Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file was found to be: Known bad.
Malicious Activity Summary
Phemedrone family
Phemedrone
Uses browser remote debugging
Downloads MZ/PE file
Reads data files stored by FTP clients
Loads dropped DLL
Executes dropped EXE
Unsecured Credentials: Credentials In Files
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Checks installed software on the system
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-20 15:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-20 15:59
Reported
2025-03-20 16:03
Platform
win11-20250314-en
Max time kernel
239s
Max time network
240s
Command Line
Signatures
Phemedrone
Phemedrone family
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC74085AA\vanish.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC7414FFA\vanish.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC74085AA\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC7414FFA\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869599862276688" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000745a34801000372d5a6970003c0009000400efbe6e5a5277745a34802e000000d28e020000000300000000000000000000000000000031ed010037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000006e5acb7c110050524f4752417e310000740009000400efbec5525961745a35802e0000003f0000000000010000000000000000004a0000000000ada7b500500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{D8153F5D-5006-4593-A6CE-0A35836A70D9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\VanishRaider-main.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\VanishRaider-main (1).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC74085AA\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC7414FFA\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x26c,0x7ffd9d59f208,0x7ffd9d59f214,0x7ffd9d59f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2408,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3408,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4152,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4548,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1100
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6204,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3700,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=3652,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3456,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6912,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6332,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=3448,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7476,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7500,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7280,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6756,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8012,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7996,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7992,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6612,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5084,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7328,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6964,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=2792,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7556,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7344,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7712,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6736,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6704,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7176,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7388,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=5240,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=6360,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=8120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6520,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=7212,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=8080,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7864,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7424,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14
C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7620,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=8132 /prefetch:10
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7516,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VanishRaider-main.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3996,i,9301535377832432434,7923682488955379848,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14
C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd7593dcf8,0x7ffd7593dd04,0x7ffd7593dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1796,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1792 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1284,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2192 /prefetch:11
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2200 /prefetch:13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3264,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4264,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:9
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,1079127770103606938,14669917336257958776,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4756 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zOC74085AA\vanish.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC74085AA\vanish.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0x48,0x128,0x7ffd7593dcf8,0x7ffd7593dd04,0x7ffd7593dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2136,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1840,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2612 /prefetch:11
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2184,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2756 /prefetch:13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4256 /prefetch:9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4700,i,11546855949132740014,13946450609120692968,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4712 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zOC7414FFA\vanish.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC7414FFA\vanish.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.66.73:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 204.79.197.239:80 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 204.79.197.239:80 | edge.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.253.65:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| FR | 13.249.9.118:443 | cdn.amplitude.com | tcp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 104.86.110.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| US | 34.218.6.172:443 | api.amplitude.com | tcp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| US | 34.218.6.172:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| IE | 54.217.231.213:443 | bcp.crwdcntrl.net | tcp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| IE | 54.217.231.213:443 | bcp.crwdcntrl.net | tcp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| IE | 52.211.201.45:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.133.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| GB | 216.58.204.65:443 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | d33fd901ede78575dbfb72d4ce974979.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| GB | 54.230.10.104:443 | woreppercomming.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 54.230.10.104:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.217:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 185.235.86.55:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.235.86.217:443 | gem.gbc.criteo.com | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.123.56.179:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 172.217.169.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| DE | 3.123.56.179:443 | www.opera.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| FR | 185.235.86.217:443 | gem.gbc.criteo.com | tcp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| FR | 13.249.9.118:443 | cdn.amplitude.com | tcp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 7f104574a1a36b25406cec71f8733a6d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 7f104574a1a36b25406cec71f8733a6d.safeframe.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | 7f104574a1a36b25406cec71f8733a6d.safeframe.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | 7f104574a1a36b25406cec71f8733a6d.safeframe.googlesyndication.com | udp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | exhibilogist.com | udp |
| US | 8.8.8.8:53 | exhibilogist.com | udp |
| US | 172.66.40.104:443 | exhibilogist.com | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | trugbyrectough.com | udp |
| US | 8.8.8.8:53 | trugbyrectough.com | udp |
| GB | 18.165.160.115:443 | trugbyrectough.com | tcp |
| GB | 18.165.160.115:443 | trugbyrectough.com | tcp |
| US | 8.8.8.8:53 | drivilo.com | udp |
| US | 8.8.8.8:53 | drivilo.com | udp |
| US | 104.21.95.226:443 | drivilo.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | pb.eclicklink.com | udp |
| US | 8.8.8.8:53 | pb.eclicklink.com | udp |
| US | 172.67.159.167:443 | pb.eclicklink.com | udp |
| US | 172.67.159.167:443 | pb.eclicklink.com | tcp |
| US | 8.8.8.8:53 | r.linksprf.com | udp |
| US | 8.8.8.8:53 | r.linksprf.com | udp |
| US | 8.8.8.8:53 | r.linksprf.com | udp |
| IE | 63.33.119.172:443 | r.linksprf.com | tcp |
| US | 8.8.8.8:53 | www.prettylittlething.us | udp |
| US | 8.8.8.8:53 | www.prettylittlething.us | udp |
| GB | 2.22.69.104:443 | www.prettylittlething.us | tcp |
| US | 8.8.8.8:53 | cdn-ukwest.onetrust.com | udp |
| US | 8.8.8.8:53 | cdn-ukwest.onetrust.com | udp |
| US | 8.8.8.8:53 | cdn-media.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-media.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| US | 172.64.155.119:443 | cdn-ukwest.onetrust.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| GB | 95.100.195.172:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 2.22.69.104:443 | www.prettylittlething.us | tcp |
| GB | 104.86.110.97:443 | www.bing.com | udp |
| US | 151.101.128.84:443 | s.pinimg.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 23.206.176.199:443 | s.go-mpulse.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 23.192.16.199:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.16.34.51:443 | th.bing.com | tcp |
| GB | 2.16.34.51:443 | th.bing.com | tcp |
| GB | 2.16.34.129:443 | r.bing.com | tcp |
| GB | 2.16.34.129:443 | r.bing.com | tcp |
| GB | 2.16.34.51:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.16.55.198:443 | aefd.nelreports.net | tcp |
| US | 2.16.55.198:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | cdn-media.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-media.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| US | 8.8.8.8:53 | cdn-skin.prettylittlething.com | udp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| GB | 23.192.22.61:443 | cdn-media.prettylittlething.com | tcp |
| IT | 91.81.130.134:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | o348400.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | o348400.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 34.120.195.249:443 | o348400.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | www.prettylittlething.us | udp |
| US | 8.8.8.8:53 | www.prettylittlething.us | udp |
| US | 172.64.155.119:443 | cdn-ukwest.onetrust.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 34.120.195.249:443 | o348400.ingest.sentry.io | tcp |
| US | 172.64.155.119:443 | cdn-ukwest.onetrust.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 172.64.155.119:443 | cdn-ukwest.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | aacdn.nagich.com | udp |
| US | 8.8.8.8:53 | aacdn.nagich.com | udp |
| US | 104.26.14.45:443 | aacdn.nagich.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.66.64:443 | www.bing.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aee3beb42692ce6dce864246c4ada35a |
| SHA1 | 9d55f9c67ba7bdd1a30f768016df19556f67c1b0 |
| SHA256 | ff68535d81821bc1db961c9b40cc2c3eb9b3023da9bc3f5b3fcd40b224e9deea |
| SHA512 | 720000a394fa716308338b70d2f5e8448a75c4f5858dcde1dff6f4272a2db7f8afecfb7b95a73e8b456a9f7a29139f62d57cc5872bb78eb30b4dcf82fe412eda |
\??\pipe\crashpad_1960_FZRQKEROWAEYOZYK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 19a88bad99bffbae6102e191cfedd75b |
| SHA1 | df476b325df883b73eda1b2349bab45aa22e808d |
| SHA256 | 0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a |
| SHA512 | 9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | e5ea3678d83f313088d63bd0ff69c421 |
| SHA1 | 7e9ebc2a2d4c842025c3d41dbfb68e972cd0be39 |
| SHA256 | 590174dbc71fd9125eaf5cc542e73d41a1a343485034ba803723d21bcf903423 |
| SHA512 | 460412c9b428fadde4cb36cae88323fdfbccb2eedcccd965a9a5d0c998890640bd74ff3b40dc3792f9cc92aeba2da1e81474ba8cea0b91ad88d6c519128447dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 40e2018187b61af5be8caf035fb72882 |
| SHA1 | 72a0b7bcb454b6b727bf90da35879b3e9a70621e |
| SHA256 | b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5 |
| SHA512 | a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 579c81b67dcd0865fdf8f30ab8e9e514 |
| SHA1 | c81b758c54eb3dddd21829ab3625a632b23dd8d1 |
| SHA256 | 4838b38647d78b40ae233ac23ec8dc94dd31f3206aef0658e71c0cff687ec5e2 |
| SHA512 | 46c012453e2c1dfd46e4d5d0e8672885bbdf38be24fc37814e02166bcdf28d1861fe3c9bbe4fe35ab1369828ff6d21571893ca6c15d322b13c8f63f05fde0470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23d5676bf52fc89bd4b39c67c01154f0 |
| SHA1 | 1706df89b375d513eb19d96310db0056a27f19f2 |
| SHA256 | 4bf88f640103166453695de885791986865c21e06e267562416f35d7be3b5b16 |
| SHA512 | 06f2c07053af929c11a38b9cf22c1159a8885d2caff69543ec0436b5c5f4c509751e6634faf83eaa0fe57a55f7d781beae1ce4e049405401ad36702061ce7451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ca1fb37b5da2fa3bec94d930fda0206d |
| SHA1 | 6d86d7ab45e876cd267356ef7342302e3d073b2d |
| SHA256 | ce8d05aa79760ba82fe77c177acc21470e08fb4c136ad555f6cb55e1c616ea46 |
| SHA512 | c14da2e3f81c5e643c5966dde7834674357a07a22683c34f16d633f5e776c8fe0fc63ef764cacfbff6c724e8544f3bdcf8c4222aaa9d1e3557c248a3bc378a0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43d5bf52253e51bc50820623c9237f75 |
| SHA1 | 9c34ac792ebd9c51d4e1f6ebe0757c9cf093194b |
| SHA256 | 3bc1033bc0b5fc3b3c2bdecdefaf6c1b9aa6dc3813f35abc5c429105e4ffa690 |
| SHA512 | 12de89322317dabdce28e414906d1aa94a15e6816363c4393a59fe5be4dfa574fb0494ead53333bf8e4d400516c270f2605820d2f8775bf735b6d54bcabcd350 |
C:\Users\Admin\Downloads\VanishRaider-main.rar:Zone.Identifier
| MD5 | 398f4e844dcdce46c2b99cc860176188 |
| SHA1 | 1fafc34ca285c4e2656b4afd23a18f5f37060a9b |
| SHA256 | de9b5b5ff549d422e5a4c21d06c8fae65124b0ebe99fd4d63f8c1d08c45cb61c |
| SHA512 | 4795baa0c6989797f23eae57ad5b155350b567951ec2b14689d3b36b4547090dce364f6f454096dd36e8cd008f82f57fc2e9fe22550acb9128c14d58906f9734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 739ec256bf4fb56e836f9b6468794a57 |
| SHA1 | bb3280b200e1aa4fce2d3cddf98e39cf3e996473 |
| SHA256 | 816f084ba8e62a6734c0f64f2f4cf94f2a9f85b1126fb182ee3233141bca54cc |
| SHA512 | 13f6f08f1675ba59ef9ab1478f3a371064349647cfaae8f487c628dee85bcb160f7015bd84bb797f2a6217848cda2e4aa2d2ea71a8bcbcce9e354af678419ec2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0e0eeef7fa4982da6b34ecf4f9549da |
| SHA1 | 89bc4b59d951c5941259cd1ab6607618be118fa9 |
| SHA256 | 2979b974ff13489d4457c457b3c2013625744c5ff479787a4473f7c2468905df |
| SHA512 | cba235884fefa7eb45e8d0566f6521d4369fe7c53b1f918a92a90909e4e5aeb883d24824395980d9d79426eab11fe83429dd2e48106b8169dceb512bfbcc396d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27f84debbe55cdec2f3f101fa912e64c |
| SHA1 | 9c43eda4945aa6d6e718c53ade51d959b9a027c6 |
| SHA256 | da67b2e6b55975122b583d717db5f50cafce0d978793310eb0d7d3579981c98a |
| SHA512 | bffa3c5d39c2c0280d2f66abfc828b59dc311a73b18a2c86e3ac957a8b40c8fa7bce41be0e2642526b9077d5b00edf7743fddeb70e756167c122b349231052fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 013b26a6a640ae26836473fd3edb79c2 |
| SHA1 | f809b6dfd7f96e5b5d85c1970b148df0d50cce49 |
| SHA256 | 39db6b007845b29a872868554106a31f522f476ad1e08763588ebafc672bf1fe |
| SHA512 | 9171df08d98a6ea5ef7ccdd97f8ff68435a91fd40e4c600d770023fe0d4bfbd919c542d301155cdb74b461828bb813a2da0d78bdb2561a88732ada851e02353a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 42bac743a61919a19fd5967ad2e238b5 |
| SHA1 | d89deddfddd5d2fbf6830f3cf116c2bac39f8e4c |
| SHA256 | 8b87ccfca19b1e73986282b6574464e82040311a42e5922801e28bb196601777 |
| SHA512 | f89de0d1d7256fc8dc0982746200370611210879c4f546f163b07a7a2b9d1f8e396e0034dbdfde54c8130ff4b3065214f38592519be48ffa8436a660f4b994f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58361e.TMP
| MD5 | 1d129f177ed37f3a3c2fcb9493ab6532 |
| SHA1 | 801fa8b2d3e76514540a45c899a3df1fa54c57f2 |
| SHA256 | 49184463c5defcc4d63e355d44c5c0d181b24d103bf7631be9fd1b3cee3a9e03 |
| SHA512 | 7d11a3e9e6dbd9023bdcfe5324b93096bf68d5c86dfd57896448caf87a9c03f6d104ea91c34c371a718f350a8b709ec27ecc75bc49270e0391088f91ed8fbcb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec22f50770391322f5bb30cd9641a566 |
| SHA1 | 1834325d4edcf15cf1897c5e9beb0da1a937d05e |
| SHA256 | 5c836bd284ec9a5759e33d68b6d183c4f1fb6a1a9c37b20f4bc05d54d0eeccaf |
| SHA512 | 820e6e5816c3e002bb64190257bb97b381bb11f74171e248b50c968c1fc2c7704a4662501dd5c4d1cacdbfbd32e81c38746f500e91335c16f5da368e130182ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 12fdcbb217502bfaffbb88c311e9a64b |
| SHA1 | 845e3a334318d9e65047998b610a85a01cd27583 |
| SHA256 | f80e26bfd71d2e8f1925e2b241edbef3077103f56bff188213eb73a8827ec9e9 |
| SHA512 | cc31422bf0746e4fc0b36a89489bd6384102f4c18028c9aa703bc27121eb3a8b7f31208d56be1ff947b27643e348bda75a5e0b31748a2696d808115a39b37616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | f541601aa1467b024f1d7df6fd9d4a6f |
| SHA1 | ac999e93748ba19f6f52753cbcbe5b1454e16fd0 |
| SHA256 | e9b0ed19f866577f9d8f092b1dc6ec6c375c0e486e5632150100dbf89a7a3e77 |
| SHA512 | 46c29bbd4de99c7d1bb77723a57ef6a04fc5ca6b2a1795806a004f762da379422e3277530f143aae09158f66530277ff0c651c8f341bebc73398a95b6f024373 |
C:\Users\Admin\Downloads\VanishRaider-main (1).rar:Zone.Identifier
| MD5 | 1f091e8af16adbc01d72edbf37b95564 |
| SHA1 | dbb51109be7e8d48cbb5286cd2feeee208f5a37e |
| SHA256 | 1eeb4a478b784e5377472c922ef453138bc1cfad44b9291ff21b92b2489827ec |
| SHA512 | ff887a17a115f8829983dbf725a396212563cd20f4d18c613bd59aae5241704267d6b8a52e62a2153a14e6a1988b1a0397aba0d5035f3a62dce9b9b7e68a0918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 1455305440d953ca16965a8354f32716 |
| SHA1 | ff24db4e5ae527fc9ff54f5eb5b9ac85d17ba6dc |
| SHA256 | 03e04da8ccf889ff5eb856073ec38a3961629db5c8d5f9845ee99c595557fb2c |
| SHA512 | f6d4bd009726cbd7a53aeb6dc34944859d2f0a74cb34696045b7e2b18f6a5cbc4349b5ed7451427aa9a43d96e52e3cc3879ec80940422a3ccc488645ff919b4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58462c.TMP
| MD5 | cf4de14dfa32d05602a30acb8f9cb447 |
| SHA1 | b1ef3788660d40cb2376d87025b8aa1f2c9cb0e4 |
| SHA256 | ce9c57e5084743b2dffbd2d3a9c8d1fd4c6b3a2f21da39a841dd42045d0af201 |
| SHA512 | fa17796336620d9afda79ecc4a4af7460da40b55449fedb4ff87510ec24cced5519cd42c614ab74d2e0254b03f9bcf6f406ffa86da4d9f27b3fa8129914165e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | bc96f1fafadc3a8bb63d2f4803a703e2 |
| SHA1 | aff1b1ac7de0ed2f321e9a7371695467dd9fbe59 |
| SHA256 | 5b335b41f2a4e42597431702c6430931169e4ed2a3e55cb9223804eee33f42e1 |
| SHA512 | 1122131b5d9f53f70ad549f6f6e7dc879a9183d79a36715415db0a0f695586081085bc3400685852206c2a8092f88a34e5e3dae9a6ea5ff2078a51b2ac60ed9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 41c1930548d8b99ff1dbb64ba7fecb3d |
| SHA1 | d8acfeaf7c74e2b289be37687f886f50c01d4f2f |
| SHA256 | 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502 |
| SHA512 | a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 039ab040252de0e47e5860c2afe5cc69 |
| SHA1 | 2b896b76c79b5e41cf288affd8f9b15d1272bf21 |
| SHA256 | 124d768a0fa331e5d9e9a4b3c47878116cce3b37e4da97b27c83453f5b6ea064 |
| SHA512 | b7542bc1c914a558abf4bb86b08272b747230152acdadd6a7ab21548f4c746dfd18274aa68984e8d65e180e1758679018b0209eebfade38546bf4c97c36d11d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0facd01c88b6e4a43b51b9bfc54006e2 |
| SHA1 | b8c4a403cd80df23279c9047fc894617166ef7ad |
| SHA256 | 9220fc2788c4a43ec8cce08df171540fdd5f5081d4783fdaf249792e20874b66 |
| SHA512 | 83bf7c8a408369dc1518b8b1e16147569324031b1690b857bd01333b1019de4c84a5921b98e7032c6a9a733e461af93cf08d4148a56827a9eceeb053df2b0110 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 88644b4eab665788b2451b259a689976 |
| SHA1 | da21630901efd21a159696b5961d85c3d971fc32 |
| SHA256 | 706daf1234a6adb5b818efdcfbc655e099f060223f5fbe75ffc1fb87efa012f4 |
| SHA512 | 4bf7ae8f0865e7f44ecf062d2fa547224d2917cd7bb40751385b750c158ff051e16fecdbe14f779910c609548822af6c8260a82f4a2ed42b960215fb5928a393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c21c9b9245b8d73f3e7e435189e5653 |
| SHA1 | 7b17665d68a4797aa15ef4b14b1bfeb2f1da7057 |
| SHA256 | 797d23e00fa9c99173986d3aa97a34d02d581b3965e0f397607f2e506b91c44c |
| SHA512 | 110ac9d216652db9340018efdf357304679d727eb45330073c87a220724d91b8670c781299ed81f7f8dc93b55728258273e61c16b05717bb29651178a68b67b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa41628bddd069b7627c6e742028033d |
| SHA1 | 13c6b9afc71c5946598576a257cd3435f26d5639 |
| SHA256 | 2834ec4c71f661719b5543fdb6a6df24252ced27001a9d41b7564034f8c1d92f |
| SHA512 | aeadd271979f7ad1d8b1119f63bc04d0659945f3ff9febeb6617b93caa52250f734bd84d3e26fd1a1866bdd3ae765ef5bce9af3fab61ff526a6c4a00d5b65500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | b84eee895c7a4ebe97643218099395b0 |
| SHA1 | d905631cee3033b20d0894a2153daae9bc35ee17 |
| SHA256 | 5c0dc4f531175421fa2b7b3bb94a3ff478015beb95d234aa1c3dd8edc74f2aa4 |
| SHA512 | 22cdffa3c664ad188687449186527b1a2087536268dd43230cd38a9b1ff72af5c1cce77b3027f9581fc5e2a245e232ffc58a5b1298bfafd8f7280ccc858e63ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58ad81.TMP
| MD5 | 31cc2d828fe130e8c413922d6f056c91 |
| SHA1 | 5bf02684f9d5abe7aceac0064cdcb1acd8dc6ab2 |
| SHA256 | 17558baa8bca4e2518070d02834f0aa83ef3a6ba59a11ff2d6a21faeb16ffa83 |
| SHA512 | 53e7d1d38c9ba8047c344418adb352e3d3ce9f42f082959ea6763972521f7dd68ab3d2dc049a9ffaa150cf79cb75113f0ec488710b0c3a978c32268a21b2ac29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b61ecb39c58bc4492ad089f2ce8a6936 |
| SHA1 | ffc7c838b603e8bf9dfe95e39fcc655cb3728dbf |
| SHA256 | 2986503a9c70469a189620d3035c871ca2c344c8ca5e4240f2de95eb20b9219a |
| SHA512 | 2f1b4b904511239001119c64f27bf0431b2e7cddeceb5152cb8a4f2ccc1fc731acef957e5db68fc6d90af22d6d255fa06e3e972ce45e5c6e4ce9cfcb15f3b6cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b21bb50498bc3f9a0d9795710bbb1d55 |
| SHA1 | d4d72f16610f8f6f82d893b5903f93bfd4cdc0d2 |
| SHA256 | e29c744020d848cd55525b8cf478620f2aca539373569f569b8ceb7c9a8a6452 |
| SHA512 | 7c49845cec74110c7e3f5655c1e53cfa56b26f8e492b383e2d7df4b39f04eeb8bd7b7c32faaa6521307758426cb6e4cee57f3164887a682feb5203b7d86df413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | e0c5e11675a21ca20f2952d8d21387cc |
| SHA1 | cc14abce839ef36385a56230aac91b2162bc7930 |
| SHA256 | ab3fe943f14385be4632f252814ea9b99eb1d3e170fabed1d9bc589b3ae877ac |
| SHA512 | 752549bcb19c43c1e7044532231151883eba89edf3a488d3c9b6d3a07809a9f4eed6732702461ac16e2c184e0f40e04d267a8c4377c1244841544946c2e0955a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0ee71f4c34a43a37312a6269e25d04ee |
| SHA1 | 4f960276290f17bbf556ad296350f248fee0ad3f |
| SHA256 | 67760c48feaa6088d7e6506aee5d47eddad3319fba0443cce5ead7e027671847 |
| SHA512 | 6a76ead371914b4e3cdf872e7a7c0d94d0f6c0b44c1011baef33fea770bf21a2e5c52b632e96f2b9f82f4ba130f9c0fe2daa886f500284732b4163a6f44062ca |
C:\Users\Admin\Downloads\7z2409-x64.exe.crdownload
| MD5 | 6c73cc4c494be8f4e680de1a20262c8a |
| SHA1 | 28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0 |
| SHA256 | bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e |
| SHA512 | 2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85 |
C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier
| MD5 | e4d4ce7e0de114643c978286e4356394 |
| SHA1 | dffbb8a09bf45d7a4d59db8decb642885f1460d5 |
| SHA256 | 3bd23f7573c8ca64bc353bc7b5e255f52135bf0388aee454955ce9be3c639c0d |
| SHA512 | d6c2bf765a0f5963f82426ce57f8e2f4e0a13d4cb64881baa75509a8909a51cc6c20f1669f4886d2b8753e50f52c90f5c60f3b2c8bd138912c2c367ef2ccf5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 57e006f9d32e67a2a11773ca9e282285 |
| SHA1 | 15228bda82d5c4b51f122fce73e272854aa6830f |
| SHA256 | f80cafc85e01700dd9d62f74d46270ecb97ca5b703da16ad0a5926e30605c6bb |
| SHA512 | 7e442348c0e8122e8c90a998f792687435e1a733b6175ac5c1031393661b4a9b6427e31b660b7a22e2d5a9268edce79622a8a03f48f4bc904efd65c962efa63a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2af75aeb34e645f18aef9ee07c27722 |
| SHA1 | fe917961249e9905a430911969bc04c4399c1a0c |
| SHA256 | 866b6ffcfabd027cd5bfd101624d10ab4ac7c8b74a20a8eacc607124e47b2b36 |
| SHA512 | 9095e3685d781047ed8f3e0969add48a765211fbcf21d175a6be4981082604099f731d4d757c1e9abbc9dfea55593c27c81a4c3599c1a22fa7eaa8526b533714 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 156020a2b8d08b9ee749a4d3f75be414 |
| SHA1 | 343dc610251b593eae64152fc1b0570ff35019ea |
| SHA256 | 17b6f701cf9edf1ca01bbdd7bb4686b1197c95c2c7124554de03e858f78bdcb2 |
| SHA512 | 00a1e370b1e6e44e4d263dfe8d3ef1e82e07ff2001d3e877a3265fb42ed6fe5bc660514917c41611144e490b79ff9a30a00e8d077bfc4e6bef666fdd523c2fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95cb311f8c8410d60eff31bb83857f8e |
| SHA1 | 4a1d6c1b8ab73dcceda49ad4a1dde8ba6319cfc8 |
| SHA256 | d499ff693f2640bfe2c0dec75613eff632f47c10a906396a39c96855507a5e62 |
| SHA512 | f7283efdbaa17bfe7ede7fe43189f083738ed0c2b15f6bcd8c535d778691990a31e80e84347582dbfc1c5d6b1e245573fb5de542968d2b842037577aec7ac3cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 392c9307ed4080e451704ccb548699f9 |
| SHA1 | bdd53d11bafa288ff2c463fecd65e7c543d4bc32 |
| SHA256 | 816b6179452bfc226887fec555a424274e35081fff6f1c77d31a0061c39c322b |
| SHA512 | ded284da7a2872b34e615a92fe17d2ceee09b29b8160d2f8dd65e44fb1ec8f42ae2dd49b22a060e4dd85900138f21c9a8169ea36ef9a8e2a420ee1ee0ec880f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\manifest.json
| MD5 | c3419069a1c30140b77045aba38f12cf |
| SHA1 | 11920f0c1e55cadc7d2893d1eebb268b3459762a |
| SHA256 | db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f |
| SHA512 | c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1960_949879303\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18310732e8b8483f4e832cc6bbe5fcb7 |
| SHA1 | a7b8b99518bd8cb68ebb4a993431bb067e7f5c1f |
| SHA256 | 60e446bd718f2f3ffb1157fa5a57911f3cbb551efe9bcc600fcc1c7f7f1f0ebb |
| SHA512 | 97dbfd68e1898ba4b310104657c09de79f833a59c3c067eba1a12991124af6fc5a779d964eab23868e0eac802785d96152b98137f467a0b65228f654f9dd6d2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8a438e9346671802dca29d72d7c8694a |
| SHA1 | f2950f541cf4a3ec5bf71cde62f0575aa16e8e05 |
| SHA256 | 20996f65ec82ffa0687465eaf28d00549cf4fdd805148b35a551942d7ffbc166 |
| SHA512 | 8dff6098aa3d43a69e8ce879c7ec5dfdc1c810316547343c3f612a7877f7ecdbe4512b8850997f7a47c8ceee17f95a894354c148e4d8172862f5b51f4d7a7d24 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | e03115ee7530777231a0051667ab23d3 |
| SHA1 | 5ded32077cda52b5527f75017552a598b0523db7 |
| SHA256 | cccf6f489961bb78c5c4baecd964442b14593799403e2b6e4d50082c3e64803a |
| SHA512 | 053f81c647b55df05bef067f26be1d25b44cdd1d5a59c4341904f0b9173a1ad6cc3209035ed4782626b150f090f52276c7d99e77eaf108b2fed52f2179e959ee |
C:\Program Files\7-Zip\7z.exe
| MD5 | b6d5860f368b28caa9dd14a51666a5cd |
| SHA1 | db96d4b476005a684f4a10480c722b3d89dde8a5 |
| SHA256 | e2ca3ec168ae9c0b4115cd4fe220145ea9b2dc4b6fc79d765e91f415b34d00de |
| SHA512 | d2bb1d4f194091fc9f3a2dd27d56105e72c46db19af24b91af84e223ffcc7fec44b064bf94b63876ee7c20d40c45730b61aa6b1e327947d6fb1633f482daa529 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 4eaae49d718451ec5442d4c8ef42b88b |
| SHA1 | bbac4f5d69a0a778db567e6978d4dabf2d763167 |
| SHA256 | dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58 |
| SHA512 | 41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | d882650163a8f79c52e48aa9035bacbb |
| SHA1 | 9518c39c71af3cc77d7bbb1381160497778c3429 |
| SHA256 | 07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff |
| SHA512 | 8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1 |
C:\Users\Admin\Downloads\VanishRaider-main.rar
| MD5 | 3d15d9b5d05223d0b812f1f51eb05ecb |
| SHA1 | 7f0f19e7128f546193685be6efe39a2ec61d8175 |
| SHA256 | c39552926a046eca64dab7cafbc9002ae22d592cba749fa03b6416b4a299431d |
| SHA512 | 7c65b4fddf10687c119718d136e45c570c4a5f9bb2ddbb23731813b5975d79a91ec062d7722909ede8ced4ac5a6fdb654ca9f1780546f50400f5de095f088ef1 |
C:\Program Files\7-Zip\7z.dll
| MD5 | c4aabd70dc28c9516809b775a30fdd3f |
| SHA1 | 43804fa264bf00ece1ee23468c309bc1be7c66de |
| SHA256 | 882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863 |
| SHA512 | 5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5d1714acfdabb6c75bdbb84c4d8be5c |
| SHA1 | 42f84f1f92764cd00f7f87d6cc0396b046f7abc0 |
| SHA256 | fe2f7892044da9c96f207e9e43d3da5e02dceccb24d23b26d0525fbcab4192b1 |
| SHA512 | 61aad5c2be4a90f64cf796cafa3736ff7dea6d90f6e514e8c7cb7df87dcb0b337ad07278f906756b92fb384dad1fd60d32284e4cb79b0344ad0f51a1f80c6513 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 70e85ecc98d1cc2d0c0701bdb291ff52 |
| SHA1 | a8b324d68f130945a6d5b89931cfa61b3a3a9ee5 |
| SHA256 | 50a19f8771a6661067ed8b76b0597430268708d382e7a05cbd01f1814e795dd8 |
| SHA512 | 428566d94fde6b832cee09bb20cd72c7e3359c1cfc6e34dd73779e69b2ebd219e4655e63d07f2a5c6ec42fa17f774e6b76afdcb795c4c9b476cb96c348ff589c |
C:\Users\Admin\AppData\Local\Temp\7zOC746F86A\vanish.exe
| MD5 | ac59764dee7fcebe61b0a9d70f87c1e1 |
| SHA1 | 4faba8946b946a6eeb121561417ae13e4ec8c606 |
| SHA256 | c6487e1da77c82d40628312680ad43343cff5b92462ffeeffed30f46b23625ab |
| SHA512 | b71f1dbc069ee6612b0d6a136d77080f919958e7a6bcdf65260e04ac5efc484042aca0716dda8199970bf7f2d0f4864a4888e3b0dcfd1ef858c615f839c3ac65 |
memory/3384-1408-0x0000029634530000-0x0000029634558000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1d718e0e855ba47a47d9a1a14e777ef0 |
| SHA1 | aced82a803756c77344d9c082b07303841bfd733 |
| SHA256 | 6c52c0a20eac9af2262f50117cf6e5d6b80d1bece2d49cdb82034ca00af7b180 |
| SHA512 | 84031cd60b8507687843a2682fec01a718fa897c9a4e4f8b50484e12095a5707246612fc8ef991ad6076f2d6c5f9113a931f935e7df4e7aed42916807f816842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
| MD5 | 2c910c5bbe3e784fdfb8be1d76b45e08 |
| SHA1 | d7a2f58187fb9a9a1fd9131fa82cd1c3934ebd1b |
| SHA256 | 7eeefe1e8899f47c62f18932e70d886b38e1bd4b00cc6d9ad3497f3279ee3b06 |
| SHA512 | b89cad03c6e525105f5fa0b8ba987dc4d6a54fbd6e641d7989a00202a8dfb0ec553c0da5fb73725a839ac9cc7125662f58a4d353fa310f2d60538d143cd8ac0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
| MD5 | 03107fb2b96e4170356ba6f1d244f33e |
| SHA1 | 05332e83d800509585ee9836f62f1763091c2e55 |
| SHA256 | b5a08882d7f9a590d4d5e795c377fa21095032d72b5ee3c703d54d51012b522f |
| SHA512 | 53e1986da7d92037a3f13c1d84c268753c7b9e04d2d2f9db5f42875aaf872161d6ba1dccd374781aeaa40f84d762561f648e327ee91650b6f6950a5635a3a1a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
| MD5 | fd1767785c3c93b36b99903fa9ed8ba0 |
| SHA1 | 196cecc2f317a20b1f1da8bacaf4206446cebb59 |
| SHA256 | 21c5ba0a26c6797b1d77755dce5fe319a3a92cc5283236edcfc7a859fa5561c3 |
| SHA512 | f46a360ddf907f1c9f431d33118889d73822002ef69ed6f504685194f58b00819b35be49af0ce0b862a4a90f024c355cda8fe0b57c780664bc533aa43d89e9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log
| MD5 | d480d68fa35b02f9d3fb0f8400f50cb4 |
| SHA1 | b6c4f282957cce9d62ac328aaeddc3e023fa6395 |
| SHA256 | 39c45d1572ecf77d00837939642f6f24ae5c57f2ff28ed82f11d32c235e414fc |
| SHA512 | 170346d880269df4342dcf9810ee0f7c9a161a009d4f0db0c348e02b956a428a11964c7edba0430677c1d719240292a5c951ab8c65ccdfb02d14c778466cf6cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0399f14-143f-4da4-a195-4bef7d150039.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bd83426a5a006b0d097ace6d84bf5e11 |
| SHA1 | 45684f5112db4d6eaeb4c0b98e95740b4217e275 |
| SHA256 | 1bf1428c2039a63d2026cb8d09950654432e801d1caba36f8bc55864ff825059 |
| SHA512 | ed71318f822ee32bcb90bc0c4cd32fc3643ce86356d84a5a02b18e4fd054bfcf9f44426eeb1d6128723e72928f0fb1afbe9ad18488a4260fa7e44d24f83f00a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 8c93e86b4d1d04252d61330dc85ebbce |
| SHA1 | 97c874d73b69e76a76d354bed3b3a7ef250be07a |
| SHA256 | 6986eb1766b1347ef73d747a8991723509f45e714864e1039a95613ef22e5e33 |
| SHA512 | 300ebf6b293c99b80f98540f8a72ad1c5b32b6c53453ca5a78d0272de5eda7164478085ff295802e0096149e5623e714c2c196ffb2c5ccb0f3929f7271b63c49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 6ed547d655137b531403385f4e2d6103 |
| SHA1 | f25dfcef0555ba83653199ee707c2b5174c44408 |
| SHA256 | bcd46cccb364bdb7724a3f9395c52da3be47649296dd1b8074693940dfdfa00c |
| SHA512 | 4e5ae2da28b183642e6eea0ebb9641777149bda2138dd3bf8c6ddf4d6b6156a098c09067788464e6912f2cb4fa88347a4911002ef6359412b246b08036c15162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | b3b20bfdbc68a0c075604ca27e56c327 |
| SHA1 | b26156af820b72f8199175e659d791ae6ee58ec0 |
| SHA256 | 6337b3563c54f0c143dc9ee405e42bcd0e7d3f87ee2c9b5cdb51198007215e5f |
| SHA512 | 9cab2f73e9454d3c120941f9e9582c6f3ccf45080bd0734e1a2c8adfeff1b280ee4b9c2cfcd89eee5b18ccce0907a496161d280f7aacc0dc3fb1d31eb1ac25dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 13f01ebdec8102304352f8eb9ed1b02f |
| SHA1 | 1e552c92f54ff7e6daa8b6742c9473177b0fbc0e |
| SHA256 | 322f776e6eb8cc393ce978334178afc6d6ab6fd9762a79164356d78bf054e381 |
| SHA512 | 34119be6ba9a7603c0e727e2a1b7491628e6151be30006111122f04c677269dc3e678d3be9ce886671b544e96b8b3d30ac5d31be1c23157e6c1a07add7a041d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | e118f630404601fbcec78e88f6e10335 |
| SHA1 | 8475774e121eedc3c790dae8c71720127867e3d5 |
| SHA256 | 94a440c1f685e7af34b0d33fb37173d387363621a67a24f0b9700373066f341c |
| SHA512 | f9bbf701531f3f4b6517814f8f1e7eef5197085fb48d719a8a726eabddb4587da67787884b2e6123ad836cb7ed4743c3daff2662c80fd4382252888e5094b423 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | b6ea1b12a45727f7f4857d4180628da8 |
| SHA1 | d95a00206155b06191a20ad6fea1e0c60e4e946c |
| SHA256 | 335803094f9eaddfa44c0a4aa933341a2422b11b886ce758735daa0fa03cbe40 |
| SHA512 | a1fb5356d7e9acf5ca458b3232c7238c483c35a7c9575dd474c9157c8a9cdef78746b4b4bfd1f1d2751811c917f15d1ec8921cdbabfc6b405513834c5b7de2c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
| MD5 | a62613b87bf4e86da0630f45f690a9ea |
| SHA1 | bfb2ea5cf4523efb26144183a28bf907449712cf |
| SHA256 | 05e5b2eaa1e254da790abd518f3bf80c389ddc3afece3117d7778ee456b1df74 |
| SHA512 | 558876fbf9f1c914f2401d0f242cf67cfd2e19a61269c2d5f18d26d745944796e82e53c43e9cc59103a79c2a9eb38d92bedc29b58631521ef20d29e3606d559a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | 1bbe5759d30354079abd3d4dbdc20bba |
| SHA1 | a391e2d09546a5c6849c0d726a3cde7e3b988785 |
| SHA256 | 997386503265448a31fc60540db544d8d18387b158571c5a5e9c9b0f2b409724 |
| SHA512 | 6701abd9f4e52096262d9941befa9f37ef5384f2c44a5b331f66b1a65e85dddf95091d53fc9ae328e683a3a0ec05707e4e9071c7ac374e4e258edf2705143230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ecece205d400907a3ec65dc18c81eb00 |
| SHA1 | 046a1b66c4a1cdea071d00014405867efad55fff |
| SHA256 | 29d970843cbe836a2936551dd1b4e77270c6be2fe3e58f95199074bac5416287 |
| SHA512 | 5069b1383da9a17f66de547103a11374edece716d801362ff728423f19abfb531c56610cde7da39d76780063990937c2d0ac4a7825ffbc66e7d3a3fdf62eb0b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 2d8fc8b4fa7b8f73cd6991a2d64e0648 |
| SHA1 | 19e8a67192c95100f75a0f9cbb9018ffa2d1d41e |
| SHA256 | 81cfaa80b46d2a48def38d1474e5d10b0e0652821e64031044a6f641b9ec0b60 |
| SHA512 | 68558d93aedfb2694ae31d6418c12f5c74fceee203ff80a549aceb8b28ba1d005ecf234df32d5705fefa23ae1b34bc166d6302e461245862b3ec7ea24843788a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | fb1fc176238db3439658794b159ff5bd |
| SHA1 | 461d89e6269cfdfbbc45ab9011990861b7b09920 |
| SHA256 | 2d625f93ce934c0aebd1c61403cd7d7f2a49deec9a33b43f8c2b5573279a98e6 |
| SHA512 | e3c4e111ef747a8cd0cc65c8c55da2d51b8584ed51281948c6a7702de57265bef0d13feea822ef2fca2ec406548304f95565833df19188e68b6603831876af8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | bc76aca8739f43ea35e2b90064a71a6e |
| SHA1 | 8ab33f3f9760316db8cd2ce49424b4ef716d761b |
| SHA256 | 84c3877d46a5c8fe0c760b7e3158551fb7f918fbe2b9345ce49430007c68931b |
| SHA512 | 9f4d5a7c200a16fee6952b3b3482f3c2b071c13b74565a548192aa0647f50c5261dc335f59253ee98950dff7dad8d65536c2a36a0794551c43d2b1cb31d9f45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | f251369b332864bbec13695f2c4bed7b |
| SHA1 | 9cb6d51656b1954bdcd9b4bf90424bd960cd3461 |
| SHA256 | 6e008ab2bc18756fafd968d84b8a1ff84540b8f88330595ec26cf200c8a88b86 |
| SHA512 | d9725f719e2dea2b87994c581d06bb55e0715e5cb5d8d9c59a6513eb57448a090ceefafa75f7fe28f71617cb934eaea6d94f6ce3597fad50480b35b6fd976dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | f09afbad0092dba4c17bd53ebe158fb0 |
| SHA1 | cc9cfb8902e9340557b5582c82e317a7fb82374b |
| SHA256 | 552c46965dfe7bdb14618c816d8fadf0196babdfaac2c28cf5c575d6d068a118 |
| SHA512 | f673d0767a2011f172e78016efd6a8af87eba7351eb0d06a37e02cf1b0162248ddd58a4cbc4c7198e588891877cd093d68cf2786d83cbbafdf132874301bfdbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386959983109783
| MD5 | 8144a1d9543ffd8ae9c7c641649089c8 |
| SHA1 | dae2fafc98993d0fc0b6742b17ab963b04e928ba |
| SHA256 | d756496f0817983cc1da3da177c47348f6de23bf883b9e35c9478ef86fdba544 |
| SHA512 | ab3bfa23d91d9bc042e8eec5483e1f12ccc73ee331b0eb29dd6e1e964473a62a742e35575966c7f55863d66bcc71877f4b308eb0ceeecc3f14f2d8812e918db1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 26e791df01ccbd0cff67b6fce7f61b03 |
| SHA1 | 2f1951e0461a0c2c4ceb51d035ae664b0566a3a9 |
| SHA256 | 4894d9c08eda96dbe5f18e47d701fb5228c3413d12297600583006b33d562b70 |
| SHA512 | e861020a65bfcf640b92fb6cbd162dbe051d814d86602555db1f97289f0b7cd50e52240393907f2e88ab35d36d7affedd731de779dd7318b06db24447fc09526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13386960075615423
| MD5 | 85ebd78db35ad8588e75a62c36bb8484 |
| SHA1 | 2ad884ce7bd93c3d039bd0bf55fe19977d6c350e |
| SHA256 | 51fee3fdf8f46afa9a42cb97d17be10cca282046eaaf3d96cb360bb86f188698 |
| SHA512 | f707bbe09834c83ca87b9fe9219f2e210eb6d34f9d905e73c25cd83838b9ad628340c18c13be8c8e95524de08c5e141ca521f519a22708b95e127d5afe407f0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite
| MD5 | 74cfcc4af9ad61660633d4a084ef3790 |
| SHA1 | eb79abf5f0ed7cb1812b4016352ad684a66ecd8b |
| SHA256 | 6ee259054b0d13a907fa2312afcd940b9cf745e351aa583d1080be56b2138b0f |
| SHA512 | 95ff156fde6546b5d7ba5710372728c22fd95a40b2949599092d55b2f844eda271ab6de115047c9a5e30b141f17c41ec883a9aee7aa4b25df0e9b215691b6fad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db
| MD5 | b732993fee92feef21e1c2e9aa1fcc0f |
| SHA1 | b8bffce1a85e8f568ddcfcc7e0f66b29cfcce13b |
| SHA256 | 43bc697650b73e2fdd4b361e42fdf601afee195af55fbb6307bf3a08263f810a |
| SHA512 | 6c196ee8d757d793a4f37fd874126d1abbb99b28aded0f84d48d6fd59480079a0b8d8226acd02103fc9c08e84d29286698d91b8dd356e3793de380a04431054b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
| MD5 | 13c75bf6417463bd14309be9e218bb04 |
| SHA1 | 9a9000b1040c819f285fe79593df90dd3787b75c |
| SHA256 | 9f035e9320225be3eace82c20aa7d11241c55522e0e176fb3f5ca2715cc36441 |
| SHA512 | 2e9348b06ba061f6b0085f4161cac9e8f74ba2e6e8b6608be3ab2178db2b5ed0158151d31ea9e51829400417a8ce3a96f52f3f2de052771ed24bfc289ac2576d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
| MD5 | f27314dd366903bbc6141eae524b0fde |
| SHA1 | 4714d4a11c53cf4258c3a0246b98e5f5a01fbc12 |
| SHA256 | 68c7ad234755b9edb06832a084d092660970c89a7305e0c47d327b6ac50dd898 |
| SHA512 | 07a0d529d9458de5e46385f2a9d77e0987567ba908b53ddb1f83d40d99a72e6b2e3586b9f79c2264a83422c4e7fc6559cac029a6f969f793f7407212bb3ecd51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DIPS-wal
| MD5 | 47710ca0b520e2a6ce6348b86e451b18 |
| SHA1 | 70e16551bb9c6fb246113b6778824ed387785e55 |
| SHA256 | c07fce0823e461343aed05f407c0a2f4e1e08f98f3d9c73aa54d7e8376e68633 |
| SHA512 | 1fe404bf7bf0db550b049732f1756fa6265c37f29e8edfe77c9eb8e5ff08b44f93db1d1c45100c664a5c790640e3155fbbd5e6bb634837c15321b819756082e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | 0e7d84537e6579f66e698f216b24cc8e |
| SHA1 | 0138ad683751483d12d2952ffb35a00ce1997c0c |
| SHA256 | c83584d0e23524be92d4b784a4761457c60d3a67ab317f428bdb5a225ac05f80 |
| SHA512 | 1545d691aafb9b04baf5b08ee295fca5613b63ddd9cdf702b3c19b3ac587ccba2b2ff66d1ae19d7cf68293dc0adff7b4e1097d85b46d02a029bd7ea4e42ac0d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
| MD5 | 7c1efb9ad4b6808a3298117dcdbc1f97 |
| SHA1 | c400779ed083a537de9db08c9db70c82d79551e5 |
| SHA256 | 29e6690d6775d74115c67e4445b00e636a51cb8a706d9abf8529c4e129de6958 |
| SHA512 | 37436cd16df17d70548cc2480e7bb15176574effb41cc6dc863c2cfa0a22a108b5f821d1b7976495fa1a7b96de95b36261f88a6644c64a69106198e26793971f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
| MD5 | 46fb70aa92599647b2ac62c9290d7aa8 |
| SHA1 | 19204e788c79533a01c6e4bb38b6ab8f71912c10 |
| SHA256 | d14e7c5f1885b191f3a95fefce00ce0cce5bf7d538df43543ee43e737606feb1 |
| SHA512 | 6feda2b8e30219cb163ddf8d0c12a3bfc56e19d28818b4060c4258869a5df20e25b570172f45b2ab50c1c0ea496f72000c37297b40ae8d3e5e428c2fa74b30b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | cee04909ed4cb405d52e4a5d75b36c1f |
| SHA1 | 8604766f156902930f8460722cc1c89b2b975f19 |
| SHA256 | eb94bbb0a0931239b25fbba1cc8b0857a31199174be8f1449ba7715de324d737 |
| SHA512 | 318287ed53d1d352af83573284e6e2c59c2ac7261c0b0c5e2bbc97c9a3a12342fc2791705113c330ddefa087bcec22565425e788eea265f3416eb34f0896fa1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
| MD5 | a057924b0a9a25057a5eb12b6e437470 |
| SHA1 | cd57db29a18e3ffdd54e12455e2ed1fb26407fed |
| SHA256 | 889247c8bba0f255a287db15e736cc4774736c45d73767fc14fa18e87f2a5659 |
| SHA512 | 81b41f5d63613c3a4fde2597f65c7c4434e3c36e6714cc7be75b91846ef8e0404ef5bcb55876903ef3ec5a8e4bf1e7f5bce84a7725dc0e2c2a5152c17fad4b7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
| MD5 | 17d41ffe3fe65b0d5bf7f82afa65bf93 |
| SHA1 | 876fc9d709696ba34b774aabb209e839f284d2be |
| SHA256 | 032654ad059479fb70f3cabff27cbe093a1b65cca21a987acc619b3edfb1bf07 |
| SHA512 | cd5a59e0057645b2a1047b49294791463e84d29cbd8af27d50145e3bad2abd5cb10465a41df35e79075632aa47394a67653a6b22dc9f5a8f5f72fc849e327164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma
| MD5 | f05b0294ae4949feed0706bc80fa6418 |
| SHA1 | 346bb7d2d99251c193652ad4ae7ef2964565b98d |
| SHA256 | 1c02e2feba3b2af3c045d1ed01f8a67e0923f7e357b32c434e567eef6aac4138 |
| SHA512 | 348366e162f3a037e74d0e9ff422ba7ca3e14c2b170f50bab2a4b88b29a572028e56965c332bc63cbe89de1a3467c215893ecf3cac514d786ec7ea30c08bcc05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\SharedStorage-wal
| MD5 | 1af7a6927229abd7929e30be250dfcac |
| SHA1 | ec2505002eb2f090282525b2387b0ffd1ccd83d5 |
| SHA256 | babfa0653382406edaf86dd5e13d9f29cb495ccbe9f9973d9f5c4cab07aa1180 |
| SHA512 | af0d8eba87b18c95c19745d84a593ae9497544c414b1fab993db0e1681c82b6e2db1c14e4c5be04bf3e4b517bfe0c7e5527ea92b0d3fe292f68f362faba99aed |