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk | C:\Users\Admin\AppData\Local\Temp\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk | C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk | C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{105E3B22-A66F-46EB-8CF0-986EAA20B444}\.cr\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\Orcus.Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{804e7d66-ccc2-4c12-84ba-476da31d103d} = "\"C:\\ProgramData\\Package Cache\\{804e7d66-ccc2-4c12-84ba-476da31d103d}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\host = "C:\\Users\\Admin\\AppData\\Roaming\\host.exe" | C:\Users\Admin\AppData\Roaming\host.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\OneDrive = "C:\\ProgramData\\OneDrive.exe" | C:\Users\Admin\AppData\Local\Temp\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Update = "C:\\Users\\Admin\\AppData\\Roaming\\Chrome Update.exe" | C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_threads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsInput.InstallLog | C:\Windows\SysWOW64\WindowsInput.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsInput.exe | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://pastebin.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=907a9e9f89c693e3 | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.bmp" | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI2F06.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e632b6e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33AA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E1902FC6-C423-4719-AB8A-AC7B2694B367} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF58C767905724D7F8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF668DF3E927FCFB5B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF744A36B3383D795B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e632b5b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1B612A5618732E28.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF06060E89AEE5F737.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7645A362516C843B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2D3F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e632b6d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI35FD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
| File created | C:\Windows\Installer\e632b5b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{382F1166-A409-4C5B-9B1E-85ED538B8291} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e632b83.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2E2D2D5FED3AE6C2.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e632b6e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB914E4822BC7090C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\VC_redist.x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{105E3B22-A66F-46EB-8CF0-986EAA20B444}\.cr\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\Orcus.Server.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000235a573f571b962e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000235a573f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900235a573f000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d235a573f000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000235a573f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\WallpaperStyle = "1" | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\TileWallpaper = "1" | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823062700564748" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{382F1166-A409-4C5B-9B1E-85ED538B8291}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\ = "{804e7d66-ccc2-4c12-84ba-476da31d103d}" | C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Version = "237667969" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\3\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle | C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\6CF2091E324C9174BAA8CAB762493B76 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\3\0\0 = 5a00310000000000395a139c10005345525645527e310000420009000400efbe395a139c395a139c2e000000f9ad020000001a000000000000000000000000000000b51f0b0073006500720076006500720020003100000018000000 | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d} | C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.42.34433" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0 = 6400310000000000395a139c10004f52435553527e3100004c0009000400efbe395a059c395a139c2e000000da610200000006000000000000000000000000000000b51f0b004f0072006300750073005200410054002d006d00610069006e00000018000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 780031000000000047594d5e1100557365727300640009000400efbec5522d60395ac89b2e0000006c0500000000010000000000000000003a0000000000d025a40055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Xworm.V6.0.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 782943.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\VC_redist.x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\OrcusRAT-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-3.1-XWorm.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\host.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\host.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://example.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0537cc40,0x7ffe0537cc4c,0x7ffe0537cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4060,i,7723484335017418526,16535131282666623361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe050d3cb8,0x7ffe050d3cc8,0x7ffe050d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F4 0x00000000000004F8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe
"C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\host.exe
"C:\Users\Admin\AppData\Roaming\host.exe"
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\host.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'host.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\host.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "host" /tr "C:\Users\Admin\AppData\Roaming\host.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe
"C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\host.exe
"C:\Users\Admin\AppData\Roaming\host.exe"
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\Readme.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\fixing.txt
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\Fixer.bat" "
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe
"C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\host.exe
"C:\Users\Admin\AppData\Roaming\host.exe"
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\XWorm-3.1-XWorm\XWorm-3.1-XWorm\Fixer.bat"
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe
"C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe"
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
"C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
C:\Users\Admin\AppData\Local\Temp\msedge.exe
"C:\Users\Admin\AppData\Local\Temp\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\OneDrive.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\msedge.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msedge.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\msedge.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\OneDrive.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msedge.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Chrome Update.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "OneDrive" /tr "C:\ProgramData\OneDrive.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "msedge" /tr "C:\Users\Admin\AppData\Local\msedge.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe
"C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe"
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
"C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
C:\Users\Admin\AppData\Local\Temp\msedge.exe
"C:\Users\Admin\AppData\Local\Temp\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe
"C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe"
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
"C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
C:\Users\Admin\AppData\Local\Temp\msedge.exe
"C:\Users\Admin\AppData\Local\Temp\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Xworm.V6.0\_readme_if_its_not_working.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3620 /prefetch:8
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7620 /prefetch:8
C:\Users\Admin\Downloads\VC_redist.x64.exe
"C:\Users\Admin\Downloads\VC_redist.x64.exe"
C:\Windows\Temp\{105E3B22-A66F-46EB-8CF0-986EAA20B444}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{105E3B22-A66F-46EB-8CF0-986EAA20B444}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{6B26C0BA-E819-4F91-ADC2-50E5CC3EB792} {FDBF5933-7863-4B94-A6E0-253FC50A7249} 4616
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=960 -burn.embedded BurnPipe.{0690AC70-F91C-43B1-B514-063980F412DC} {728DFB34-251E-4A4A-A52A-D7FAC458BE71} 796
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=572 -burn.filehandle.self=588 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=960 -burn.embedded BurnPipe.{0690AC70-F91C-43B1-B514-063980F412DC} {728DFB34-251E-4A4A-A52A-D7FAC458BE71} 796
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{73C1CF00-756E-4B1E-A668-2ED927897C03} {72C88DFB-C6AF-4C19-A21F-C150C6B64697} 5748
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe
"C:\Users\Admin\Downloads\Xworm.V6.0\Xworm V6.0.exe"
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
"C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
C:\Users\Admin\AppData\Local\Temp\msedge.exe
"C:\Users\Admin\AppData\Local\Temp\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,3703444104652277855,4520104345122116041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8864 /prefetch:8
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe
"C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\Orcus.Administration.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\Orcus.Server.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\Orcus.Server.exe
"C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\Orcus.Server.exe"
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe
"C:\Users\Admin\Downloads\OrcusRAT-main\OrcusRAT-main\server 1\gfd.exe"
C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe" --install
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe"
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
"C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\r3yo9kmx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5BDA.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5BD9.tmp"
C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
"C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fa14qfka\fa14qfka.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES77DE.tmp" "c:\Users\Admin\AppData\Local\Temp\fa14qfka\CSC77DD.tmp"
C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
"C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vmq00wg2\vmq00wg2.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8069.tmp" "c:\Users\Admin\AppData\Local\Temp\vmq00wg2\CSC8068.tmp"
C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
"C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fd01qgpd\fd01qgpd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8396.tmp" "c:\Users\Admin\AppData\Local\Temp\fd01qgpd\CSC8395.tmp"
C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
"C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w1hiryq4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8451.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8450.tmp"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F4 0x00000000000004F8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Local\msedge.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\host.exe
C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | example.com | udp |
| US | 23.215.0.138:443 | example.com | tcp |
| US | 23.215.0.138:443 | example.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | g.megaad.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 104.20.3.235:80 | pastebin.com | tcp |
| US | 104.20.3.235:80 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | next-screening.at.ply.gg | udp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 88.221.135.34:443 | www.bing.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 23.192.18.97:443 | learn.microsoft.com | tcp |
| GB | 23.192.18.97:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 104.208.16.91:443 | browser.events.data.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.208.16.91:443 | browser.events.data.microsoft.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 199.232.210.172:443 | download.visualstudio.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.182:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 182.143.101.95.in-addr.arpa | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 13.107.246.64:80 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:80 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.42:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 45.143.199.94:443 | orcus.pw | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 118.199.149.52.in-addr.arpa | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 45.143.199.94:443 | www.orcus.pw | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| N/A | 192.168.10.8:1604 | tcp | |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| N/A | 127.0.0.1:10134 | tcp | |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| N/A | 127.0.0.1:10134 | tcp | |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | next-screening.at.ply.gg | udp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | next-screening.at.ply.gg | udp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 147.185.221.223:48590 | next-screening.at.ply.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
Files
\??\pipe\crashpad_384_MYJFNVGRUNSTBOQN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 764a63374c5ba15f0e783fff2f2f756b |
| SHA1 | 76c2f0dcc8432f3e6facad648fbbdfcf0db621a9 |
| SHA256 | 7004b3dfe429484e8b85724e85c30e5547707fe0ccada6039adddf7b1601c743 |
| SHA512 | d306ed3d0b3194817378f292095a264bb15c825817f0567af558ed5a85983a47be7081a7beee0067e7f2d82e8ff9b6004ab3c5443e45065857b5fea12bce5dcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | daaa425e731448acc876c1db06958862 |
| SHA1 | f9b20dfb15d3fc00dfa6bfd73a3578a3248f45fa |
| SHA256 | 77853a28f9a5db0478170ae0b9d87fe82cbb596ff58e4162499e2e2a2768ec50 |
| SHA512 | 629ca184c0383bcb44a6edf6f48b46dfdb1e5fbbc816db538a1eb16abdb3b4db502ab0e9a63983425c0f8ba161cd5a8bdee45f485e9ef0b4aa5235aae202223f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 752bebbf6f37af23b0aee5a13d9f2da2 |
| SHA1 | 81e7800fafcc1897c2af1330586979d3d082772f |
| SHA256 | 5141b162a6f8af34437b96e26e0a6f97a708090b4126bcfef51d63d20feccb94 |
| SHA512 | 8621a0ce7efe38f894a7cb6012559fcf6255318680b53a7b05b700054f0c16bab4911a09bec0a2ba1a3113eb81f294ddd917382913762c38c0a3400caf079227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 7851a4547b9d7104fec926f0227107ca |
| SHA1 | ffb32ee64670047390ad68a6ceafb662a96bf387 |
| SHA256 | 9421bde07834f42164e052342776a161c94ccc74a4f54adbf7025d08ea392474 |
| SHA512 | 5f7cc20071c796cf188529a84c33b8daa889968fb7843efb9ff081fdeb941de6a75496efbfadb594eecf6476e5f89c7762a8310e047b2fdc926f4ac375a4ab38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02a4b762e84a74f9ee8a7d8ddd34fedb |
| SHA1 | 4a870e3bd7fd56235062789d780610f95e3b8785 |
| SHA256 | 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da |
| SHA512 | 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 826c7cac03e3ae47bfe2a7e50281605e |
| SHA1 | 100fbea3e078edec43db48c3312fbbf83f11fca0 |
| SHA256 | 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab |
| SHA512 | a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d89b65026e4173eaa796adb83e11c09e |
| SHA1 | 29bdce028099ffbfb46180ba66799c0c425b2694 |
| SHA256 | 4a78171b139d60cd7ac4a02710ee2da190a36a46dea48200dba3452419f9a72e |
| SHA512 | b1afba5c8fcd6f0bb98fb3a44d4c3e4f19550d430dd7efaf73b087b95b407d64e30c9cdeba16badfd6ae1496e806a0c3ea88dabea6780b9751ed2f603d0cbe34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 438d588bfd0afbd409004a5a9a45b4ef |
| SHA1 | 1cdd3b5a6f16003355ccaa5942a13ffbe41065d9 |
| SHA256 | 00ad0062dcbe210e8d879014d2539f150eab1788a38e5b4751a92ed7d4d4f0a3 |
| SHA512 | 92889c990dc2619f9535339cd3d6660a1fbbf9c667ab4e7a8b64ea2cf99cd07b691835dc9263b0cb2df579c4052fbdd1392d79c2cd210437cb406a50fd3524e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06b4f434-6eba-4554-b2f5-ebdc97be0324.tmp
| MD5 | 84c6676eeada08670f50672f6aba149c |
| SHA1 | 5cbe83d59d9b678134a7d5b57d6fcae8fad3a648 |
| SHA256 | 0f64a6db2d0d4eeb8d7f716a5f4f0484d8be597c593a6e91648d683d7750e93f |
| SHA512 | 90dc3f33135c92e7c36f0853835c2b6d42d6a1949ea4251fe78232a7222c43bde0f5861c24049af812dfa159190af3ca106bc314860c042c6ff2b58308a339be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 69df804d05f8b29a88278b7d582dd279 |
| SHA1 | d9560905612cf656d5dd0e741172fb4cd9c60688 |
| SHA256 | b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608 |
| SHA512 | 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52161f07644cd0605ee38f07a0a2d232 |
| SHA1 | fd17f665fc28fd627db328a6da445d979a325464 |
| SHA256 | 6e40ebdea514a9599e5f6edd82567501d09aed07c430d11ad2bba2f45963f1ee |
| SHA512 | 98168d04134f01a51271a0e05217c54d9339c03c98f4e6650acbfc256e5c0d2dfcb17b2b251efbac094ea8f94db0743e10cf0c62a1a05636c41c89d26b0f8da0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ec0.TMP
| MD5 | 735e62f69505816c6956f9ff9f07ca31 |
| SHA1 | 922cfc4baae0fc011cf5bc2217cc4a4f4805703a |
| SHA256 | 22176ec16423f1cd594766b5e1acf347648080b5415d0100fbee075cefd0a0ab |
| SHA512 | 96e9f75f7ec6b0adf72d07be4f589de65d65796996376e3ee131162657261256114f1a0e93ce2465b595990e28525ef39e7a4acbf39b93e742907bdea0e79858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8028083884e5dc7582c65cbbe765dcc |
| SHA1 | 10131ea578e5706d2db71ff921a6360f5fbf98ff |
| SHA256 | 09bec9e455c62eba39e3863819cd70aa8e3da1ab8dd4f3ac0e00ac1bb755ba53 |
| SHA512 | 7b5baf6791a8bc6343f1d59c978b304f9339d6034b70d08e8ea3ae2f717184e752067fd601496f58f604fbeea8aebfbb2edae3d9665377832cedd066ea4b2c8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0edd14680c37970a7783484cd29438ad |
| SHA1 | c7dd639767fce1a5ab4dd7032127b3133307b9d2 |
| SHA256 | 583b49c9ce1f65b9debe330c1b42c01d81ab1e232638b4d6be6b9cf2e53913fb |
| SHA512 | 490737e0be522403bcec4a87280c716041a6b72f2669d85618c1d582924fc4789994de4c5e706488a47ed0821c87aa3cc99e02656010e4fb548c74f582760e70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39b9c138d5a92b6b7314b6a0b47145ed |
| SHA1 | 3c7e3288ea299cba227b1e6de02559b9428a9cf7 |
| SHA256 | 1b5d8eafbcea9e4050c350f6aab5c5264e78010fba0729247b81de866114adc5 |
| SHA512 | ac1bc7ec1c45118f968f56c37f9f52560cf17440c23688f54843ad5506aaf4ae8205a2a7a78bdff6360b6049be415a0ec0786ba53775b1db0dde41b472043cf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4ac8d74222d1479b5a23441f858b87c7 |
| SHA1 | 520386dc1f431b91bda20cc1e1fca2ac91a381f9 |
| SHA256 | 8b18cff849d3d197157e052278c3b3de6692f4d692e2e59167081f126fb61c19 |
| SHA512 | d093e0f1144d5755d854603fc417f5ca25e002984f47c3808ad5e2eb9c6b1cc086af1c46a569c9e32fe72e190bf04fe7ab35bcbb14d34d35c3217c5c778dc673 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585a9e.TMP
| MD5 | 67b828b3b7ce70c0c06eb836517a9fbd |
| SHA1 | 4143c7ac04d592cd4e507d132052ba9a80862b73 |
| SHA256 | 08d558f438a8a78a350a1017369836332a5d777f7d771b33b6bda461d19e0932 |
| SHA512 | d6e79b8bee25dcf5a42969c411ece3800644104d8453cb5dcb6bfaa0bcdff3e83770ff49b91a35c77023207a43908501044bddd2054abd04effebcc50df08c73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 8ce06435dd74849daee31c8ab278ce07 |
| SHA1 | a8e754c3a39e0f1056044cbdb743a144bdf25564 |
| SHA256 | 303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709 |
| SHA512 | 49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c559d98b3c7d92a3d0a085b77d43b5f |
| SHA1 | d3d868b86724fd2c9690b4b57c995c016fc2576d |
| SHA256 | 3f4a9d636d58991cbeec60b21c9f333435b699f06be709f163b4d478f05a6c4d |
| SHA512 | 5f4d1d288054c3013c76b01729383b11e9a7ff64011ddbff915ad2179cefbf1fcc54e90c108522d5ff1e5e72464f1edf1cfd3c119aee040c0317eb21982affd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6e6443a9c4365ba7cb1a638b9295d39 |
| SHA1 | cedf2b61ac6436e7c87575df33ae02cd1c61ff4b |
| SHA256 | 9de48f7630433a6f02e6671c1462d4eb83ac0d39cb46855d229f5295caf1b52d |
| SHA512 | fe6726e7bfe5ec2f7df8669fa053ed2c4017e205bc7b17c3fd06ab9eb57cea88fcf98fa05665a4a69dd78a13ebcc26ea75c389ae05158ca431e650bba6bd972d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 99c59b603e12ae38a2bbc5d4d70c673e |
| SHA1 | 50ed7bb3e9644989681562a48b68797c247c3c14 |
| SHA256 | 0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f |
| SHA512 | 70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | adf2df4a8072227a229a3f8cf81dc9df |
| SHA1 | 48b588df27e0a83fa3c56d97d68700170a58bd36 |
| SHA256 | 2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c |
| SHA512 | d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | edff034579e7216cec4f17c4a25dc896 |
| SHA1 | ceb81b5abec4f8c57082a3ae7662a73edf40259f |
| SHA256 | 5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882 |
| SHA512 | ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 5873d4dc68262e39277991d929fa0226 |
| SHA1 | 182eb3a0a6ee99ed84d7228e353705fd2605659a |
| SHA256 | 722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4 |
| SHA512 | 1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | f1dceb6be9699ca70cc78d9f43796141 |
| SHA1 | 6b80d6b7d9b342d7921eae12478fc90a611b9372 |
| SHA256 | 5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f |
| SHA512 | b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 525579bebb76f28a5731e8606e80014c |
| SHA1 | 73b822370d96e8420a4cdeef1c40ed78a847d8b4 |
| SHA256 | f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503 |
| SHA512 | 18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 8bd66dfc42a1353c5e996cd88dc1501f |
| SHA1 | dc779a25ab37913f3198eb6f8c4d89e2a05635a6 |
| SHA256 | ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839 |
| SHA512 | 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 68d6a168f33a358f0daea04bf88dd350 |
| SHA1 | bb73acf698465d61b5f7d7655d53401c200fd325 |
| SHA256 | 44b945ffb8cfbc877840604a1931f8926c9baeb8834d3b3ca1e620206d410c44 |
| SHA512 | 4b573bbe483245b9388081c0278a8436225496ac6da4caa59edcf7222a2c4fe4e7b701f88a8327c313f901c463eac1fd5d102db0b0cd88eb6f893e30eb37d82a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 12d5219431489684ca5a2523dd5482f1 |
| SHA1 | daaa0decfac96a9b5d3c68a6ff392d974ead7d8d |
| SHA256 | 3e28f36c7980e56211a053f33a44634c5dd566ee3f3c12ef2a4e0833e0301810 |
| SHA512 | 964ce41c4c2d702b523ad588bcd300972ca0156fecfb0d7838647ee5a9e14e522b6d5b52b400b4897f064ebe93cd846b7eba408e4df9b015f453118985b9390a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 65b0f915e780d51aa0bca6313a034f32 |
| SHA1 | 3dd3659cfd5d3fe3adc95e447a0d23c214a3f580 |
| SHA256 | 27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16 |
| SHA512 | e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 2ee3f4b4a3c22470b572f727aa087b7e |
| SHA1 | 6fe80bf7c2178bd2d17154d9ae117a556956c170 |
| SHA256 | 53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799 |
| SHA512 | b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 299ca95cc038a95290e1110e037c96fa |
| SHA1 | cb9cbfd904623ab7287bb019c0eb0c48bfe5a4e2 |
| SHA256 | 9847c0208b4c74a399438b062467820f9023534a5358fa5d6b28a4b0c18d033d |
| SHA512 | 6b61806258b2a02aa968c0ce55429adf5727af4420547532c9db10ae832f1e3abbf70d08f6c69e590d1823b6699685b0c153314ce113bf85d346f4dba0c97cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | cd4e82b46e4da434142a43b103c70d82 |
| SHA1 | c90880a374cca87c8db41b629e803cba3412f14b |
| SHA256 | 7fac6df5eda28d747100a7de800f01581d46fc81adfb53e5f6597e81ced06613 |
| SHA512 | 89d38702ed8b7eef95f287012b3de691cca0c191c673ecb7be8aff9481f38e6669ff9b3b422b4e92b1d4bebac4d4e67811cde421b422728930c75962f989a6ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91c2f75e821120b3315d80db74cea6dd |
| SHA1 | abb4faba182ec5019f486e8c2f380dac81666f63 |
| SHA256 | d5c14afeca8f4c7247a8fac63b6b840a21b5bdee004f8d6d45fb85396f1f509a |
| SHA512 | 1ee7ac93885174923d0b76426e24e2e1ca592d3dcddb97e6520d4317b4312d805c7a64a9593888405d82f28c588f7ed1b2105b0c76c02b0292c3d0699ae3d952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b938705b3e8e681fa9f2fb3157c9982 |
| SHA1 | a3b8a3744fe63d7f8432b886c2fc9f8334cb202a |
| SHA256 | eb3fe06e51fe11254c2e364d54f56bee114fefa3fee90ff6e5b9c4480e6d77da |
| SHA512 | 29e0e23c03f5576afe4bbfea8077983f3a69dac30867e74a13eb0a836118996ab67192abfe90e025ee5d5899f09701de3ec7f0d71b39d580e8b647931d3175ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6460dcd7a831b5245d62d0490e909c4a |
| SHA1 | 78c6f3e953ef3c443b5077bfb7b53d19830302d9 |
| SHA256 | 84befedec819f257c276f5c7ab80fe185c63b5dbf8566f6a3879abc3953cb4c2 |
| SHA512 | eeda2094b04114c524da7d4fef9798efd3dc21f3d84111cbbaf0bbcd68e81ca55950f77ea6dcf8f208631416166aad13cba9054130242f923cd5320b63474ad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8a0a62687076e4ab674496004724a8f |
| SHA1 | 4d511210fa69246a0ecfec0b35cfcde8fdeae0a9 |
| SHA256 | 58d9576beea98fea5c7c8200f27c18af9ef83ee11e58ee4d28161413b29e62c3 |
| SHA512 | 7dfa9bfe4cf9c705d274eda1c689a1e839c30f46ed893231c5ceb9004744af7a6f7118a0f2e77a94a9ee0007ea586cbecbd3e81add5084bc30074d7b2d02f3b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab42730580af920bfac6770e95ec5eff |
| SHA1 | 146779f8f8c24a1428063892e80017bff5315161 |
| SHA256 | b9f915183527b745d713bcccf16df86c9d6a891927ba9d613c296c4fd3c9f646 |
| SHA512 | d670a1f4967e48afc33a1ed4206860791f5a0b11539402dae21ea3d1ba15e55b5515ec9fc372827973a0c1716e8283a8d29e5750abb35981841fc48410da1e4c |
C:\Users\Admin\Downloads\XWorm-3.1-XWorm.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27ab0d3934cb1cf449b0a90802711615 |
| SHA1 | a57c2a6583c4e94bcbec3f4e4aa829cfd9dc0265 |
| SHA256 | a1f709c20d2b147defd11f98124a12f7c2edd6576e6e8a551f898b5408c9eb0b |
| SHA512 | 2e3f337ce45f4d5ca7b62cb3db5a67a2e2f5abf5447e51cde30f53161d521de37d8a015b73baf3b236cbfad42f790186ebf0079185d2e71c92f07505ae45126f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8a0a7c7168fdfdc35476d6ff75715d4 |
| SHA1 | 5e5b55610d3da6e24248d1fad9cf30f1466852de |
| SHA256 | 94d2a7cc0bf58af6d16c4ea71e839122fed5c0422cd3c4dfb9f8d70157e38317 |
| SHA512 | 8cf37e4ecfb44d8546b74ebe7e14efe1ef361020fdfc2cd810a8307c71efe06c29ee0176f791c4a02c707b475e0c4d73b4f88c9413a12baa9ae78d5ff751632b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1caf37eedbebdf1706272c859141462a |
| SHA1 | 73058113d12905aaba41ce93afedeb81169c230b |
| SHA256 | abe4d52ba72b721f3224d425151dd906bb005fbba936a0362b144c5055042c11 |
| SHA512 | b8b6bdee9103799f1bb337ce3b52d1708624c995c0bcec63ad47add604e9054c8388cf06da39519f2afc0001d3b75ac2609e1a60a5a828bbc5a3d079601c75ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6a430f8734357e2be30b15efc02eee5 |
| SHA1 | da15d067fbf68bda925cc2eb2758399f18a1a6ee |
| SHA256 | d4743d833165eb747a3240c86cd5958b2d8bbcf974ebd763d210cd095a543744 |
| SHA512 | 0857f4b16742c24ab491bfb46f22a013fe2acbc1f1526e938dcaa15d256eeca3e5c2707151c711ef2c6a588640cd224fb6029ef78abae8922a85ee87e0d921b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0
| MD5 | 3a75c18f9edc652f683ade9e730872a0 |
| SHA1 | f8ec0dd1ad78f4a9079cf40095c012d93da5cada |
| SHA256 | 87d0bfd424a8e508fe77d88bf8f6738d3558ebfc58c97ca5d6096bfcc9f3a8c2 |
| SHA512 | c5d62b20dd1d664f27d3db047d5f960ade985be51f61c3ec371b834c49de3888ce56db6c5c51374798a7bb897ebed6b0e444aa7c9451effde6762f0a88e6b524 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0
| MD5 | a27804a04d8399a9c4eb86f59dd27afc |
| SHA1 | f56f716336bd1892a763cb364d95d1abbdcfbc73 |
| SHA256 | 8e05fccb4c71c2d2e85019b1cc1e01dcce26250148c4e87baaa595eb12637b4c |
| SHA512 | 838a233a369cfb1ad1ce58c98ae264d0e36cde6056770920750a3fc71724d2381b8231e3b0e3a3db33500ac6d537a7851c3e70c40756e41c9466e8577f7753a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0
| MD5 | e0f8c15a70396e061d6110657936f384 |
| SHA1 | 269cdb19a13992cc23aa4841f2e47e555aeee6f2 |
| SHA256 | b41c944d8ebd0eb4c57bc09e6655fda3c4f0b0ab81ebed34de77d668bcd8c280 |
| SHA512 | d392520f0628ed441fe608bd93bcd2c4f22c25400223df4133c50e43912d6130339e2f006c1a727b355d07b4bb150db7a6418d6af7109903fa26b8b64ead683a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 5e1fdf234cc5920234a3dd3556eef20f |
| SHA1 | 62b451e0672eea02d41312bc85347cde65c7eafa |
| SHA256 | cbf60830dc850513206c356155bf432a055a8bc9c6dc276f4f38c902cead59bc |
| SHA512 | 9387e4ad74fe93768ac6deb3a7a5f2fb1a8572bee86b1eac42e42aa8c280652468f5ca4c127edf2d5f0ac7d791a5842f9d053ac572ec60b90d758e5e37647c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0
| MD5 | 61eb8b4136c69258ced825787598a641 |
| SHA1 | ac01c2ffa79129ae3771d4c864c742704a802fe9 |
| SHA256 | 1c9c36c7cde5444c1dfd5aea1c000702f927d45a7df8ba12a2e4ff36a733918f |
| SHA512 | 4ff3cdd51421f00deefd69db834acaebfb3854fee1dcc7ce1705bae6b7303dbe189c041de59d4e2b0bae8be99e55cf8c2d3b9321c89a62a64454f6232756444b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | bd93994493306679b215c56c9cccdfe6 |
| SHA1 | ae3def8654cfdf8dbaf54a233e85d0c03a80a2e2 |
| SHA256 | f4e173e17a94d871b75fa2723079165107019d422702845e2416b5fe7aeeb2c8 |
| SHA512 | 40cca22cdab2c5c2134a1706dd02463ef2ec113259dee577e857b434054a667739dbc35f909ef96925bba84f363404bb888cd306d2b95494eede315415fe3370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 9566f848b98636136b9fabfeb581ad76 |
| SHA1 | bc58a11717f276e5a7d2cb34dc6f795506e451a8 |
| SHA256 | 0bba4334a69cf65c0096a5a7e273cf851dadd82867076b3ade2080645033f79d |
| SHA512 | 3680a95497effa9b17cfe2830480cf8286ba7cdef0f4e8e9f0821ff817744be669bdaf94b9d0e76492c8cc2c9af63e9bc73bdcb731fa3a6ca45a66c647bac991 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 082ffefa7cf2f3026189b6361d594d8c |
| SHA1 | e792d1b5e842604bf28a4a1ebe0807cf96d9d406 |
| SHA256 | dee72929423396d3ba17b0d373ac67671868889005ce37f1f41644ca6cb2f61a |
| SHA512 | a4c44dddf15af673ea08d113134c9b85a7c40a7d906d33980e4adec35fe8a651e1640f1572b8eec3e4ff0aefea25e88f3901609bf8cd73bb2527138ea132185b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | a0346c6babb144ef24c8ea680ea00ce3 |
| SHA1 | 71c62b57389d54ab8fcd33c75e899573b586b5a5 |
| SHA256 | aa4962d2a62b1c3ead0977a0b677b399ca316644f7f245b24bbd9872c92fd672 |
| SHA512 | e73129f9bc2ea2a24733f60b738c2e117bb5546004ae83c15963e9f3483114f4c5ddbb17a043f0eba3056c379a153e29111499f477792ad4eac8b3f757386189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e7c742dd9516e13f4421f17a77c6df93 |
| SHA1 | 43a959bc0af387225bb714381b888f40cd62b069 |
| SHA256 | 2c9334fbd57cf45dc17baceb7994736acc2c8a03cfccc2f5f45e29399dd0ce38 |
| SHA512 | 5bd79b03cc6f3b1dbc39ca51a5096d2b83263133f3effb7f93d2b0983699cee3bd370495f8226ce54cf37593b727a8e016a60e489a6f9cb0f2bd4c632beb24dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43ae0c0c52593fb0465717df101c11f2 |
| SHA1 | faf37aac56e27bce1510ae35df7129318cc47e8e |
| SHA256 | a8dc897dd716db941fb838a44ac45a1617051521455e37f57fc298dfbc1545ac |
| SHA512 | 7c1b3a00eb3fc826097478ab475f2757dbcfc4641f96606a3c03591c3c875e8e2cd22ceb06d91284b7c493512613a964736c13cb0ec537ff5c08d807c8731859 |
C:\Users\Admin\Downloads\XWorm-3.1-XWorm.zip
| MD5 | 502680d4cd26f2b132efff5e572ca617 |
| SHA1 | 5c75227d6d75e97d2e70f39834f5993e1110d853 |
| SHA256 | b86062804ff72d3f68bd370f2041eda8fae506dc4330ba34eb93922437ccddde |
| SHA512 | b07992a76dc3700348c2de04199d2971efa2048fcb88ed0ad4745a97252199ce8f03d46c827f1e79fea6706c420260144e6b3faf885c37b0c23a0a916d76ec00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 685bb578e16f005723a1da564bbff3ec |
| SHA1 | b07450606cf5c6d93b494e4c829ecc93bf920d65 |
| SHA256 | ab1c446cc8e0a7df2ce38e95aa690285a5974b64e1560090e437da3a5ee6e061 |
| SHA512 | 57f99d8b7ed640c91047221696e0980f131c665f5025d042f6b8bcf8c6a0938c82f6ad6a856e78a050109d4cd21d7961e8d1d7f7c7d6b7d54fe0260f8fb9a5ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 032c7c79188b6aabbe027c95494e3633 |
| SHA1 | ef92c4184379d1eb027244abff24a88bddbd2417 |
| SHA256 | f1e102366a0d4d6f4ac2cacefbd485524c077c0362753f180d74c27aa0e2b81b |
| SHA512 | 08749d92e8814c9be9de7ef0735510b6ed958a67ef206e4702bf1e6712f7067f143ea37defc468e52d4dc8df0ad999deaca101540e4d6c09650ba794075f3fd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f46ed27fdd8fded4814c2baf0cc917a |
| SHA1 | cf941a43164a8c8cd2e610ede20672e54eea1a64 |
| SHA256 | 12bc9a559b65716bf114bb87c9c99336ff4c8dc1408fc94fcc4a851bbf676b2d |
| SHA512 | c7570b9bff38c08ea54ad1490c1530266f14567ed7125b85910d7dad306c221194cca9390bf4d0a28e96c7e72250c775069e79ef86456f7a0a9d21e3260f0305 |
memory/3776-1746-0x0000000000DC0000-0x00000000014CC000-memory.dmp
C:\Users\Admin\AppData\Roaming\host.exe
| MD5 | 7ade421a4759874f3edbd351490d2405 |
| SHA1 | b9f73f15595f042ca86314dc52f655c99d2fab71 |
| SHA256 | 9906c3009cd5590b15abc938d24d64e4d54b2518cf05b46ec5987d3d14697695 |
| SHA512 | 7242d26f0ba665575004606b302b192f82433603aaef42e6254d714ed4c66866db5f78abad7ac59f0b064fa7c4f1fb48e3e8f5eecf7ae2b26d9383ddfd90b446 |
memory/4484-1758-0x0000000000200000-0x000000000021A000-memory.dmp
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
| MD5 | 37a9fdc56e605d2342da88a6e6182b4b |
| SHA1 | 20bc3df33bbbb676d2a3c572cff4c1d58c79055d |
| SHA256 | 422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58 |
| SHA512 | f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm V3.1.exe.log
| MD5 | 2cbbb74b7da1f720b48ed31085cbd5b8 |
| SHA1 | 79caa9a3ea8abe1b9c4326c3633da64a5f724964 |
| SHA256 | e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3 |
| SHA512 | ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9 |
memory/860-1769-0x0000000000850000-0x0000000000F46000-memory.dmp
memory/860-1770-0x000000001D770000-0x000000001E2DA000-memory.dmp
memory/2432-1773-0x000002872D130000-0x000002872D152000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0xf5akds.lj4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 05b3cd21c1ec02f04caba773186ee8d0 |
| SHA1 | 39e790bfe10abf55b74dfb3603df8fcf6b5e6edb |
| SHA256 | 911efc5cf9cbeb697543eb3242f5297e1be46dd6603a390140a9ff031ed9e1e8 |
| SHA512 | e751008b032394817beb46937fd93a73be97254c2be94dd42f22fb1306d2715c653ece16fa96eab1a3e73811936768cea6b37888437086fc6f3e3e793a2515eb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4914eb0b2ff51bfa48484b5cc8454218 |
| SHA1 | 6a7c3e36ce53b42497884d4c4a3bda438dd4374b |
| SHA256 | 7e510fc9344ef239ab1ab650dc95bb25fd44e2efba8b8246a3ac17880ee8b69e |
| SHA512 | 83ab35f622f4a5040ca5cb615a30f83bb0741449225f1fd1815b6923e225c28241d0c02d34f83f743349a5e57f84ca1c6f44016797a93d5985be41d11be79500 |
memory/860-1809-0x000000001BDC0000-0x000000001BF73000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1600138e27c99615c59e1f730269c416 |
| SHA1 | b07f17f7635b82541c67e53b7f022cf66328e4b6 |
| SHA256 | 9b3410d357969489677c65982af31b5138d87e3b9882415af6d15dceee022cdf |
| SHA512 | a085b7623bd6015a0c2fc2cdbcec3414d1ffc6e4c8e5469326a9da21af081a5b6f56562c23533fb7c1927360f1c8b3efa5562233850209243ed0001ea9fc80a4 |
memory/860-1822-0x000000001BDC0000-0x000000001BF73000-memory.dmp
memory/860-1823-0x000000001BDC0000-0x000000001BF73000-memory.dmp
memory/860-1824-0x000000001BDC0000-0x000000001BF73000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 71a6b59e08e25451e52675c842fae23c |
| SHA1 | 565a97673954a9209c7a05fba20b89d10b88025f |
| SHA256 | 5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6 |
| SHA512 | 5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3 |
C:\Users\Admin\AppData\Roaming\Intro.wav
| MD5 | dc28d546b643c5a33c292ae32d7cf43b |
| SHA1 | b1f891265914eea6926df765bce0f73f8d9d6741 |
| SHA256 | 20dcc4f50eb47cafda7926735df9ef8241598b83e233066ea495d4b8aa818851 |
| SHA512 | 9d8c1bb61b6f564044aad931e685387df9bc00a92ab5efe7191b94a3d45c7d98a6f71d8ae5668252d6a7b5b44ab6704464d688772aedac8bdb2773d5765d4d56 |
memory/3096-1853-0x000000001B9E0000-0x000000001BB93000-memory.dmp
memory/3096-1855-0x000000001B9E0000-0x000000001BB93000-memory.dmp
memory/3096-1856-0x000000001B9E0000-0x000000001BB93000-memory.dmp
memory/3096-1858-0x000000001B9E0000-0x000000001BB93000-memory.dmp
memory/3096-1859-0x000000001B9E0000-0x000000001BB93000-memory.dmp
C:\Windows\System32\perfc011.dat
| MD5 | 50681b748a019d0096b5df4ebe1eab74 |
| SHA1 | 0fa741b445f16f05a1984813c7b07cc66097e180 |
| SHA256 | 33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a |
| SHA512 | 568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e |
C:\Windows\System32\perfc00A.dat
| MD5 | 69c02ba10f3f430568e00bcb54ddf5a9 |
| SHA1 | 8b95d298633e37c42ea5f96ac08d950973d6ee9d |
| SHA256 | 62e5660f9018da67d3c6727c39e9690650beb62749df0b4c00e6085f36c8e94e |
| SHA512 | 16e4d29324c2b50e1347532cd0982a149a7c67c4f27a743bbad8609ac662c3e00fa1be645b1b5f23adca3abd60c812f3f87d669f5ffb42b90ca5026dcbf2824e |
C:\Windows\System32\perfh00C.dat
| MD5 | d5972cca5d434d4ca1742fe0a5ddd5d4 |
| SHA1 | a3cdc3ad50ff9ba19722f2e2cb76f95b60bd92b2 |
| SHA256 | f85cfffd1414d3e975f430a1e2f2a3b473ee8995a961dfb103fe18d5bf06e321 |
| SHA512 | 2ce34cf9b868fda0852e6b0d805171fcfda00c0c6cf044bf8831e6fa2aef4933ae00a8eaf757c09d67c30ae7ab58136959351f7d04d8ba6921f51fc87378565c |
C:\Windows\System32\perfc00C.dat
| MD5 | 391168ff06e8d68c7a6f90c1ccb088be |
| SHA1 | c3f8c12481c9d3559e8df93ade8f5bfefd271627 |
| SHA256 | 7f2847cbf10a70dec0bfb78ca1bf2e548caa8de43deb290cc21d4d1a47bd7525 |
| SHA512 | 71fe34a07a2107c03fc4735ca78814adc1c55ee3362ce01d6b9983b0ac52315485135b58edecbcd67252c1e27a451138a765bdf3f746e1241834cf35106520c6 |
C:\Windows\System32\perfh011.dat
| MD5 | ab6f8e83a55fadfc107060ed8311e0a4 |
| SHA1 | 55a39474b14b6600543080268d41e8732ba0edad |
| SHA256 | 8647f007d314a30ae0760a8b70c6c42b4cf0e7da321795dbf1d254377a70ff18 |
| SHA512 | f5be5c78e9d10dd69c8b21ab4d5702a3a24e2ff4cec19ae56a9d58e6ceb9edc40e17b548373b7db5ce58b6759ef3ce361e8514c774fda9a7d988d330a7944732 |
C:\Windows\System32\perfc010.dat
| MD5 | 9c127d90b405f6e4e98e60bb83285a93 |
| SHA1 | 358b36827fb8dbfd9f268d7278961ae3309baaa1 |
| SHA256 | 878a012b076c81d7b46068109d9b9e1a86aa8527d87d0baee47b59b07502c578 |
| SHA512 | bd80bb82e6f2375107153b7da67ce4a3ab3d457103a8371f93e130edece21791d8a716ab9793b74c6b5ab10166ccb52aee430bc4b63403b7e4749d7db9929e73 |
C:\Windows\System32\perfh010.dat
| MD5 | 4e277d7a9304103e3b68291044c7db6b |
| SHA1 | b23864c76259c674ac2bc0210dab181bfc04dedf |
| SHA256 | 5dc2192236274fda886a0c0f396646f9292000ba33bd0e2061a65bc06639be16 |
| SHA512 | 094477571cb17d7b19f6e81ef237c579f03c944745499b2e537d77972da89f8f4baa0825c3f79993d96116aa071bbc776a96f55cf8ab3f60698c2c4e03e36957 |
C:\Windows\System32\perfh00A.dat
| MD5 | 893d78f82b3994cf86b3c8c80cd7ad6a |
| SHA1 | a68cfd50ebc35eee62c84f0fd74d20d1e0bb1476 |
| SHA256 | 411b7581b0af88caa8c75409dc83ac8b521ba4d987d9347402438be16d31097c |
| SHA512 | 7f7cc32aca4f023f34e4ab7a51fbd0ca0b0ea51fde6d79b9a4322bee9b4d55800a981b2d97007ceadfa609767b7d84e9eebd8b3e92f9cb68855625a25767f42b |
C:\Windows\System32\perfh009.dat
| MD5 | 78f403befbe16cd64854e55383a41c8b |
| SHA1 | ab36bacfdfd4f8fb6d1c2ead8a1886816a47c670 |
| SHA256 | 220aa10410924876965bedb27d953a5902eab5aeb1c5ca59022465e28cbfcc92 |
| SHA512 | c3df5e3feebd4d0c0ff126fbbdb4eefedb7e044ba59dc626df6eb1a1064c70b0ae145816c23d5fb651f2f209b62bd5c8e80faf89cbb6f5e93d73294fb47c8749 |
C:\Windows\System32\perfh007.dat
| MD5 | 8e549f070ac8bb646d0c34569ad6d880 |
| SHA1 | 2a9bd2f7378ef5e85831cf590d9d735e9645f49e |
| SHA256 | b08ebaa7d8ba93702ba84a59f41c0faed94273203d353c4f3cad31530d1b3751 |
| SHA512 | 10c3a012dc64fdcb5bb0d8fe03aa771b936e78092de33e029658ad18e8c4771cddb84e6057b79bf8e6e90a8f3972f4bb1cad16f3cc96c13527289f3477f5fbd5 |
C:\Windows\System32\perfc007.dat
| MD5 | c5ab9298b0503f20e6f88fcc902563ca |
| SHA1 | b8fb62b4e2ebad2222d882ba43d437ffec14e55c |
| SHA256 | 140abd66468171331b2fac4e032ba8ea0a762c72f25eb613616861674cdc8144 |
| SHA512 | 1f13de06ec0bcc8a78faa7bd708b9563b07df620b246cf68e8d84ea797924cb4e71a1eab93bfcc55e25a6653cbc525a9dcb12dbafcc0af5a17fb0dc216d6a305 |
memory/3900-3624-0x000000001BBF0000-0x000000001BDA3000-memory.dmp
memory/3900-3625-0x000000001BBF0000-0x000000001BDA3000-memory.dmp
memory/3792-3630-0x000000001BD60000-0x000000001BF13000-memory.dmp
memory/3792-3642-0x000000001BD60000-0x000000001BF13000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 263b7a522d5cb4125f53dad3db56b372 |
| SHA1 | 75c35ca09deb48d3e5f07c39b546173638986ae2 |
| SHA256 | 2508b6b41f421a710fff7bdeebb9968728a2286a34f97ba35d4c13b399f200bc |
| SHA512 | 071e23f6c4c3cead1f0a5e035cc58feb89eaf5d9966ca2cf89addccde7366d6542184a207d108ea3b01dff1cb2e7ced3f79fa248144a5c5d9d756d4d88f2acf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16f4215c082561302a00c0e6d4343622 |
| SHA1 | 1435e70cd47f31bfda9fe64ca04b5cc9c2eabd8b |
| SHA256 | 33e4dd9f677225b952ae2a7abf91c0c14dba6dc45c564b01f9bbf37aad71956e |
| SHA512 | 2d605dbb756e44796441fd5cb5febce8741c9c8108b4e23d9beffca8fb8a44e7d90f37dd41be975e54adb95a2d6d9381e4a06ae2660bec60b8cc45e6bc699319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6c324d074aadcc2_0
| MD5 | 8ececdb46ede3e6971d499c9aee258db |
| SHA1 | 8c5813e2f179fb29c87a02f55f99ccd733ee3c88 |
| SHA256 | 38d22362ae7cdd368f8703b32756370ed5fc3a3d4b798ed11a4ca5c46034b034 |
| SHA512 | f5342d0df4d81758a0a6461ae4a474b21fbc09acac3c1ca811a3c63f3110444833defe6aea0f923cb71fae48bdc623503e70e1e3497c8b9767307acdda3886ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b409b7d19cc71688_0
| MD5 | 337c9e4a1ad7c42813e340e141d84e2e |
| SHA1 | 2e56dd5127f6dd7af4ca975a908af31c116a204b |
| SHA256 | 7e8a35337adddc6b2b5ddc4430341b68beb829bbe2a334c2a797078af0b14454 |
| SHA512 | f75bfc93291787afcf94ee8e4731a06dde9eaa1ed6971f26fed05179229477c700458dcd97b35598d20b258c15261c2ca919ab6810efe8005f0c274d5d7a9909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0
| MD5 | 49ced80bc81d0afe20ba2db98519b461 |
| SHA1 | fa1dbfa3178ac2a63cf208288cb98f35b002e772 |
| SHA256 | 3f824a2790c70e325d20c60ec020b326adf433e3e8989b231e8d1be0fca6f9f0 |
| SHA512 | 5c138d71a16e65f57cf381ac21ba7a64b64786dbbec54c01c25da717dd9c4bb5df8624d76d140a97b0dcceb8c8a0e67df8d5c630b46bb3049ee55df71196ba35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0
| MD5 | 928673cc76eee604913753b48bdfac1f |
| SHA1 | 394c96d52d6705985a8c3b1b58040d0e63bd4625 |
| SHA256 | 090d357dd2dcfa89076508ce7c2679b7c020600542ad0c8f28e475774b0b4f29 |
| SHA512 | f9f5de6a5b513ca3a6cbe8e110839419deff92b9cccbec9a63f06f99c4a5a05472051d68e79136fd4a2a5cde1888759976275548d3fa1f39faf85e72b0452676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | dc3cc5e07453355c394c16b56c2fd0a4 |
| SHA1 | 24812cc21b61880756861d9961845bfa08c7545b |
| SHA256 | 02ba45e0f96b223db2c9420351be8f4b5caa8c83061c7d1faebee42c058e08a5 |
| SHA512 | 1e3bb979b9cbed3419042c143a4570fa5955c4cfb0c21b30c7c2a64e481ef4c69627994c3dc2d549542f7dcf2c938957e88d882be6e5aa39de41ba47eb74601a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0
| MD5 | cdd3c871f98254f9e17ee79130f05606 |
| SHA1 | e569fa7d9e17f4b915929e054a1c3712e0ec117d |
| SHA256 | 22d420661e8e711545f367cf0b05d256f5ab626d9b0af57181e134374ebf96ea |
| SHA512 | edb591bc39c7ba988e6bdb3fda6f9653c2016bd66b17eef8fafd11ba8076759ddae8e5a45e7908771263cf3415bc4bd4a5b54b37f3bdcfe9be68b6d3a13f1008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0
| MD5 | ef184dc2b52df165ec5ffdc947419e60 |
| SHA1 | b28c0f7d60704c97db4c1874d82beb41953984a0 |
| SHA256 | 6fb43209014e4fddb118f5dde5eb4cfb7c97dccdde705bc05a260a9498667281 |
| SHA512 | b0dd06edfeecf5c09cad2793168c9aa3ebf28fa5ee9dbd2d02c1cefa118c1168103b74fb161ee083a5da6b78ff2d3abf37641391f4b0c276c829fd00daea6564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c56bfbbafb1fb538_0
| MD5 | 053639b7991391d41e8a5989c33fb7bf |
| SHA1 | 61cd4f11c747e016240b52087a3f529e327ba4dd |
| SHA256 | b5f33f8bba278bb4d648574edc1a5f5ccbb7f369bbfb2f67b0c27b6d9e03d305 |
| SHA512 | f0c1df53df15233ad6a923d4cdae6272fa567116332769bafc0faf45ca493adbc1aaa168d3d12a06ea0ab888e351ce318b2e445df77358621a0b1fbe778f801d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0
| MD5 | e9ca84cf0c7c79f9c4da61ebcbe3ddd4 |
| SHA1 | d3d3d0caf2251e25a22aba57c578cd8637ccded2 |
| SHA256 | ad51338c906e77657bcf956d2344c5fc24cf92ab5534a5cdb449418d5b5defed |
| SHA512 | f239d306b99b649fe180b306c3edd8a386ab38c26b924055f292a34e82bb91f6a05b6d5e4a611b0ec924662640ca0355978e10ca10a34cb23b040176f5fc7434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 218cd9c402d335d268afc60b6f16b02a |
| SHA1 | fef5b5325ec729ff371e0cd4b10ca34d6ca4281f |
| SHA256 | 039290b8b596c5ddd6ebe2711acaf7f6fea1fc5ff12dce46fada133db01c84f2 |
| SHA512 | 1445f066b938b3bec9697fc1584ef6506469136959a7e8664285c1edbb65a64224a777b84a68085298aaa715e3010bb0f4582931ed0ae85ce60ef112023b3d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0
| MD5 | 7baabfeb7e6a8482960247cd389a7a57 |
| SHA1 | 56a2fe52f0ab5ce34779e790c4d3d32a8fc89bee |
| SHA256 | 89cfd926e93fced47d9fc772d96da01e4524e257c425e8637e2f5fa86efa418e |
| SHA512 | a22dbedc96348bf2b7e7d7a08965e2563dd278a56f1746365e416ae2898a1685b451e4ccba854fb151fcce077e62ac446a538409512561011f68f9e3b13e581c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1639d83c6150292_0
| MD5 | edf7fb0826509def018de9fb92583491 |
| SHA1 | c297bcac33fb3c041f742fa26361e67b2ad1bb3a |
| SHA256 | 4673f3e4894b6db4163b21dbfb8357a6a6c44b231534e36f8b09c1bf23bbed0f |
| SHA512 | f1a2b35f431b79a9d25ca7a363e9823848ecf5590978de4cb31a4e05110a7e29c36493f273729cce830ac300a6d221e2d628558b14082a79e2514d05b1dbea4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0
| MD5 | 825840d3e6fbfaee444030d0615c2b24 |
| SHA1 | 3231ecd5edb28c85663817dbab7d942919be23cd |
| SHA256 | bd57ab1ac82b30fcffa751bbae86d84342f68abc737eaacf362b1efe02153179 |
| SHA512 | 72ee0392488b43899ba0b715e2d3c4c505335894b86f43110ca7e35c1e1b0f295b513fd17c689a03d7e5cc8a091c57de3325a80afb96fff8044087abf176901f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0
| MD5 | 87b8da52069c8888933e75986fbce81f |
| SHA1 | 82f89332e82fecf7eb37eb745d17f4e0e0b0c607 |
| SHA256 | 8785e9ae4c9730c10d37f98970a34a3cd0b21dc341f60eb47283da526e5c7ccc |
| SHA512 | b3bd797358c67d1cce3b54864a264ce21af9293ee7ad77d7d42e24802bc2ea9840806f5c2ff21c67557e8e3eef2719c3d19e46ed6b2b9013ab606feb0661a964 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0
| MD5 | a37c678ca24ddcb483257cbd04a5228e |
| SHA1 | 2f38e1a980769fbdcf9895c0683a7fcdac6713d3 |
| SHA256 | ce68c56ceb2e80474e59786055ce56319461c6987edb4d3f4cd53e63bf43e646 |
| SHA512 | 8c715e3774e9d6f21bfd8a1ebbccb73579a87a1d1b95711ee6c252732d5dfc85d440056010e39bdc4eeee4c2a8c9609e1cd41164879f03f234c9ab740a569536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | a5fa34184c5213fcae806a24ba869f27 |
| SHA1 | 13ad860fe4459edb85b7123c435759c9a43608dc |
| SHA256 | e981ed184084107d0d68bda66012591dd98184eab679b098120998ad30162a80 |
| SHA512 | acfff28b1ace7b7c57c85d845cf4d651eb84c190dfd13476067360ffeb40da81504d85e8c309eead4800b6e05e1676e373015d95cb09356c173a2e7b0c8ac231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | 5d5ef052ed9e318a9aaf9b2667272000 |
| SHA1 | b05b691814ed5ed7ee271a4c7c843de727b24323 |
| SHA256 | 867ce16e3649e79bfd4ba43b52fe68cea2eb3a1165968360414d0aa84b8c759a |
| SHA512 | 0d899695173b1fb61979eedbf57a529d826e3876f1bb2b36da4b097e60fef8e907ebe78a2523f5f31ecb0361237047b008f25e7919772e16715619994ba0bc1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0
| MD5 | 79b8d8667572b9095d69aa8dbf10c6ae |
| SHA1 | dd3a05f768465da3f598701d31396468e2e61039 |
| SHA256 | cd6b5c839e89b9f84ac79215a8216b6ab049a66afbbb9389fe2e86eb1838ca08 |
| SHA512 | 731292c59635ef0b512557af1e314f89ad83f61599dd6a0996c19f0a7e7aa1dd4c1ebc6ce0e01f1528e092acbe5a4d9a2f0320d287f3fbca360e72b9fb02513c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0
| MD5 | bfaa35f7bab72e47cdfed42625fd905d |
| SHA1 | d7129ae66f7f62d2e5ddfa1550bc2570428acfff |
| SHA256 | 89e9b5301f2bae29e928005778672a72eac3bbf518afe0152cc500e4920ad7c3 |
| SHA512 | 36c56f2af5437a9a05e00bb49cf5dc8b65e04ce6445cc5ee4b3aa5b233092358bddf06538d6e52444db0cc0605f431a064fb9727a737a2a570e45f1a78d2da31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f356296c9d8da64_0
| MD5 | 029fdb9bf73d6fb80e4fd95bee776e17 |
| SHA1 | 275d2578b1f105168450269c70d37908697019be |
| SHA256 | 0a8478c53d272504f231319b6d1bc7aab4a8cc3ec9128641e1e420037747852f |
| SHA512 | 7c0d53beb7ca89e912c5b49464262a12e6582d26d6dc3f75ffb9f96182d7b7966b5e081922c1f8804f5d43e5fdfc79ed2b316a0eeba41caf0738eaf980a59f25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77fd100293e9d250_0
| MD5 | a8d021955804f08aa762d4f2243c8713 |
| SHA1 | 7214c6626909eda09c9ff8e04fe3d6a1939ad519 |
| SHA256 | 0479840a2716266852446fe56f75c4f78b509789733900ea454bc563cf2a26f0 |
| SHA512 | 5a4db73c4acd6e0c410331df48fdf01b45465b0b7391ca74dbfe56e6ff19fb4e2c7cfbfa02450e5e5006a0ca06b5be97cdd79a6f3bcc2087668314ee8a67ef48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd309193553f2dbf_0
| MD5 | 831198085327a03b75af6edc3073a18d |
| SHA1 | 5401dbe27115d0d2155b73ddb77070811180ea1b |
| SHA256 | 2bf9e01af7c182f1725a5b25eac29740cd4730a773d5e12134998e46eb163f0d |
| SHA512 | e4529cebd1c7778d3b1cfe53ab5a8b55d9418b9b06fc41a94bd7b952b044df0a4415530def91139d906c05e67a18e829a733ca1e699e9ef077193d1b101d3689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2706d8cdbf00fd1a_0
| MD5 | a074a96b85cfbb099e4b0ff8c12f35db |
| SHA1 | 2005abf6a3059fc8f74ac69b19fb6dcf3c6e45ac |
| SHA256 | e31fe884f0ce0cad5c735a7e8c4aa9614223e74d4bca131d965b2afd3e85ad40 |
| SHA512 | c7a534cc0fa90dfe76f58909bdb57d8352b5dbfa7d181125333d94394f07d90139b24723eb0a79dd71d70259ab2f5ce3228446be20b25ff9bdc9a61eb43db2c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0
| MD5 | c0d2a994c1446bd174b1022e14a5a4ee |
| SHA1 | a6492b8693c483ad795eb49998d809b864798a14 |
| SHA256 | b13c5f791d59a5927b3d166fc2347ad754e795cfa30617432e5d35dbb0ad8c96 |
| SHA512 | 67c189230f9e5c61249709b981aac886334a180871b2e444a84094c1cd7339df283d697f196b1d4c6b568914934dc465fab388e0c1a9c6babb9b85a26e958daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 386f3856c84d0a20fbe5c9e02ca06b3b |
| SHA1 | 79c7757b7706981c77a16f6a9dde065d45d1f9a2 |
| SHA256 | 7cfe9d1440121d717668819d474aec8ac3540b3fb81bf2275a6ea8011a7ba863 |
| SHA512 | 0997c46a62883a4b9c94451ed1ba38350edb26e277ccc38fd6ebab1e56c1dec870e3ee76dc5da940c2000e2bf93187117b0298cbc435c70009efe52ab34c00b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2127222b73f24cdb_0
| MD5 | b3c35e5715bfa021d7f22cf57e922858 |
| SHA1 | 2979bf15ebdd4934bd4862ca117f9404c6aa0bdd |
| SHA256 | 797b0141b386a43e9c577b1a0140d99bcafd9d4d94e8c94c465b364163dcbd1e |
| SHA512 | 305a6755ef55ef6e38e6a9bc040812206d295650d385a9fa5fcced9c6cb48677c45d637cbfd644986e4ef3510a491d97ddf9d30ffb064886f10348c0f303f15d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61739d8b7a2fe385_0
| MD5 | 3a3143a1fdbdb44896ee8955594f1173 |
| SHA1 | 9edbeb1d48541205113ee424e5e16ba67bec782a |
| SHA256 | d03f2da47a43502a88aedec4b5b13881a663bd9966e617c45df270824f7be471 |
| SHA512 | a7c08586f504c35f3e49f3966f2ae0f23376ec8d888f9fa99367ce4b2a1f5ec241b6a8ee34075ef8f33a173cb31e76a917b6782e7c70ba7a3608c932ae334132 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\04f6d95e0ab12b8b_0
| MD5 | 049443671d2d3c4d0803680248584216 |
| SHA1 | 7e5199ca856562b8acf40b43993fdb47bae20427 |
| SHA256 | 466f91fa8277ea0b138a428e4f117bb19dc0d2682540ed1b3075982e2028dbca |
| SHA512 | eb7609924af8ea292fe24ac043a89029bdd461b9e9d39e19f139bea71db2f5b4c38ef64634fdd09ed817438b48e67d73ee2eadc2e1c52baca697dc02013af52d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f3c8feb1e620a6e_0
| MD5 | 9ff4cd676d978a0d18051d4557da819c |
| SHA1 | 3f0243fbbe24ab341d302eef7fe60f771920d2c4 |
| SHA256 | 998a9886b0f4c1604022600a250e45dee320ed943d1bc686a4d5b9fd8c3c7456 |
| SHA512 | 162a323e0e61dbfb517e4570db4d45dfcbb5974f6a4baf2dd7b88e8fe3619929f4924250616c8c7f2bfc008c584809f428bc2c0882288cdecb2ccca2d6ea0ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b17300b737972628_0
| MD5 | af0eaf4cb6e23584b62c7aeb952682a4 |
| SHA1 | b1edcd5ff29450f9733ed4a1f884b45d0fcff6b9 |
| SHA256 | 2b0c19690a329cf285aeee4f060da4362a6109b1bf5f25ac9d7b7291718c9d3a |
| SHA512 | 7a0df68950ae65625e323ab1bd0909d4b47ec76f145c10801864da9c8a5f1d0f2c4b00b4f64627cc7f93d6c4f35741117aa1dcae1a50fddf17aa94fc58276561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c4cdf99d4f63b0_0
| MD5 | 3b9d1dcc280479c388347e4257362b21 |
| SHA1 | 152cd3d18f02b5cc6f5c6d873cfcd6e73f6cccf0 |
| SHA256 | 651073fbbf897dcbade1128ccb99c003a2ecc8c3007fda862ab7fd4d9939aa8f |
| SHA512 | 9a0ec589c3f9e012e346f65ba49c5fd7fa75aee747cd505ee9e6603dfff221b5fc7587ecac401b34c6b687461b233e50eecb94027e79ba76206207f720a9647f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b4311b2387bfb57_0
| MD5 | a1113aabfbb8abc0f3d45aeb72e5ef87 |
| SHA1 | b721ea0f973cea45e8292b27e14c5abe46b8b308 |
| SHA256 | 717cbf3f4653078026b7bfaa42872d700dbe43424da38412f4af2f247d98973d |
| SHA512 | 9b128b163ffa21eb95302e77c55f25153bf7feaab4dd97e4ec1412d5863cf6476efb44f7184591e149018187d406b851596354ef80aaa9d1b99becfebbe9bbdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db80d672a14a2d79_0
| MD5 | 8be292712687516e4ed6e95a78159a2f |
| SHA1 | b904c6d9f69a7aa7a5d3bce0b16f12484cf36f68 |
| SHA256 | 219a5e466c096141453f69f1b133c1bb40a73ce23662a1ac3cc15046222c35cb |
| SHA512 | b24e234e88527ba5f22b06908fc0c36affd4a75b7cc82acff15014247b18ecca3e095e6edea294dcf95abfcc24cc0b43beb3484c475b84a1bd9efe384ec9c30a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3aab5a8dccfb4ee_0
| MD5 | 475106d892c6a08eddb2f123435332af |
| SHA1 | d3406b22fa18b62aaee4e0f7ec6b6d389c7c3052 |
| SHA256 | 54fca32aed7cae78ff9754c18c07e244a85c6f69c6d998849c3e2048918e71c2 |
| SHA512 | 2124020e5653f910cc42bf92bb3b9cc68a04cb22efde01d4eca216812b26488c0cbc0e8517d8b0968f502d32b046dead7f6b81806e50de8e529c6ea1a1530644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88f32242cf1da472_0
| MD5 | 5920bcf00a429c34806e5b812e954a63 |
| SHA1 | 8fad4d7cbf8d5dcf1ef74c92f721e33992deceac |
| SHA256 | 6fb063220fcaf955a8e639aa5d94542ccd8fe5247fc13257cc86d297212b392a |
| SHA512 | f315a7acbe211acbbda86a25d2a164b323aab0ac92565398ef7e19b20f0b2c985cf94d9895f502e2eecfbadc46bf775d58d82d6438fbad3113444933888417a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62bb6b5b8c0b581d_0
| MD5 | be04cb761889e8bad90abfa65d4cf65c |
| SHA1 | 5e8f430fafab69a63969f3271e021b353e5cd6c7 |
| SHA256 | 327b9cc129da89188e8917a8315af87a63db7b40b4880dc42a4df47050bda410 |
| SHA512 | a4664698de91e19744e138dcd8158cb697579c2b5f8f5e1cb3e57c06c404f3ef6e8878caae37805b6a403e222ad094480c7fe680c723ef7e21778229d7476a72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94133c491567ed48_0
| MD5 | 997f87fdeae460298daac6d2729bae92 |
| SHA1 | 952a476b6f48c7fbcba5d85d5f3651a8dde4b472 |
| SHA256 | 048c17c3aceac436dc590420a031a568fa6254368e24b2e31c7cf3f7127ad8d4 |
| SHA512 | 51794b3098971563f2fa225d7367d1a6b2f40f3b7f081e9fb36d849a1d1783031cb94c27b3a0b79d505e69727ecca34c7f6c107bc1447bda42ba6179d8ca7120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf4b524cb20d79bc_0
| MD5 | d965285d3695bf84cbabadcf53f40d80 |
| SHA1 | f18869af7bced6c2988f1bc9ab8f40746116561a |
| SHA256 | 13c1dc87d533be9f3c50958c2c642698a4ea263c449d78ec76f7ecf8613696db |
| SHA512 | 04e132c6dce649e01401605d28c1db33d80633a846a5fbd65f2cb5ac90aeb708abde5f842f6bdf42fb84e4c727d79b66945a3da865ec78c6958b503ee288e31c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\549f70758e2a7eb0_0
| MD5 | 3cfcb09deb4e6fa8d25adb1886978c37 |
| SHA1 | 0859269d5f0c22f9fa3556c0c4265bf95c0e1831 |
| SHA256 | d649c8a1a7fcb19542f40eece2ef65efd5057e020eb8dcfebfa819218901d308 |
| SHA512 | 95fac4d09270d128d6aba7e05223efc23c834e25805bde9b6da7833273a163c19d45bab34640fa5930a66d991aee61c75ee6d1c28c6deec84160a0ee1a56ea38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce481227fb20a4ee_0
| MD5 | 0085c702df5b170dea4d69391529d5da |
| SHA1 | bfb1c183c6e4a33f1346fbe1c3d79adb73c10ec6 |
| SHA256 | a3ba7f35207971c9b7768e808afdfb6311d2381fb9826f4ebf05aff095e41763 |
| SHA512 | 72f384e259c861d55a1bdc9b76f31cec0f14249f2fe64950950b9ba4a99bbebb92e4677d20a116cb0a2f01555ff69ff7f7a3468e18ade2e59ec6ecad6b79dbce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22510e6f41637f30_0
| MD5 | 2192052b186c98a9ba68015862b2df98 |
| SHA1 | 59d2eb632831404a14360825a28d1f53d226888c |
| SHA256 | 417fe195880cfb400b5de307e50ab44e9b8e3dac5c3c775315c855c94b3d94b3 |
| SHA512 | a49077282362404f5b66b4ab406881771b27b77e4e3846881302eeea6fc29ac26390b189e31dd496c694c374f281e2b650639674ed8c0f471a15b2196762d655 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db0c9de93c88845_0
| MD5 | a96b1ea3d2e271bfed98e194a73136f5 |
| SHA1 | 69777c4841be44ba7922886fefdf50b4168faf14 |
| SHA256 | 00e50ce80bfde26bc7bd693421f1c9c512e2bb253e9a4b5615825e1254d315b0 |
| SHA512 | 67e41dd2f7bb7044e853f14bdfaf8464329bb9e55a3cd5f7ce870bfa1446fd657acc415b5992ca9663981db7709b8943c41b8a66d5d7162edc381eb49ab50b7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e21a75d99c87754_0
| MD5 | 583961f2392eb134e5dee2efaea94fe4 |
| SHA1 | 1d36046efc434012a06037f1f21bd107380ea122 |
| SHA256 | 6ad1baae154b102cca730dc58e3cb45c4dbaac135c0d4d9170156e264f33f6cb |
| SHA512 | 55fbcc2d3cc3711955c88facd4a3d9eebad2a3dd7cebbd07135f57a4f1c03937cd4888e3d44a254abebe18036ebe09f20f2e2ae495d72b7716913bf253413666 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d6509ec273b5ac6_0
| MD5 | ae027b5bf46d3fef224e7091f59d28ec |
| SHA1 | f68828c492f73c337ae723eb4e263e40015cfb4d |
| SHA256 | 0ed94e1d156a73f94a4ec213d858887a25277a979c56220b3cc9887eff71b90a |
| SHA512 | 7f1ef2fe764951721cfe0074ae29e172b131e55c225e75e0dca541ef1a295f861c6878e07d155b52975b44d418107e66aa2e2487c66350036930aacc8a879c39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dca451e6810f2417_0
| MD5 | f69f087152e51df71b8a6a590da9448b |
| SHA1 | 6c1cc5ed232c1fab36cb8ff12ebe2188283e8212 |
| SHA256 | c8837c753aa6d7e15ab8dcaa757f7272e80ff44cf8ddc0492b663e1f21525dae |
| SHA512 | f0412b1978c7987d6476d3ea8ea06d636449d4a67012e5cd880ed6e795c089c498c7f6956e99a6ce2a2331cedb0a8ce8e7d1c0dff3cc30e600ff42d90c037ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c47459a41d1591_0
| MD5 | 5eaf9a77506d1d65dc43849801619975 |
| SHA1 | ed3cfa68537eeebbb0a81d032d482a49fc7866b8 |
| SHA256 | faa2ce07449a5e8407f465a3948fb509bdc6ef6dad2f73bb35342348cd878c1d |
| SHA512 | 1469ff5f2a49249316c5cc767da2d6c2a688a41beb9340ca881ea0d1e961b3c7f9a7cd2464b74e55afcdd09737634aaea31b44111965556b952f2f9140b88ccb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47a4811439b25efc_0
| MD5 | 5ddad08f9cc332da083d5db7eab67f84 |
| SHA1 | d415bca579297defc32d3cf3678b766fd4ac1b9a |
| SHA256 | aab43c3fa8a0b9052cd921f185ab18b0754c4990336c2c4481947dac4298a5a7 |
| SHA512 | d9888588e83072526250b729e25562627215c6b80077195570b2235a077207099e58b8254c95f5100aba1da3fa1c821527251f212295b0ebf82c70182c00cd18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba872977e7eafed0_0
| MD5 | fe3bf8fcb20b812ff22f1cd9919e1b7b |
| SHA1 | c680e9ca463bbab9bbdf7f105b567b3ca4409658 |
| SHA256 | 9e762a9687c2918d09bd9fe81ed4264df8bfac5be79b1e11d807bb50f9563410 |
| SHA512 | 97cb691f42f381173fe5a141245d6b7fdae7c6c7f3e04ffaa52448722179182e5768aca1c2a51a272582512bf29e35bff03dfdab0f035724f3bebb0fab3af39e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b77cc7fdb69c2940_0
| MD5 | ec656760d0fe9751d74f568a031477fd |
| SHA1 | c70e1a91c76cdb8ba85d7b5884f094a85d674116 |
| SHA256 | a1ca7af087d40f45f0a2dab9125aae9f71d35566027df5002003c71b3b8cb3c0 |
| SHA512 | 36b72b6da661da3ece398900fc5f7d0c441ce60d203014c67c0c2f380448ae2975611c6b6d75634158a99af0d65e519740398e0a9af794734b4b8c8b7fe906ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a92fc2d2b9d9f0a4_0
| MD5 | 1ed4f22127cca4815226d50c97afc801 |
| SHA1 | 7588e125036845945921949d25b27c1b8ddabcb1 |
| SHA256 | b5637645489fabb409adf6a1f96fd3b8b92e263e302893aa95e932e056886e7f |
| SHA512 | c49efa854925265d155e5ce158c12130ae642005368b296d4dfab5d96b768edb65dd1076dd2f464b3194bd1c24c78ee380c009417927bd01d1514b3bf10cc65b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0587842c7942e87a_0
| MD5 | 04235fa1edf8d76ae942b4fb25c1a935 |
| SHA1 | f32ba9971d94f9182df42c6154666e0b98f70e24 |
| SHA256 | 0d1ad60b9899023c6c002bd6558a7e69a62095ccd90de6441b03ea5a77be6b16 |
| SHA512 | 0d5c16ea0f142021fe2712fe2b30df5cd0661ed71bc687c030c7d2a70351f9ba95035faf68aa49099432674cecee2c91a755330f709592bf4a8b6c8ccebf67ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16af11a7a348424b_0
| MD5 | e0610086a53a7998e81520802ce0392b |
| SHA1 | f44a624b7c66746dfc91072c7a22cde29bad3828 |
| SHA256 | ce32b47d17818cf369f9d816af6e4712e60c4366ce660041140d213e5e605354 |
| SHA512 | 806e96a14655d3a7fdd6d0aada4fe0b515b09c2104553901311c43e90d24821656b174232697537e972c0b29e7760add20ac7dbc91807875db77534aef6e9b18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87f55e0a1ecaae44_0
| MD5 | 216099dbf1184585405b6a43a95f30a4 |
| SHA1 | d181679d2bf91519ce34daacd5b8d33b716200fc |
| SHA256 | 7a19b3e56b81b27b8940767708e666cebed98db48ba30c361efd1c514bd77568 |
| SHA512 | 4c7da12ddd64c95a24048867cadaae7a3f11b98455beffc4f16cd3a196c1cf897e9b3df6e0a4d7c1d107f4a5b7e72d88c569d6e742f04202f6375ec85004ae9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76f829cc094275d7_0
| MD5 | c4719ef00bf54d5b39b17c678bdac313 |
| SHA1 | 5111c3bce4111fc19802e3535ad8d3d0350a1e54 |
| SHA256 | 7548d05bdae7ad8062a74307c5a43e1ffd83e2b639994cd129a3e176426fb721 |
| SHA512 | 8b2d5b2c184e961849d83dc69c9e777e718cd054efdcbab28ba854b41b093a58f8994e0f8226601994d5914f007c35274cada224aa6aae2f3894769217c2864f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfa605c446a509ab_0
| MD5 | c05c95d8ff36e7f395099014c261a0da |
| SHA1 | 5818ee2cb74232138621b9e6680b70debbc1f64c |
| SHA256 | c0e37a2553b2734956e58cd1060b739015eaaf149f655f697c37bb280c65462d |
| SHA512 | 9b78b6c6783740d75d94e8d3975d361100c43a16a0838113e30172c5c61dde30b33d16b8f48f434891b73747dad94636129c2152ebfd0043355f6b7000fe89a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21c21c5d6a3777cf_0
| MD5 | ed98bd24c62bcb6f736e90d6ee974548 |
| SHA1 | 70496cc206b62e826f2c479b2fc70ed5cdee7963 |
| SHA256 | fdd1dcef4d6a24a6fdf6d377056baf038718d746e1d4e9ab56ece57c5b955352 |
| SHA512 | b9d44b9cf1c31e6a8819bee91f7e6bedbb08c0bebcb67dc2238408a15ae0f5c715dcba13b5bec71c7fa2d94d7935d726235b75d9e7fe855eacff97f4073e8e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f735b670a4f7a234_0
| MD5 | b2738a5b8f3a0e79877b33f9562373fa |
| SHA1 | 6263ee9f3fd5b0c1ec6ff821c117cccf5e291ee8 |
| SHA256 | 22f2edc751c624c7e7510bb524cd8d668cd35950b23de2225e360c3dfaff6ed0 |
| SHA512 | 9e855be49eef4447f7ed8377f473676c428c22a92e1ac8e346e74d886e8728e3eedccb1effcf301124c4438ced6241f008c4d294431203663b32d237c85bd365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d04bef2abfa72c6_0
| MD5 | 3d9a0dc160a91733994e0a0499346a10 |
| SHA1 | e4fb38a4f98aee8e678b384942d557bc9c5152f7 |
| SHA256 | fa3309c57c85473a529d9c2f9cd280c48f1094903165e8bac5d3902e5d350018 |
| SHA512 | 81697d12d40e2b558408c2fedf8c176e7e81deaa430531eeef8e3fea1ef652598fc553559ec6911d2af10c0572247d3a924ba25594c578576e0aa43b55cddbce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fed0cd31909da4d4_0
| MD5 | 9cbd64cbea32405004e3e2fe582bdd17 |
| SHA1 | 2c23f7497ad0ba76e875f4b05793a86cabea47c4 |
| SHA256 | f581f4def744544201a2adcd40bdc2d2835d377604829e2d179900abd6b22b2f |
| SHA512 | 8faa04b5ebc482153ffd0c2d9195b1ee92301d6338c464fcf5f3e168397444c623ed337f6d1fd041721cdf85fbc0b00d8a3b019d6c372fc74421fe57743391c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a851b595bd85f42b_0
| MD5 | ed4ef0dc7823548d017316835714b242 |
| SHA1 | 749ff8b918ed87c8ff15a887aaa2ea6957bb58fe |
| SHA256 | 2249f7ffe29a2af07ab4ac20160a5a57c6777766cd46473ceb52212ee8d7d508 |
| SHA512 | 5d057df9a75abeb255f301310cb47a6dd8bd4638cc3be4b7a3bd15eca8f5e046ad3a43a7ad22762da2a96a3520c74786bfcd97003443a294de7d85afc0bffa0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0
| MD5 | 59dbf20d4aab76f4dc13be4990eb9f57 |
| SHA1 | 1a4b82635d5796fe5028195e8395a01f183a1fd6 |
| SHA256 | cdf5f0ccfadca231d9f363464769b61b15217359fc68d9561fa0c62b7ca921c9 |
| SHA512 | 76a6979edfe5c7cbfb5afecd10ba2602bc75d65f32505ea27748a8be4847bca3fb23dde5ece33ad969ad687f8aa2922f969625e3d4c63d068fab7f3e606123c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b97c948285070cc1_0
| MD5 | 4a9ebea84b84650ca956569869c69e80 |
| SHA1 | 86186bc840ab5a62fc3d70cb48e40e6cbb793532 |
| SHA256 | 47585b9bc7bf4d6019fd717c1af84bafe21e24f58797435f9e9fac7f5a3204a0 |
| SHA512 | 3bb5f179d649de9005221f5889368a85974cf6883f12c442da3a605148aed53b900fc47f0f173589ec3d6f5dec433da7ebd933df0a0e2fcba0756edd9db11ebe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\204470fa80477270_0
| MD5 | aa76cc11fe8738e3f9a6fd525c83e77d |
| SHA1 | b1211fa4b89a8c93b765bf62c30dfc889b795f0c |
| SHA256 | 6fb920e7d4129bbaffd649f1e759bc1c22d4fba73308ba9e812a873969c163c2 |
| SHA512 | 3da23ca2863b1b5ef8417ea08082c5b36f5f474a98764a89977fa3082680337a2eea22ee9ca40a51de95df94a2e87db3f5d13fbd3e8f5da377d3bd2c41ba9be3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2b4e8597e4738ff_0
| MD5 | 253c07dabec6ff36db84130fa503da2d |
| SHA1 | ab1fedebc615e53c6c892fd0b7869ae127f528de |
| SHA256 | 7e316256a66f5ec85f061b5ce5962973ca3ae82b2b8f16d8ae148cf24b577e43 |
| SHA512 | 3c33ea7776257d01aeddb7129b22d5e9603dd06faa3545ffbba214fa08a3afc7ba2adf28bdad02e0279a4e92c512799abff6a82b39e6555b93e5646d7ffd1b8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\715718cd0f4871d8_0
| MD5 | 0918e2d69727d0287329d026877d4895 |
| SHA1 | 60c5a5cbeaadda2fa9fe5fa3138721c7edf77422 |
| SHA256 | 87ab9f5a4a7a751c2b4a4e01d4900a04ca9b75bf3381e7119778a3992c59b0b3 |
| SHA512 | d3d7dc7093ea1866c3229ca93c8cbd553f9961e39915794a300ca335afb6d74cde79d1f7cb1edb8755cb1740b605c4630e6fd3c723a124fb8fbb5828e31ba388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\106d8d9c8f3649ee_0
| MD5 | f9a71de7ec5a8934daeafbe13d3e6c46 |
| SHA1 | fc070be1fa7e20fe014f6e676e9d4d79fb18c8be |
| SHA256 | 55601b8b88c9fcfcc053e1c33e0929de8083b8f790b4e11c6548a91d9689e54f |
| SHA512 | 5f1e6f8c3d55121af4d3ade06f9e2ba24fb3ec3389a17a280e22898c9d2a34c145d1280b413379b9abaa97846dd051c779a7772db6c0ff156c6bf58904be050b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99ce00c6ce3fab12_0
| MD5 | 7e1df1af874a1b811307946b9d04e35f |
| SHA1 | e0bc8bf41e706543c1870f5f37b304736de92dae |
| SHA256 | ccb753b8253d719fd3e5f2185cdf3d5804681340ba6a3cbe3b9d5954f6e8adfd |
| SHA512 | a8f2ff184e9e46a6b1c2c3314fd5a64f526d6acdf24f4bce8215a49f691c914cb4e72ffacb92cfbd6486a2a9fe3ba9a444113f9008ca97f3bbfe815b9464386b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e01d30e90412984_0
| MD5 | 043264855c42efe1d3af22f9570b3868 |
| SHA1 | 583c3252b6ae933cdd85c70678d4f5e3b28b8aed |
| SHA256 | 209360b521d7a98f38fd6f1331f815bb4a08256f6f9c3f29c41644cb8827176c |
| SHA512 | a16ddcfc7b4badb5b5d5c81d27b73af88bda4e5f6f906275c2955c777ec4aa7ccbce6e96c16d97d2fa8668c8d73d13f47e6f0111064e19bdcb8fa27acd118ef2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03c811e255d82761_0
| MD5 | c6320740e1863f1a0d46679b6a3c9a8c |
| SHA1 | 2e834fe57c331252755a371d6c00b1202eb26df8 |
| SHA256 | 57e2157aded896e249a8056257909378af56dc45c252d810e0bbefebf69e0f9c |
| SHA512 | 63c9007f19fc3ece4b077d317e1dd46ae27a104f97e43d7daf038d92556b873b903fe5165b26c28983e5a09aac91465df3fb13a81fcc313aef304e20aed10606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dab4cf4cf500bff4_0
| MD5 | 985e76adae88d8ebb23cd353ab19ee00 |
| SHA1 | 03b5446dcab8ef2d07373d8826fc32d7fbafab17 |
| SHA256 | 22947c0d2bbf78af12b7476cbbc3faeffbefd24a3b428412c84932405423ef13 |
| SHA512 | 1288588716042210a88d42d2172e2b1896fb3d0cabed8a5125ffd2d597b7d0c85161796360ced3c49dd12f46d58946ad9a36513262ed7941c3d38d3ffbeb034c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e14570d1c1e15bd0_0
| MD5 | e1d7b939c9af9831623fed7405f75958 |
| SHA1 | 0f4ae4fd721f88aa616b0fbd1ad87b6e2147a782 |
| SHA256 | 132ee88d78efc51172d08edadf53c9aab65073e54c666d7d8f7757790ed4b500 |
| SHA512 | 62a9c0b320068bea9e1d6e8b1c4604127103ba3c680eb096c757c7c736bf23ab68a4bb2d33e945a0114bc13fd257e4446ac48dca92d481d8b71db0bd29143bcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87c2306c532aa35d_0
| MD5 | 5f9ba604c0cd127a1b1bd04cc7a9ce12 |
| SHA1 | f57b58cedb66fd8817ee8f36e8e32909e84e6c36 |
| SHA256 | 018dd0600424a1d4b6a5b5dc40b9308675cccc4112580359be27e2d29f62933c |
| SHA512 | e4f5f95b6ace3d54744305bfc26c074bc052a62a0ee3ddee7c70db50201ecdc0f786cf7ed75f5e6e168ca4a23f2bd6d790ee2f4dc44cc002749736483fb11636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\026ae9d749eaa36f_0
| MD5 | 7568c3385c378472e045c396f4da98b1 |
| SHA1 | e7b4d207b2cfa94b98c9b5eaece62e0c167a52b5 |
| SHA256 | ac0d752e01fa9fa29ae97c0741b024a05ff716830459bf2950789b7555121085 |
| SHA512 | 425276f5317fff136222c2f03dc2b5d1ad22e0f85577eb84e3601df39ba2dc1434d40f64acbd376b7cb76e97649c4d5e1884b93ef72995808ed9f44ebe826cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\356fce929b1d1801_0
| MD5 | f533df216b3f5f4394616cd426995b2f |
| SHA1 | ca55c72781038d5c0c376147b51720ffbdc2e353 |
| SHA256 | 7e0f0821011f592cfc903264f9767c7476f7a9ecd2d6afb8c2746fc5c27d8fe5 |
| SHA512 | 9ce68691f4727a612b2145ba415d0a3a667c04d940dc05ce8d18d8f964a914b18dc6891d827ef413d968a8c919b334956715408472b821ad09e65bfce3367d8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17f8f30b255f5ad8_0
| MD5 | 181b5ffc0cbcf88c4b187035d205af53 |
| SHA1 | 62942a3bf14879daea7717b91f9630e85d20c35b |
| SHA256 | 1169078a3619fe90be51028515fdf28a3c8fb6e2008e2091b6f24216fe555131 |
| SHA512 | 24eb28c1b2a45ba4951033e31fbf8c4679fdeca84b4e42c28965ced2262fa9a1f94b354d2946a94b850b87755b4223ad21d38fd6e055f44adc70ab3b1f4f44eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d0b78a7984afdac_0
| MD5 | c63bd640da3dcf11092bd2a4a376b299 |
| SHA1 | 8482a4210687b3167b8d93d151ea3bed385990b9 |
| SHA256 | e239c0e1f28ea296a24574eba308bc94a411d6ac1227a288dae4163fd8e12cfe |
| SHA512 | 133ca0d7b0b6f33c25c24a795c2e2f8578ca95844756e7d2f0a667ca1735e18038f59679604b522671586bb809d5095709d2f281f2d5a7914f871f86569a9e98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e542423739b73539_0
| MD5 | 7c5229186cdb1b0e7dd4bbde2ecd9ce9 |
| SHA1 | 1c252062d9ca5a3b47736f8a98bf911b8b54689d |
| SHA256 | e81c8a378b385fa3e05c6a2e2bfe3502611f6ff879ddba0bd20acd538fa1aa95 |
| SHA512 | d6f5d8aa3ba0818e1613145a8455301c5463dac3718af1f06f7ac6420f8a8aea3617bb5b081d5c5046d710467cbc12652613c6f876b2c774ed8254bfe33ccc68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb6db18c0033f0be_0
| MD5 | e1ea65870c6f413cb13be5189cbfd77c |
| SHA1 | 2df997bacfb440fc6de453f93869160d95556c55 |
| SHA256 | 5b456f440cd97fbda96ab045b55cf27bc127aa9a09e967c1075607f7919228fe |
| SHA512 | cd18cf1807bbfd129509f7ebbc05fb7ecd63f02e4d4ca0c12cae302ec2f3956f8ce1fa33a16a0b02c4049ea04db15eb8b354f0eebf04bba6aa6323df4963cb8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\165c09a72f0bb2cf_0
| MD5 | 4069ef57c6ca4109bc691ef4971af729 |
| SHA1 | 605d7988b740e88e8320d7808e5420b4bc905745 |
| SHA256 | 558a3cf2976b1dda056e9e9fabd45cab4740a9fdbf54871f103788e80260879f |
| SHA512 | bfdb3d8cdeb8456bc608787d8d1ed24b34319a659592b6f51ae4b844b1062d52fd3530db63aa3c2c8fce9f7cd928c5d157c589f45908330340f686de4330097c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5eaa07699ff3871d_0
| MD5 | 31e74d6c57ca867696c1b77d04db05f2 |
| SHA1 | 38265ef3bd0b9f71974461e8eeeaf17ffe998b08 |
| SHA256 | d656374ad69b86c4cd55962fab4ee042d535af5fad03e0a107d1b1daff8ce889 |
| SHA512 | e39d9bb67abf76750d8c9a558e9b937481d680ab974c50209ebdef0b4c10104b953534d74f01b0dfbc0a33e4d642116501ecc1eaac46f44b374f007aa34d8273 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c04243ee51f35cf6_0
| MD5 | a154bfe07b869c1d1130cccc3e094dd5 |
| SHA1 | 2be6960b88afdc29c60f34d13e05acf03bedb6a2 |
| SHA256 | b86691b8abea0a40bba2e18687f14b239f97b6c192244e26cc42e4917a318ac3 |
| SHA512 | 03afe0ff07f7f22c5f60d6b55deaae6378df370eddfbd1b0cc74b528d063d2c88e9ac4b0b730e39b3cd1ccdec5b23912ebf9c26b4cccad93b80843117c0513de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee08c28427b16c56_0
| MD5 | 41d2d18a8429d8c9c35052107a352edc |
| SHA1 | dbebb4e8872f574b1d356a5eaef7d7bea5e5b0e2 |
| SHA256 | 65152e6d5c37f7425a23399d1b21b18cc0f18f381d79d16f65902ffc3dd6f548 |
| SHA512 | ad873d54fbe8c2a49a74e4ff3d41facbbd764b4d99c36e9a6d8af4907700c099cc6e4728bed9534bf49679ad8b662145d292ca13e475c7b8e7547affd15c2320 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\51119011c9532d35_0
| MD5 | be1436e7ea0579ac368810c1013344d9 |
| SHA1 | 7b5de339c2388ad0d57dcc8c628419847ce20cf6 |
| SHA256 | 1465364789e9b8e1725990ab4eec86c05d134aa5b27798ebbe47c9bb5361359b |
| SHA512 | 38d0fb154d55be59c11543dc22e4cd481f734c75ad097489cc49496134aec28cbc4628f33a9cff51012ee330ec01ad4d9eebea890f911557c07e0fdef2e977bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb73c6570251aa2d_0
| MD5 | a3ab53039e590cee1c029397c741dd17 |
| SHA1 | 40b6ef4247afa442b520a84777329fcf62154a9d |
| SHA256 | 70c88095d3d92901b665184d48e2ae18958697bcf1914635ef3068ef52140b88 |
| SHA512 | a0b4b57937e45411aedade4b13a7b5df0f7b14d82803a0a39c1cb59da86639aec0f2b8b0ceeda02bd966039a7b6ad61c45d682211c429becf4efd373608a4f78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 22175dc78262baba547e7326eb747c9a |
| SHA1 | 863f1c41f8e56834707ed6d60771e72a572c792e |
| SHA256 | eb0cb72e0138fec073c75c7cf82a38f6a4154908705ef038d6d8bfb6ab1bc39c |
| SHA512 | a14a0cdc2f736161c1fab09a9ab0ad58575836618ac835de83f494388837310d9b8682da4a865dac124808902b92ac1ab6731beb7931d1ef3b8becdf4411a55d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccb6f5ce6912c7d9ec2eeb1c73025195 |
| SHA1 | e75f1e121e447da15b9b8904d4055e987b058f43 |
| SHA256 | 9b0775723dd9ba63c3647d20b0644f011025353dbca74b696ae69e73ff5bcc39 |
| SHA512 | e0069b759e171e1a0ada26ae6a69e05e577976f961cb6c309c9b0114281b0f743dec059fa637d245b82cebd5d13546f5cbafbeae15663a4addd5d44f41b120fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc24826fdcdb24fa97042aedaef3fbd1 |
| SHA1 | 46d205e1f53e67b694f0c3c270a60d2019ebe5de |
| SHA256 | 58564a2c5e4c71c96d77f9e15542cd93d915574944f8f29ae44675c4a370c956 |
| SHA512 | dc63c518c4f68fc627e4fde2eb7d215b73a09e540612b1e6543da0e2dc228d1af31a248af5f657bd448d8bcac954a87702a97c50c965eb3ae40bee927fab04a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef9bee25bf8b3029b37cf6b73ed68544 |
| SHA1 | 0e05502f433ffd979947e2950a142faa6c7ea72f |
| SHA256 | 8edd464be55863bc254685ec18afe20e5964956c635031cdb09f47d37d6c9c17 |
| SHA512 | 9d5932d201baf5b281ba3e924565d14da6936898f933c08613381d9fd10458b594c213819d8d83d7b55463f0fda67a625b5fda401d5d7f613700eb63d21c4347 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7783c50ba036cca4d877cad925d83ced |
| SHA1 | 9cfd30eddf948b11267b3eb4146ed2930873cdb4 |
| SHA256 | 098a1afc140e05452852e011e7286073b4a07bd1e4026d3175cff3b038f19185 |
| SHA512 | a7e17a12a766e4585f4b45e1d74cf7c97c3443035f3ae333455f16237acdf6cc0d932c8ecfc93645cad84664271fd825aa79b8449e4e142c93b2ba8f75be6ccf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39be6e7c4384f8396f62c5fd16e77b6e |
| SHA1 | 07dab8aa83cca5ae76a758c2800492876d62f742 |
| SHA256 | 97bb066f61da76fffcca6d7b7653209c810ac4da8c53bc4c31aeb1385a6c9b1b |
| SHA512 | 4a65289556c2c862c1986f691cd6a00a831a346073322987ac0f4d82b250c0d38f4c686659cfa9462ab13b2d730f7412d14f0199fa5a8e06bba81437f2d1e222 |
memory/1308-5771-0x0000000000850000-0x00000000017D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
| MD5 | a1cd6f4a3a37ed83515aa4752f98eb1d |
| SHA1 | 7f787c8d72787d8d130b4788b006b799167d1802 |
| SHA256 | 5cbcc0a0c1d74cd54ac999717b0ff0607fe6ed02cca0a3e0433dd94783cfec65 |
| SHA512 | 9489287e0b4925345fee05fe2f6e6f12440af1425ef397145e32e6f80c7ae98b530e42002d92dc156643f9829bc8a3b969e855cecd2265b6616c4514eed00355 |
C:\Users\Admin\AppData\Local\Temp\msedge.exe
| MD5 | aee20d80f94ae0885bb2cabadb78efc9 |
| SHA1 | 1e82eba032fcb0b89e1fdf937a79133a5057d0a1 |
| SHA256 | 498eb55b3fb4c4859ee763a721870bb60ecd57e99f66023b69d8a258efa3af7d |
| SHA512 | 3a05ff32b9aa79092578c09dfe67eaca23c6fe8383111dab05117f39d91f27670029f39482827d191bd6a652483202b8fc1813f8d5a0f3f73fd35ca37a4f6d42 |
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
| MD5 | 16cdd301591c6af35a03cd18caee2e59 |
| SHA1 | 92c6575b57eac309c8664d4ac76d87f2906e8ef3 |
| SHA256 | 11d55ac2f9070a70d12f760e9a6ee75136eca4bf711042acc25828ddda3582c8 |
| SHA512 | a44402e5e233cb983f7cfd9b81bc542a08d8092ffa4bd970fc25fe112355643506d5dfee0dd76f2e79b983df0fde67bfc50aabb477492a7596e38081e4083476 |
memory/2088-5799-0x0000000000060000-0x0000000000088000-memory.dmp
memory/2860-5800-0x0000000000080000-0x00000000000AE000-memory.dmp
memory/1740-5801-0x0000000000AF0000-0x0000000000B1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
| MD5 | 56ccb739926a725e78a7acf9af52c4bb |
| SHA1 | 5b01b90137871c3c8f0d04f510c4d56b23932cbc |
| SHA256 | 90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405 |
| SHA512 | 2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1 |
memory/5028-5812-0x000002B5F7F30000-0x000002B5F8E18000-memory.dmp
memory/5028-5933-0x000002B5FB510000-0x000002B5FB6C3000-memory.dmp
memory/3588-5952-0x00000240E9340000-0x00000240E94F3000-memory.dmp
memory/632-5962-0x000001B8B2120000-0x000001B8B22D3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0
| MD5 | 58da25c047361c7bade524fcc9caac1b |
| SHA1 | c8b6d6b32ccc7e9bf058fddf222467ccf3d06683 |
| SHA256 | db35b2d84abc4ca36152c193dde679561288d40de5f08f93e623f87ce9ec9087 |
| SHA512 | 05035144bc2d8370fb3368c066dc7b5308ddcd1aa754ce58eac4f07c48413d0a04be9f9903f9c48e3672e3d0f8e281046e36dc257947f578411884a466134e0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0
| MD5 | e5301593f178f0ba257fdc7e1735ce54 |
| SHA1 | 6ea46af679098e17ea5c64045e6415b25aab3079 |
| SHA256 | dcf6795001db93db7ff20252ed97e98dc7eb4e309c87f11c0f50172fff6822b3 |
| SHA512 | 9289252ba1f7a546a8f42f9658e6d27b419e7dc50804bd4ff1d929d646e37186fdb687c5a763855c1a5f803c760ef163fed66c0ca8e288dd0e82fbada94fe7ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56215a7167502ebb_0
| MD5 | 63a4e0b658100a9e475c92b5392ce432 |
| SHA1 | 922ab9ebad619d9bc2156fc236e36c952187d173 |
| SHA256 | 81e808d97f6620d8987befe69dde8605bd9f95cb1f5cc1660b7d51c2bdce5d6c |
| SHA512 | d5287248631887426918cc7bf977908b9698226822411e15b11a55207b5298d8807b0f3b22c8eced1580329c738fd67eae35069476a7d07fb2a1d05f264560b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0
| MD5 | 9ee0a4977008d872b3d81fb10aa737f8 |
| SHA1 | 10d014944014889484c36ac88a4d2dd848d2b53b |
| SHA256 | 563c68a1f2d11797d587b7811bb7fc06fae0cae411fe98402f414072776f9f78 |
| SHA512 | e553bb00a163f4b251ff4cfd275b7fdb46ba407e4b806de3a52cb25a3e8a0a59fdc3acb06b5d0ac7d8594755bc911c2794d8cc761cf4770511412e20229d8bbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e7c0ad4ff804d4da2d43ff308caa25ad |
| SHA1 | b3da5a11d9f58870eef24294690c6926be09ae8d |
| SHA256 | 59eb18475438d0f3b5011dffe37d08d575678c7d15dac9738e355862bd7aff73 |
| SHA512 | 337975b7dea2241a95402aad3780a0c506459e88dcdaf0f090e0f75c7b991b302b5ac1b317f16ccb82047fd0ef391ba5512cad0f785bdf29a771bfa9d847dfc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d472bd1921af964d0d41854f1cd1cc3 |
| SHA1 | 3bf6df75a0521c137e2720376506eed5aa9762f6 |
| SHA256 | e2819819f766791c45abc49500ce0a564cca8860cf60612902a6966957a48460 |
| SHA512 | bd75dd670c3c6bbf0f4624504786c67d1d83e74044082cdde7cbf809014ca8bf0486e66e0f4942ede2741027722215e000082f3729f6f8175fb300d95f8c2d61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bdb6ed0ee85f6ca38dc67741ef5ecefa |
| SHA1 | e4a76298d3c873e04b5d703a615b50491c2cd788 |
| SHA256 | e293e64cf4f5dfd20557e07df52920f2456fed75a2b9dfbb15a3d3d8d2c1f99a |
| SHA512 | c1db4780632066433e36850870de06f13fb6bae732c37ce1454a93f5e895d36610d9e038120ba50fcf75e49055115ec3230d89c748ca55430dc8a4362a4ae3af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9337c84ae9ecf23abaf79a808b0dc51d |
| SHA1 | 74bab2e5c0b3a7640810f6656af79435174d9d47 |
| SHA256 | 567b9d14270363d165d31334f281a8448ec377bb9aaf327b9d4d91e5febab456 |
| SHA512 | cc796174fa831039a36571dd642219a1a6f4d7e4725083c86727b190db097479c25209e579491df42fe60a9b4439c39faf292a780d38980e7d6a2e6ade3708b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 698f9434b2f155036870a9223794ceac |
| SHA1 | 650987cb07a97881e106aa814bd386f274821a2c |
| SHA256 | 970698b128af2cad084edba13e5d187ba622960a2ddf8b1ba979690250ed57c1 |
| SHA512 | 0271cae0fe5fc986aa5173122c4b28593558901c12bc59dfcdb49e3360a252138b1d65aeb4e4f09865653aa408121ffdfbd8d7024acd5723485077cf6e9bad39 |
C:\Users\Admin\Downloads\Unconfirmed 782943.crdownload
| MD5 | 223a76cd5ab9e42a5c55731154b85627 |
| SHA1 | 38b647d37b42378222856972a1e22fbd8cf4b404 |
| SHA256 | 1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940 |
| SHA512 | 20e2d7437367cb262ce45184eb4d809249fe654aa450d226e376d4057c00b58ecfd8834a8b5153eb148960ffc845bed1f0943d5ff9a6fc1355b1503138562d8d |
C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{F2FC4BD8-FD36-46F6-81A2-5E4FEA78EBA8}\.be\VC_redist.x64.exe
| MD5 | 3f32f1a9bd60ae065b89c2223676592e |
| SHA1 | 9d386d394db87f1ee41252cac863c80f1c8d6b8b |
| SHA256 | 270fa05033b8b9455bd0d38924b1f1f3e4d3e32565da263209d1f9698effbc05 |
| SHA512 | bddfeab33a03b0f37cff9008815e2900cc96bddaf763007e5f7fdffd80e56719b81341029431bd9d25c8e74123c1d9cda0f2aefafdc4937095d595093db823df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | db4685415476101336c05813ea4e8caa |
| SHA1 | 5e89f65456141a62ac6770949766decadd4bba7b |
| SHA256 | c9ca4b4e8538884a56720760eb814bd5357515cde72a00e642981cf5b50b83e4 |
| SHA512 | 64415feecf40dabaca64a6cb730ca5b67ed0a00820fb207eadf804e909612bab052384b564623ac6cbbe3efbb610587fbfb4711c85092cf0d48e4183b4a4c539 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ed28ceb642f97ff_0
| MD5 | 9412799dc501ff35fedeea2aa122e73e |
| SHA1 | 5e440f5da4ed3dff1ea24fc72de93070603455a5 |
| SHA256 | 55d84c62adbfa64b827ca493714ed259f36c2b2e441341dbc16b45590b96c431 |
| SHA512 | f7ab0695328bac58949ee7f70af2ee8aab1d23911d1e829a8340f69600ee14759d7427b78b372e93794d01f182de88e0decb374e09a02206cec7f032a6dba2da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a664b67dc903cf4_0
| MD5 | baa1b7bc84059203847888ea8ef4484a |
| SHA1 | d499d5693f09fd06632eba789b568eaa1bc131bb |
| SHA256 | caea5dba5b58d3a8e8c17f194e04e6b558ff021f060cd91513c76ae544e526e0 |
| SHA512 | ebad7ae21083ad7cbd46db44cbf096b7a11707a713ec066739bb2e7e6b08da4ade52ffa872dffca8061f8fa654e67c40f68e9b28f005eb23b93caef02b779ccf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77553c2a47f1a2d4_0
| MD5 | b0cde02474ad781313c0c690e75170cd |
| SHA1 | b6ea1972b42bf3fa2b5072ba580f25d91ed554c7 |
| SHA256 | 96e5250ffdd38c8faeebb18b63bdb82d78274e0d9ea69849d8713199f6cad691 |
| SHA512 | 897a6046f066f4b1544e67ea8afe3940a6be677c482efdef5e0a65e533ada6d09bd57bb4c754093bc9052c14c54fe23bba836b113dcb37a8522f4de0fe872b9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 7ef694898d0f87516ad1c18c25480b00 |
| SHA1 | 52dcfed325023d1811de22579057e781cdcc5e0c |
| SHA256 | 562383c9e5903f7076f704240cc79fd8ef26d7facbfa0c905bf0819fc32d7050 |
| SHA512 | 8e50c7505afaaedbdc8c838a021e90d45881a2c5e963f941c6c30ec2bdaa4490a87651d4b5ec993c6eea933303d56e13a231398334eb3331e439ba8a866c4944 |
C:\Windows\Installer\e632b6d.msi
| MD5 | 09042ba0af85f4873a68326ab0e704af |
| SHA1 | f08c8f9cb63f89a88f5915e6a889b170ce98f515 |
| SHA256 | 47cceb26dd7b78f0d3d09fddc419290907fe818979884b2192c834034180e83b |
| SHA512 | 1c9552a8bf478f9edde8ed67a8f40584a757c66aaf297609b4f577283469287992c1f84ebe15df4df05b0135e4d67c958a912738f4814440f6fd77804a2cfa7d |
C:\Config.Msi\e632b60.rbs
| MD5 | 9006c99601fda98829d196e38abe6e60 |
| SHA1 | 8821643ecab2e72f798d574377c6183d98b53077 |
| SHA256 | 0a28d13f790794e767174e0088ebf1bb06d86377181affd148ec43e3873747f9 |
| SHA512 | 293ab5b8318fcea060a0ab37b8f0ba9572dbb39a4bed5e3140f72949a4197c58677006f7334a829f219a51b8dca8d5521a70454780bb047e0dfff3d8d5024094 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | f7a012cb5e5856c35ee16a6746636364 |
| SHA1 | 4e39a8597053350bb2067583ad5010cec3e4111e |
| SHA256 | 9588ccff4ce2ff0523af4c5565389b68ca70b7420080b641551151160e2add70 |
| SHA512 | 6bca9f9110701d0142712145d6d6f1116d673bd896c1c8566b00d829ed52d38060ccdb91488243a450b8b7a4023670a967e40469bad79029daf6817fa102c023 |
C:\Config.Msi\e632b6c.rbs
| MD5 | 5b8038f47c66c2c84bac85b1f98b7ea0 |
| SHA1 | 5ad5911e47dca699df1b2a639ab880c28e9c68ff |
| SHA256 | 8718e7f09b73175825a39d7613e8e674aa189f3dde93520dcc614557c04114a5 |
| SHA512 | ce992d571af56026b0963074ae05b6fd2bc5c9e6cfe9cd2cea656dbc567cc79795de3ea2e3c3c8690490d1797cc3a3d8e0d81c52adf16d6a0aae712941cf89f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0
| MD5 | 8feda51627f1a13e7a876ae908835d98 |
| SHA1 | 76cbd9b52b10ccb26bc4ad6dac0fb2aa47ad86c8 |
| SHA256 | 245f1c2e9c0e4a6e088a0cd4527048b5ee2bd5f3a7adf64b15c179c066b03e39 |
| SHA512 | 4a15d31bf6221b12ecbb7b422eb5094516068facce1abff987d0291a28fd0fb1980afe5a7f1149874a7ce02010d5496974807d967d795a096a2fbc349514c6dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | b4fa9e328e223a5106257b44d6e80d47 |
| SHA1 | 71091ede4d60dd4bab0565f0aa731c25384a31c2 |
| SHA256 | 069eef755b29385a65efd80dce20052e8f922288e9fe2d3340ad7af9874f618f |
| SHA512 | b0ea9a6a1157c73240caf86a4edbf6399419d0a942d2dde4a450e34848bb4b567ddd6600069e93065f282fee60a839e92cea731688766054ed5a075c616bf542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0
| MD5 | bb3f432bee15d195376f367087896d0e |
| SHA1 | 938c30faf899f621760f49c8d3e3f28aa5c55522 |
| SHA256 | 96b713fc73cac147cf4a5efc8d76c5192b2110fe3c0e2997e5fabd662d9a85b1 |
| SHA512 | 80902b36c9b3e348c51913a692719c5ce70e6e38c0f945ca66adca989f4a06acc36c032bc9135de4600e85d2915e294afa9dca48bda8f84c40e647c420be89ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0
| MD5 | 8781bdf17513e5da71c909af332d305b |
| SHA1 | 0cfa90c5e101bfa839218cf4a494e94fc6074fce |
| SHA256 | a07219949e2470fb79b8431d57ab07e15ff9d0354abf4aa8d9eaab9a2fb6527c |
| SHA512 | 4696937260553b270263f2e3e2dc1ae69157737e5e4881efa4384d16c6e11e44ce1f1084948357a337a3d3114bc9c4e4770e39ceea458884ed493a0ea40e6ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 37292a20da00ef91d92f2e1992759d89 |
| SHA1 | 79c9fab16df0af0776004d051d2cc6a306f42618 |
| SHA256 | 532c65c6a39e1a7728a79c52c23d3776e365c804975199dcec11293a5c74d8b2 |
| SHA512 | 5e2cdc8feb972ccebc78d441324db2a927303da34ca11f30385fd68e47129d54489ea07ea61af86e21e539a7ca353d49dd4613176eeaa2bc308bb646c3ceb77a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a28b766f2e67bd61_0
| MD5 | 7e9aac9ad49101c1abd5f863ca68dd09 |
| SHA1 | e3cea56d145b1e0248438a04d585e2818f0a6aba |
| SHA256 | 831a78223568e0ac8c7893111474a0ff17a52b3a98a11ec8d94d8b0d2fe4a4c5 |
| SHA512 | 6e35e619d0d3dcf037a803bf6aa605dc83c8664f7e9f16b0a006a35ebebee6d83982671e27845388fd656886baf5f51ebbe6d2eb78a640294d780a0a6faac409 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0
| MD5 | 21340616e7048dff72864b4efa559b5d |
| SHA1 | f795134fb153540ad9343106bd3740862663752a |
| SHA256 | 53e18ac33ee8d2441bd73ff791e836a207a145bf7bd92464a4d014813975a79c |
| SHA512 | eb4f41ad69710ee627876dcdad90e3a920f41d9e77b56925fe502a49d9f0ec7e91895b07400458978fe512926fa17e1d575543be2684c9b1dc2029e4a2e9ccbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0
| MD5 | 37f2607708be45f65b8b5a9e16a22c68 |
| SHA1 | e34973a9dace2cacd026a8d96f17173f41a51c12 |
| SHA256 | 5ad6be193a8dac257ca93d5c72c1a1089c05a982a59198ada7581a45274ad12d |
| SHA512 | b653bc9fe219a5991b1ee05ee9444dd85bce0fc5a319ab9a9a541f3c79615c22c76cc095a2ba962b94157b3663d6a0a3a59868fe67e1f9de55c5f9b7e212786a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0
| MD5 | ff297ec27dc6020bb741ab758e0dc141 |
| SHA1 | 7132c3a4ddd8de7f4c2247426c8b6d30c35b67fc |
| SHA256 | 67a8f892d41fdb98e418ba2a41af3bf06c09140f2ded872de566411cfff3d7e7 |
| SHA512 | 43d51ef6f7d39e799a7140d589dcec4531790c95153cf85ea1cfe4fb518daf6b0a2f527d9b0c22f7136dd7a7daa639c5ec134938a1fa4ce0b6a2179932aa2fd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0
| MD5 | 9585ede2907cce88883d9b71f93089ac |
| SHA1 | 63c20d744b5049cd8fa43f0f50921ac433e6c834 |
| SHA256 | 90324e50353993b755338b22487660ddc43d0d8526fc7bcca31834069796e94a |
| SHA512 | a3fd89f7238382bd877f5ceee9e36e7092f0dd38be99ed0c586ab80f5301e3a7cc65bf6a41e98ccc3b501783de771ca0708a3928c9ed0cb2adefef79697a8387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0
| MD5 | 866fd1e5cd03df9cc2d910bb8e31e0d2 |
| SHA1 | 18e3003888a7b8287118050cd11290f35856fb54 |
| SHA256 | b5a177f87e981e2d2334cdaf003cc860cc7eb38e1b0e6c74370472a1bd3bbd89 |
| SHA512 | 66ed897bbf1b9790af7a240705e16f8e0cf1970febf45e92f2e7b36aa1df5da015de8261389365715ce6327deac8e1f5d679bce1ca35e826abf9735721c91a93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab38c7b2c8042af4_0
| MD5 | 3f298a8434e3a0607353e87b116e4b39 |
| SHA1 | b1b6cc18e8f75fb17557fe52d4d6e23321e31c0d |
| SHA256 | 0b4af17195c53ebf14b09b91dade611356283acdd0ff942f77c397294a3d2486 |
| SHA512 | ddf1b5c59684cab69cb6de3643f96b557faf4227bdd7c682e8fa6c66d2c89362ec7d7a45f8a39bf2b91196ac824071775ba23b32aa3e35166d18aea279022a73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f608f61e011c420_0
| MD5 | 41d09331e11864ea7c2f8c0585d96ebe |
| SHA1 | 800c2b09999ea6bc4b162bf19db14d7cc1252513 |
| SHA256 | 648f652ea0dd38ff1fcb94442f00fb5755b3f7d920ef6b84190d4678791f44ed |
| SHA512 | 25754057158a9f7ab5c2a66b584c18cfee3e0f2153aee98018676c713ab2febabd788a198b116a469e9be3127b582ec19cbf5991623eb59b6ffc7e513bdd8ba2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8c8218aef51a783_0
| MD5 | fee010d0381fd63a5e179823dc0133fe |
| SHA1 | afbbcd3f7e36a791f3bd7ce96579e6fb3e4bf365 |
| SHA256 | 82900d280feda7113ed0d18482d41fb3ad0d6bee8f10b021a6740b0352d6bbf0 |
| SHA512 | 15942e71f08cd417e948e95f1ccb365f612d47db78708543b3f367dc6470140d4d33d0f01ac24a09ee23b06a9b18b70b662715d50341a5b5c8dba68dea024224 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0
| MD5 | a575dbf1325c2033dbca2c1e7be7b156 |
| SHA1 | 95a86d51174df103583b10feb1576b5263b2423b |
| SHA256 | 19abfdefba48ba1d61f7627c22a5dc1fdf704bc5400c329df28d360d4b10bc9b |
| SHA512 | 20b5a07e31ac36fa8b6662d91b7464d1abc75951dc5cfe14a8b054d2fc2d33afeb95d19bd40d1a4cbf9d4c11f4a201c6407444944064515b50629f975e0f216f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624c9bd517fc9c91_0
| MD5 | f0029aaaa4bb0538548da2666796d2cf |
| SHA1 | c920fb7aae5bdce93aa07f51d2612b5d70ce03a5 |
| SHA256 | e55321b7a3d3f6235f686cca55c9e6d3e0c9f891e7582e9535fdd7611b90a0ca |
| SHA512 | ee1fb367b63bf631b84eb504d03419ff41dc488e9f527d56fdaf50c25a99516b32471fb99169f65c4665e8eed1d2db565d11b209881316bc687aaf52fe348521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cfbbbd670a71e_0
| MD5 | 7871218d1100ce2d46de648b0c575be3 |
| SHA1 | 78fef96ea67e7e7c7b8cc8d53c2b98e2794a1ec9 |
| SHA256 | 1b68feefedab31a2e97da89707ee108b1cf616838553eabdf8e332065b95f758 |
| SHA512 | 7b9e58597ea64812832f7f7eb911eefde62432ebd5af1cf820edacc0451f2931a2a8360933d8d88ab82dc1a94474a9b82e3d1ed976b070a0623940f1d9c90774 |
C:\Config.Msi\e632b73.rbs
| MD5 | 17ed55f3a2604108ae968f7ad58823eb |
| SHA1 | 9d7c2d9bbf2d383f1488eb42d58401d848a5a44e |
| SHA256 | 3c5fec00b0c6fea250724d1e7deec89d19f7abca9909cc974bf8a971fe987e2e |
| SHA512 | faae89f01b1f87dc72413e2b166548123790ee09e4eac8d3aa8ea9390212db1f8dc6220f1d81397b7a06573871109063e816119dfd1329e0a229e5b443c0b81a |
C:\Config.Msi\e632b82.rbs
| MD5 | a52eff1926352c569718bcd2e1bafb38 |
| SHA1 | 9de3fec74e4fe965433210c5e6ae398b41dadcad |
| SHA256 | ed7d4b3fd36dc6bc2bc8ecf875deb3dd239e56f613db4c0e6d2a7b15205d41cf |
| SHA512 | b769090a43795616abb01a19a4149629cbd60a64a34d82b314f75709b4b8fa21707c0f01c569dfca3de74dc769720a0e748e645b178169aff5be608e3e76f2a8 |
memory/5916-6491-0x0000000000180000-0x00000000001F7000-memory.dmp
memory/5748-6528-0x0000000000180000-0x00000000001F7000-memory.dmp
memory/5716-6529-0x0000000000180000-0x00000000001F7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4b95a1e43d59c66_0
| MD5 | 8e9e2c6e0501d6b664e55905985cd85d |
| SHA1 | fc902d4cede6c66cfe98d80f7b4ac90f12d789ad |
| SHA256 | af5ea354bee9939970963c27b806b8b320783b29d8928a1bb7d0ed6d1fa6d9c8 |
| SHA512 | 551da047a538020832ad3cddde7d5836647b3fe1d9b7b24121d23297c017b5152df70d8043c427d9e97879a18dfb283ffca448deb522e218e69b3da1d6b9a8e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55d1a302ab2e2689_0
| MD5 | 2b8fcdfcf004d0cd65048d9a6d16a55e |
| SHA1 | b917f1a618465300a2c654117ccbcde8e6b8b6c0 |
| SHA256 | bfe04a60f286e617d7e467f9687be653a9bfd369d7da4b598e8f76bf017a1797 |
| SHA512 | 11862573b1051a8d7169f6d965dd8682d83c02fbc00809a755e34eedf978a6cf71367e1d3d8991ca8b6864b3590afe1e9b305a6dbb825dbb56558da5631186ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70335303be4bf644b7f5678ebb97be0c |
| SHA1 | 3dfdb7ea9017852a9ec52a378163235a97eefe2a |
| SHA256 | e702e38859c8e8607fcb9653ca1f39b853e54cf79436b1cf051888bd43d4a998 |
| SHA512 | beac3f34f2fada0e81cfb5f7b0e3972ce89cdc64d8ac9221b0ee1f908380e3991e92c2bc7fb0826b642dfb26b5c69457a63863c2b94b022aa5c67a462e17954a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94e5d018d0b57a3a0cbdcb24747fa8ed |
| SHA1 | 8837933f7d4f1bb33631fe575b2f2f107d8adc5f |
| SHA256 | bd7410540a2d56c642b98b9e2826a597eb52c50d1b4b0b0982dfb185c20f450c |
| SHA512 | e7ddf00626a3cc9765f607ac55d5ee8e0b759b713160652557cda472cc405840b2f014e5b361e85a1a95cb70aa17708db96b9a2d1a36bebefd93c4e2bd12c44c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a4d81003f37afff13d27d4a6379ccdbe |
| SHA1 | 84a62988b09854bdadea4df4951ea8079441b83f |
| SHA256 | 99ca938bab6cb963f370d1f4e263e4bc5f39f80e507854526a20307f52b14d60 |
| SHA512 | 6a1f9a792f3332e9932dbefda7c0fd89638ae2a3aba964b4732465c29b106e63e338ff1ec039f8854b9655b462b4e0ead5d8eb3514292f0607e1d2492819bd10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e27ce82de1414ff17ef014d4480c0dd |
| SHA1 | c66b5bb72827a8cb535af3eaa813f7217826ed5b |
| SHA256 | 6da6542d4918cfc4ad975d31498466d361d59c0013c747cd753cd27fd39950de |
| SHA512 | 955d9ba9dec734b67a9aeb137571629588720d4377c00ea979d884107b4926818b6109860d0723ba0c08e02f853ec34e1ece6115fc20ed614748ad66714c2578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8dbbe34cc7737aa51aceaa5edd6dcd93 |
| SHA1 | 98f76d6770be3caac2bccb07efa056b65384efc1 |
| SHA256 | 121c09a6e6594460a9b08bc0899af7bc42e480bef0a25a83f96898b1ebb8a92d |
| SHA512 | ed68abb5286a2ac0c7c526db2d046bed4ca359bafffd4357b47d760b2fbb96a47eb3285a2d3def84a5038ff96e7f0da292a05dac2f1b618b5fed0a97c904414a |
memory/6012-6801-0x000001CA77780000-0x000001CA77933000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee2b29a3f41dccdcaa6466355105e96f |
| SHA1 | c438a78016518d1e6944bd9ead942a31fa4b694d |
| SHA256 | 70d321b8e4be712195343b52c516316b29217853ef1d757496c985f156b18315 |
| SHA512 | bccc61b17482adae4a89e7a0a2e8a843dee239302e108faf1d23e5b49a7abd41b8f5b52c08df56d846b88607d054672c7d4abd3e4c3ec01dd8a4367e14bd457b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0
| MD5 | 54c7fbd4ffe25833f2167e00027d81ba |
| SHA1 | 9f26c05b5a904a951fedb6fa30bbaeb55d517259 |
| SHA256 | d5248c4d2a974cc061091da4d6a3c21c6d5e7d537b04f669c356a2ed37c88a73 |
| SHA512 | ae243b31a50a6964ad9c2c11acbb83ff6517a8eaaa2192e3cc47a89a12c243d34c400df71bab0480d6eaf62b19642cbd703fa3b5c28d6d30b038daa65cb8fb2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0
| MD5 | cf197b2202a5f3893f4ec1624762d345 |
| SHA1 | d3873f153a704a38d12b2b6fe2a2b49938bc71ed |
| SHA256 | adb080966c4cdb0f3e814457777ce4554cb45948e84f58cb60a94c963def3f44 |
| SHA512 | aa81750438de55d0a7c065a446ea7e1c695922262c73ca790b725691b267195c93d235d6f4159fd10295496bd66fa5d9194d9e788517646151130ed9f60dc78e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 823eedae2b81a04a1c50a2f1e8cdc05b |
| SHA1 | 0cd50224bedef3560f19ddc14526f41fb72f7918 |
| SHA256 | 2ffb58a11d19c9bca65a1ce8c8eb6ffeeec80575b872b85826b01e3999841416 |
| SHA512 | f97a1fc00bd5ae0ebdb0afe477dd412a4ac4ffe77191f7610006597999558cc1b63a9dbc66d8074197b324efeff6795899516af200b0112d57587fa336db3648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ae77f0e8489e2b1_0
| MD5 | ecd5b21b130d3c2f9d906bbd07e16539 |
| SHA1 | 8bc95f0ea81183ea3ae29c97a4e0bd3dd1a7cfe5 |
| SHA256 | 4908c77bb3b79157332c2f096fcdd3dc54b0cd06811fb101a91b068454504632 |
| SHA512 | b3a9ae8e8f8b10f07484d3f2ba4213c3681fd7bd152c87defc328ac843845f059f314dffc6ae1d26a416466651baf5fd0de17db9763d61cc7487967ff7389e59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\010b94ef3f9065c1_0
| MD5 | ef9aeeaa7374737f1d7ff29ef4290554 |
| SHA1 | 17ee5f906abf4e637c579c0b5c5dcc1462295b59 |
| SHA256 | 42c5ee574c515d79e0997246cb910ca60b5581cf1525f3c3afa3144b8bd99373 |
| SHA512 | afafc850371003c5a2d0a530a4cf9b00304b971fc6982a82295d89478b269fc6558ab7cdcd079d051feaf531e92c200d0b12300265936bfa872f780a34cafd5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1de8978eb1e6ae98_0
| MD5 | f25ef22eec661ad3ec62fbf72df9f6cc |
| SHA1 | c27698969c5b3972621072b029e8ea13a62f2bd1 |
| SHA256 | 6a8ba29eba8e978f82609c7aa99deb6bd057e8b290dd6c4796d2e32f30e1ee28 |
| SHA512 | 7bb17f9189242c4da0b54ae47bbd73c57ec558cb13cdb6ea94cd01b35a3484c849679e3c3dd6d4181cea06c28ead8f79a4d311fba4eafadf97e30242d4904804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f152034254beb2df_0
| MD5 | d045141d4e905542817433d3202e8095 |
| SHA1 | 4d26b1797be2dae8813ba0f9c1c95692e6c4f038 |
| SHA256 | 668282e626f8995dc836d273d75655f9f7a5bdedcfd07353582b75a31fa475a8 |
| SHA512 | 56261c014c70c2dd495f73de17e0af9723cfd01b089f96f96f1d4ca2f3734bbafb88ff40407aa6637f107582c42be238a789b4e92ca13e136ccb9e6718f2fe36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a631a7e562405ca0_0
| MD5 | dad827720e56fc7b5d25b57f833af37c |
| SHA1 | 5af622d94cfcf0b9daa8ccad7c3ca585f32d658d |
| SHA256 | c35a21e328c30a177cc132d5b521b852c92d53ca1ef07febab804a36eca5cd92 |
| SHA512 | 2aed29307e8bde6ce0919bb17985d844da3ba11d52ae2c587b8c932e45e49fd3d41296298d5778affb1ba9a155b37fca5b3c600ef7e1e0826a7a0de7ddf2d5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80896b7a47f843ed_0
| MD5 | a50d4f3c3904aca9b20fa00ec7cb3ebb |
| SHA1 | 0e45442de557b56d17d7f8464626b8f014e95716 |
| SHA256 | 0747d76b9a9b7aff204c79eb4e1e8adcca4ddbac84d36d86156bed3bc6addff0 |
| SHA512 | b9cff41c7924fe73718f3d9b96b8a7153e2ad288b90065a02622501444a2a21b7ec0d9d01ae707d32473d71d40bb671b95a5f76eac0bd3fd07e9875aa31239d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\769c061e8cd16503_0
| MD5 | 5008d24442b46d128e497688af3209e8 |
| SHA1 | e083c56d34321b7941d4645bb7965229f2f2a5cc |
| SHA256 | b64b8254dcb96801473114d9d80e025300792b2fd371fc82af4bc52c3d56ebfc |
| SHA512 | a0d0246ba5f793ee32ed37f958405ef44d586705f10640497404ef523925d6c949f4babab53cb6e58a17fd507a04ba1ad22fd124fb7f3e94e896f387f4710f51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\216dc9407ec6ec5b_0
| MD5 | 159b9c0012859b6ca1af4c4db1772824 |
| SHA1 | 31bc7bb622da6885f1fe01aabb2deee73d36fbf9 |
| SHA256 | 86b23a06b4199c116952bccb79785707e96cf4f95a995f2211616d3d709d6624 |
| SHA512 | 2c94a546a451fa0cd8698d650390953fc34ae1eeae20bf611b1ff69d91a486928f5d3ffea3b504da830b9aea05ae34f8d5bb7b1ef515e8b9010254f144aeedb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\228e7c92e9d51874_0
| MD5 | 9e153c43c2abcb76a7773fd68c2ac9ef |
| SHA1 | cadd1bee3b055982025d546f79a8f27e602d24df |
| SHA256 | 6d9e4ce76628e14b208fe293aca0b23847c5a042d8644f721ebb47bbfdcf7761 |
| SHA512 | 83bc0798a6bdfa72430f01da2740fe947c98e0ba1684c4c5f0763a46e08289d68317c893bdc3ff906a2369f5bc313b9a13273e440d891aa9631acfa6dd9c45c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\317e25fb4e2730aa_0
| MD5 | 54398cdecc08460d408b84166cd8bd95 |
| SHA1 | 68209b1056dfbddb9d25236534af79f2f1c93775 |
| SHA256 | 946d1450129e9a43e073c0f4711fafe8cad71743df7e4039c828f1efb4db4f2b |
| SHA512 | 88b112f62aebe9af5c6a8beeba9483b7facbf9f77443f4eaa72980ebecb2fe3a756c2891afd5e61221acf9dae3ea89f88e07dc194d0d00a65f0fe68e7e453e8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\398f89396d810049_0
| MD5 | 40895fe534d1e1ba1dcb5ff59ab7c1a9 |
| SHA1 | 7ce7372c889b56282365ecfafb4d06ca596b2a2d |
| SHA256 | b86639386df553fb19ef1858edbf2d134b80673b199bb3bfcaffc66a2ca97b9a |
| SHA512 | 873b9c06264232c7268fe27df91d771b002b8bd92074b966d1f4cd135cb38393e3d6bb3c9a310c58a1e812f53e96c1c23189303225aea10311b659dfe3e9abcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17d3c4e19caf221e_0
| MD5 | 8994ce913e1268868a7e0e083866597f |
| SHA1 | 606a149b08f9b194ea12590ec4e2ab8d33e081bc |
| SHA256 | 17d0d343489a9bcf61a4e3f33110b32f6a576b43b5f3e22bcbcb2f2387367dc3 |
| SHA512 | 2980dd6734ca8e6214bb924c1a4e6f7afe3748875a6f14039c46924e06a9aa0b5200636a726b1b0623fbe5421434ed7603f431e4c97a5287645347431c6bac38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfd72946fa91b564_0
| MD5 | 1945591a0b49c175969652af40b97195 |
| SHA1 | 48c856301cc1d8436805ce1ff88c2fee79b6eb1e |
| SHA256 | 9db03a1069854946c011e53d8793d1387681c407d9a21c839cb27841b9e88f0f |
| SHA512 | c0e5499d1ec03b0fcdb4659575fa618e6a380cd77261569a7826d95121bf0edcfcc2f60059389725c76f62f24caaff249c5961142fb96f82332b58372be0da4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0
| MD5 | d0509f7a58bfd7e4ad6123e0602fdcc3 |
| SHA1 | d39f8e60167c7e09e9d3f14c7eb27b467cedd3ad |
| SHA256 | 35437d406b42bf60bdf8b316b3a6d9d56e37b2497114d8d5f4b5cfa7e1114a0f |
| SHA512 | bbc65a2bd3e1f20da3fe62e2331512706aa39604fbb85b2d3c7fca7652ee0353b2c55c8b6d65a46b84ca635ba2ce102a140956291509857b8bbc229284cc7640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ec32da495e6d9ed670f0049976011e0 |
| SHA1 | 2f4b18688925f83dc258363afaf58565c7c834df |
| SHA256 | dbcd35d1858c5d1704edcf6178a718de49dcac579b915da5b9fc701f8393440c |
| SHA512 | 2dc3120b6c8f2f5c52cc0d67865a71d7773aa7316e0f59bf28124a88f4a3aea548218649ee2b998209539698f4c8f5d2a013d39dcc901800cc6d79a0da07d59e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a4f1b7add1f14fea1755f2693a7b049 |
| SHA1 | 57f9ce15b7770e311916151eaee55727f1d7ebef |
| SHA256 | ef52346a71e669e1412fd603da447e111fa4d102a6c2fa5b6f64a90e5211e308 |
| SHA512 | 9e32a0216866ed502f97fa1256232b941c143fce37728e9246eff16175d04b9836012996efb5412a70aecc2db5218cec4e5b8c51ed017b02cbcfe950330ebfe5 |
C:\Users\Admin\Downloads\Unconfirmed 219032.crdownload
| MD5 | 4ebe8621171038676189cbc5e7053d9f |
| SHA1 | 2e3a3b97163d1e8af1e41c36f9495062fb4b1934 |
| SHA256 | 3786d314f4e3906400b24657ed15fca047576eba9cf17630246db69503fdbea3 |
| SHA512 | e0091ae9f3acddc7e8d11b89a60debc3dab57b8af57bde4a3f538b2283eae398a1adec8224bf5fd2d0be61be015fc2a79c49b06cf786945073e1cc87d66be356 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd27befc524c946dd77021c0c45c2bf0 |
| SHA1 | 7471938e11ce55cd2ebde6cc7175a28c57943e6d |
| SHA256 | 16758a35291f6f1e839312e7fda01f1dd8839b9fed28905fd2d11debdbf29c5f |
| SHA512 | 81ada9e5ec2a5c2ed6802d3448c9d64be170800834eb52f01072c265f544d597916eab61f714dc70a98865c278c53d935eb7ef8f3a82ccf44678c2411a2ff6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c57931c497ec15d7ba36474e9880ac5f |
| SHA1 | 57ffffc0f5bc83ce3ec2b463ae131a4263c14783 |
| SHA256 | 7a1a2eb8cdf6e9f764e9419837183f39c493c7041023c8db8b3d66c3b222a8d2 |
| SHA512 | f7ad2983facaa2a90790765c43f13fb9d087b679cdf5d90391259b37336259aebda67171ff2349b9ab46be56d321035baa8df7c3243af68de5ab33aaf24473f5 |
memory/5908-7114-0x0000000000FC0000-0x0000000001FFE000-memory.dmp
memory/5908-7115-0x0000000006A70000-0x0000000006B20000-memory.dmp
memory/5908-7116-0x0000000007100000-0x0000000007396000-memory.dmp
memory/5908-7117-0x00000000073A0000-0x000000000748C000-memory.dmp
memory/5908-7118-0x00000000076A0000-0x00000000077A2000-memory.dmp
memory/5908-7119-0x0000000007070000-0x000000000708C000-memory.dmp
memory/5908-7120-0x0000000007090000-0x00000000070AC000-memory.dmp
memory/5908-7121-0x0000000007060000-0x0000000007066000-memory.dmp
memory/5908-7122-0x000000000D2A0000-0x000000000D2B8000-memory.dmp
memory/5908-7123-0x000000000D360000-0x000000000D372000-memory.dmp
memory/5908-7124-0x000000000D410000-0x000000000D496000-memory.dmp
memory/5908-7125-0x000000000D3C0000-0x000000000D3E2000-memory.dmp
memory/5908-7126-0x000000000D4A0000-0x000000000D7F7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b356a4b8244fb345dca3217b1fae59d8 |
| SHA1 | 15533acee34509437d7e1b1cc4b0239413d33bf3 |
| SHA256 | e00a49cccc92bb71552420d74d090a437a68c1275d1c750874099fc37cd4f1a6 |
| SHA512 | 281823a5ef9086de6258c8f84b33a0f0063603f72451d8812d9593ef1d4e399b4fd096985bc142ad4706ad6761b1905ef6e58d05cb2bab83621ae6bf79c0ffbc |
memory/5908-7136-0x000000000D870000-0x000000000D87E000-memory.dmp
memory/5908-7137-0x000000000D910000-0x000000000D998000-memory.dmp
memory/5908-7138-0x000000000D880000-0x000000000D88A000-memory.dmp
memory/5908-7139-0x000000000D8B0000-0x000000000D8C2000-memory.dmp
memory/5908-7140-0x000000000DAF0000-0x000000000DBA2000-memory.dmp
memory/5908-7142-0x000000000D8A0000-0x000000000D8AA000-memory.dmp
memory/5908-7141-0x0000000004500000-0x0000000004508000-memory.dmp
memory/5908-7143-0x000000000D8F0000-0x000000000D8F8000-memory.dmp
memory/5908-7144-0x00000000088E0000-0x0000000008C22000-memory.dmp
memory/5908-7145-0x0000000008D60000-0x0000000008D68000-memory.dmp
memory/5908-7146-0x0000000008DD0000-0x0000000008DDA000-memory.dmp
memory/5908-7147-0x0000000008DE0000-0x0000000008DF4000-memory.dmp
memory/5908-7148-0x0000000008E10000-0x0000000008E22000-memory.dmp
memory/5908-7149-0x0000000009170000-0x00000000091D4000-memory.dmp
memory/5908-7150-0x0000000009270000-0x0000000009302000-memory.dmp
memory/5908-7151-0x0000000008E50000-0x0000000008E5C000-memory.dmp
memory/5908-7156-0x0000000008E60000-0x0000000008E72000-memory.dmp
memory/5908-7157-0x00000000091D0000-0x00000000091D8000-memory.dmp
memory/5908-7158-0x0000000009710000-0x000000000975A000-memory.dmp
memory/5908-7159-0x00000000091F0000-0x0000000009212000-memory.dmp
memory/5908-7160-0x0000000009210000-0x0000000009222000-memory.dmp
memory/5908-7161-0x000000000A0F0000-0x000000000A696000-memory.dmp
memory/5908-7162-0x0000000009FD0000-0x0000000009FD8000-memory.dmp
memory/5908-7163-0x000000000A050000-0x000000000A058000-memory.dmp
memory/5908-7164-0x000000000AA30000-0x000000000AA7C000-memory.dmp
memory/5908-7165-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/5908-7166-0x000000000CB30000-0x000000000CB38000-memory.dmp
memory/5908-7167-0x000000000D900000-0x000000000D908000-memory.dmp
memory/5908-7169-0x0000000010A50000-0x0000000010A5E000-memory.dmp
memory/5908-7168-0x00000000110F0000-0x0000000011128000-memory.dmp
memory/5908-7177-0x00000000081B0000-0x00000000086DC000-memory.dmp
memory/5572-7186-0x0000000000EB0000-0x0000000001202000-memory.dmp
memory/5572-7191-0x0000000005F50000-0x0000000005F7C000-memory.dmp
memory/5572-7192-0x0000000006120000-0x000000000616C000-memory.dmp
memory/5572-7193-0x0000000006BD0000-0x0000000006D92000-memory.dmp
memory/5572-7194-0x0000000006A80000-0x0000000006AB0000-memory.dmp
memory/5572-7195-0x0000000006AF0000-0x0000000006B3C000-memory.dmp
memory/5572-7197-0x0000000007200000-0x000000000723C000-memory.dmp
memory/5572-7198-0x0000000006B90000-0x0000000006BB1000-memory.dmp
memory/5572-7225-0x0000000007960000-0x000000000796A000-memory.dmp
memory/5572-7226-0x0000000009DA0000-0x000000000A036000-memory.dmp
memory/5572-7229-0x000000000B720000-0x000000000B79C000-memory.dmp
memory/5572-7231-0x0000000008760000-0x000000000876A000-memory.dmp
memory/5572-7230-0x00000000084F0000-0x00000000084FC000-memory.dmp
memory/5908-7236-0x00000000078B0000-0x00000000078C0000-memory.dmp
memory/5572-7237-0x0000000060900000-0x0000000060992000-memory.dmp
memory/5572-7265-0x0000000060900000-0x0000000060992000-memory.dmp
memory/5908-7266-0x00000000028A0000-0x00000000028B4000-memory.dmp
memory/5908-7267-0x00000000029A0000-0x00000000029A8000-memory.dmp
memory/5908-7268-0x0000000002AA0000-0x0000000002AC6000-memory.dmp
C:\Windows\SysWOW64\WindowsInput.exe
| MD5 | e854a4636afc652b320e12e50ba4080e |
| SHA1 | 8a4ac6ecc22ee5f3a8ec846d38b41ff18c641fdc |
| SHA256 | 94b9c78c6fa2bf61fba20a08ad4563f7dd2f5668c28eff227965ce0a2032d5d5 |
| SHA512 | 30aabd5079b6ed0948eb70fd18e9166096e4ba5d1d47fc35b7270f931d19bbe6cd929b6010f70297bf5272dc5a79e2523721354d211c4080d68ad8d17e316118 |
memory/6120-7294-0x000000001B0C0000-0x000000001B0D8000-memory.dmp
memory/6120-7295-0x000000001B100000-0x000000001B120000-memory.dmp
memory/6120-7298-0x000000001B410000-0x000000001B434000-memory.dmp
memory/6120-7306-0x000000001BD70000-0x000000001C23E000-memory.dmp
memory/6120-7307-0x000000001C2E0000-0x000000001C37C000-memory.dmp
C:\Windows\SysWOW64\WindowsInput.InstallLog
| MD5 | c2291863df7c2d3038ce3c22fa276506 |
| SHA1 | 7b7d2bc07a6c35523807342c747c9b6a19f3184e |
| SHA256 | 14504199bede3f46129969dbd2b7680f2e5b7fcd73a3e427ce1bb6217a6d13da |
| SHA512 | 00bf40174a67e3e663d18a887c5b461a1e5ead0b27f0a139d87969158c58f4ca72cfa5a731dda239356192ca4cb5ac6ae2b0e37401d534e686cabacd3cbee8fa |
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
| MD5 | a3a7f91d4e8d0673011692eb3058fe86 |
| SHA1 | 16e009a27588c11e5cb1dac2a42ad0eb5b38e400 |
| SHA256 | 2756de96eca433556cd6171491fed7d4cf4746459d082386c924cf2b7aeec240 |
| SHA512 | 221a046b4ee64d3adc6b4c06e6685f7be438b92c986926349524236f66806c8e035b60fadf0bb4fdad3578a6f50c0350b901abc037bdc82215fed64fb60fb12d |
C:\Users\Admin\AppData\Roaming\GamerView\sqlite3.dll
| MD5 | d8aec01ff14e3e7ad43a4b71e30482e4 |
| SHA1 | e3015f56f17d845ec7eef11d41bbbc28cc16d096 |
| SHA256 | da1d608be064555ab3d3d35e6db64527b8c44f3fa5ddd7c3ec723f80fc99736e |
| SHA512 | f5b2f4bda0cc13e1d1c541fb0caea14081ee4daffd497e31a3d4d55d5f9d85a61158b4891a6527efe623b2f32b697ac912320d9be5c0303812ca98dcc8866fcf |
memory/5908-7356-0x0000000002740000-0x0000000002760000-memory.dmp
memory/6140-7357-0x0000000060900000-0x0000000060992000-memory.dmp
memory/5572-7358-0x0000000060900000-0x0000000060992000-memory.dmp
memory/6140-7385-0x0000000060900000-0x0000000060992000-memory.dmp
memory/5908-7387-0x000000000CE90000-0x000000000CF28000-memory.dmp
memory/6140-7403-0x0000000060900000-0x0000000060992000-memory.dmp
memory/5908-7406-0x0000000007BC0000-0x0000000007BC8000-memory.dmp
memory/5908-7419-0x0000000008840000-0x0000000008848000-memory.dmp
memory/5908-7437-0x0000000008870000-0x0000000008878000-memory.dmp
memory/5908-7447-0x0000000008880000-0x0000000008888000-memory.dmp
memory/6140-7463-0x0000000060900000-0x0000000060992000-memory.dmp
memory/6140-7475-0x0000000060900000-0x0000000060992000-memory.dmp
memory/6140-7500-0x0000000060900000-0x0000000060992000-memory.dmp
memory/6140-7522-0x0000000060900000-0x0000000060992000-memory.dmp
memory/6140-7536-0x0000000060900000-0x0000000060992000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e36caa0913bfb63ff86902084ed89eef |
| SHA1 | ffe0936e601358bfc46d18cd9a9d494da4361478 |
| SHA256 | 302cefcdce3475f023230affbfe7dfd04499f66107883d036aea2546e480adda |
| SHA512 | e8cc819286ed64d50e3d5ee4b55abaaf11479d3046476aa5853dea0fe89a3650d26f02ff236cc468abd9a7d6cb86f425bb091a0159fc393c5c53a1ce02c427ba |
memory/6140-7565-0x0000000060900000-0x0000000060992000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d68ffb95e83a132aae525b79ab379c38 |
| SHA1 | 9b9ae21da078914c7425554a7056ef1e9a1f2984 |
| SHA256 | 395b3cdce6b3d4e472d97ae4c1907bf9e73f1f81798d9dea52a3e00de84a27f3 |
| SHA512 | d8c8c0af667c6a8492ab211751f9eddfb554e565b8ebf20546de01bb1b3051f4907b92e13f875851285d9c9f1e17d4b5a97d3f15ea556b3e734ae4de453020c4 |