Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file was found to be: Known bad.
Malicious Activity Summary
Phemedrone family
Phemedrone
Downloads MZ/PE file
Uses browser remote debugging
Reads data files stored by FTP clients
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Unsecured Credentials: Credentials In Files
Checks installed software on the system
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-20 16:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-20 16:07
Reported
2025-03-20 16:12
Platform
win11-20250314-en
Max time kernel
287s
Max time network
287s
Command Line
Signatures
Phemedrone
Phemedrone family
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\auto_open_controller.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\th\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\wallet\wallet-checkout-eligible-sites.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2123738466\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\da\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\zh-Hant\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification\it\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification\ja\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2123738466\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\shoppingfre.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\sv\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\pl\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\sv\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-shared-components\ru\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Tokenized-Card\tokenized-card.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\pl\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet_checkout_autofill_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet_donation_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\edge_tracking_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-mobile-hub\ru\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\wallet\wallet-eligibile-aad-users.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet-webui-992.268aa821c3090dce03cb.chunk.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\buynow_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2143763221\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1609223888\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\shopping_fre.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\it\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\nl\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-tokenized-card\sv\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2143763221\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\edge_confirmation_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet-webui-925.baa79171a74ad52b0a67.chunk.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\webui-setup.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\Part-ZH | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification-shared\fi\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-shared-components\pt-BR\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-hub\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification\ko\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification-shared\ja\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-shared-components\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\wallet\wallet-tokenization-config.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet-webui-101.079f5d74a18127cd9d6a.chunk.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\Part-IT | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\hu\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-mobile-hub\ja\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification-shared\fr-CA\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Notification\notification_fast.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1609223888\typosquatting_list.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-shared-components\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\wallet\wallet-pre-stable.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Notification\notification.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-ec\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-mobile-hub\zh-Hant\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-tokenized-card\fr-CA\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\wallet-webui-560.da6c8914bf5007e1044c.chunk.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\Filtering Rules-AA | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-notification\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869604867379306" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Applications\7zFM.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000745a0f811000372d5a6970003c0009000400efbe6e5a5277745a0f812e000000d28e0200000003000000000000000000000000000000e676860037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{55F5A00F-30F6-4942-8B30-ECE155F194B6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\VanishRaider-main.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ffbc988f208,0x7ffbc988f214,0x7ffbc988f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1956,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2140,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1792,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5004,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5140,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3628,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5636,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5976,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6164,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6816,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7236,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6888,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7236,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1100
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5596,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7452,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=4812,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7620 /prefetch:14
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7940,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7968,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7960,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:14
C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6064,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7888,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7944,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7492,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8272,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7504,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8316,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=8932,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8948,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=9140 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8052,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VanishRaider-main.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6552,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=8276,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7948,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7620 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6620,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7988 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8696 /prefetch:14
C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba002dcf8,0x7ffba002dd04,0x7ffba002dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1520,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2152 /prefetch:11
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2000 /prefetch:2
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2476 /prefetch:13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3308,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4128,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4356 /prefetch:9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,18125552721458451707,16299470724692444710,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3352,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=2828 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:14
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VanishRaider-main.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7216,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=3324 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=7372,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=4780,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8780,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8828 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6940,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=8696 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,16405648007745149674,10778877325313983945,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.66.57:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 13.224.81.91:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 54.68.10.219:443 | api.amplitude.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 54.68.10.219:443 | api.amplitude.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 172.217.169.42:443 | translate.googleapis.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 3.72.106.219:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.106.219:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.106.219:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.106.219:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.106.219:443 | btlr.sharethrough.com | tcp |
| DE | 103.231.98.76:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| IE | 34.252.77.6:443 | bcp.crwdcntrl.net | tcp |
| GB | 13.224.81.21:443 | tags.crwdcntrl.net | tcp |
| IE | 34.240.51.255:443 | bcp.crwdcntrl.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | udp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| GB | 2.18.190.164:443 | assets.msn.com | tcp |
| GB | 2.18.190.164:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.18.190.164:443 | assets.msn.com | tcp |
| GB | 2.18.66.64:443 | www.bing.com | tcp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| GB | 2.18.66.171:443 | th.bing.com | tcp |
| GB | 18.172.88.110:443 | sb.scorecardresearch.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.18.190.164:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.42.65.85:443 | browser.events.data.msn.com | tcp |
| GB | 2.18.190.164:443 | assets.msn.com | udp |
| GB | 2.18.66.74:443 | www.bing.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| GB | 2.18.66.171:443 | th.bing.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.16.34.146:443 | r.bing.com | tcp |
| GB | 2.16.34.146:443 | r.bing.com | tcp |
| GB | 2.18.66.64:443 | www.bing.com | udp |
| GB | 2.18.66.74:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | ecn.dev.virtualearth.net | udp |
| US | 8.8.8.8:53 | ecn.dev.virtualearth.net | udp |
| GB | 23.192.24.182:443 | ecn.dev.virtualearth.net | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.66.168:443 | th.bing.com | tcp |
| GB | 2.16.34.154:443 | r.bing.com | tcp |
| GB | 2.16.34.154:443 | r.bing.com | tcp |
| GB | 2.18.66.168:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| GB | 2.16.34.154:443 | r.bing.com | udp |
| GB | 2.16.34.154:443 | r.bing.com | udp |
| GB | 2.18.66.168:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.128:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.16.34.154:443 | r.bing.com | udp |
| GB | 2.18.66.74:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | udp |
| GB | 18.172.88.110:443 | sb.scorecardresearch.com | tcp |
| GB | 2.18.66.171:443 | th.bing.com | udp |
| GB | 2.18.190.164:443 | assets.msn.com | udp |
| GB | 2.18.190.164:443 | assets.msn.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.18.66.64:443 | www.bing.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | td.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | td.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 8006b53b965acfa2d4f8391a0d197d26.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 8006b53b965acfa2d4f8391a0d197d26.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| GB | 216.58.213.1:443 | 8006b53b965acfa2d4f8391a0d197d26.safeframe.googlesyndication.com | udp |
| GB | 216.58.213.1:443 | 8006b53b965acfa2d4f8391a0d197d26.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| DE | 91.228.74.200:443 | pixel.quantserve.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.107:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.197:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 54.230.10.104:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 2.16.55.198:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| GB | 2.18.190.103:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.16.34.50:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.16.34.73:443 | r.bing.com | tcp |
| GB | 2.16.34.73:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.16.34.106:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 52.182.143.208:443 | browser.events.data.msn.com | tcp |
| GB | 2.18.190.179:443 | assets.msn.com | udp |
| GB | 2.18.190.179:443 | assets.msn.com | udp |
| US | 52.182.143.208:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 2.16.55.202:443 | img-s-msn-com.akamaized.net | udp |
| US | 2.16.55.202:443 | img-s-msn-com.akamaized.net | tcp |
| US | 52.182.143.208:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 8.8.8.8:53 | uncoverit.org | udp |
| US | 172.67.149.47:443 | uncoverit.org | udp |
| US | 8.8.8.8:53 | www.uncoverit.org | udp |
| US | 8.8.8.8:53 | www.uncoverit.org | udp |
| US | 104.21.55.153:443 | www.uncoverit.org | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| GB | 18.172.88.20:443 | sb.scorecardresearch.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| GB | 2.16.34.98:443 | www.bing.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.55.153:443 | www.uncoverit.org | udp |
| US | 172.67.149.47:443 | www.uncoverit.org | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | tcp |
| N/A | 127.0.0.1:9222 | tcp | |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 104.26.0.100:443 | get.geojs.io | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| GB | 2.16.34.136:443 | www.bing.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 104.21.55.153:443 | www.uncoverit.org | udp |
| US | 172.67.149.47:443 | www.uncoverit.org | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 104.21.55.153:443 | www.uncoverit.org | udp |
| US | 172.67.149.47:443 | www.uncoverit.org | udp |
| US | 104.21.55.153:443 | www.uncoverit.org | tcp |
| US | 104.21.55.153:443 | www.uncoverit.org | tcp |
| US | 104.21.55.153:443 | www.uncoverit.org | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.uncoverit.org | udp |
| US | 8.8.8.8:53 | api.uncoverit.org | udp |
| US | 104.21.55.153:443 | api.uncoverit.org | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6add019b3a586efcdb87c3ca4a3276c |
| SHA1 | 13fd77494454224745aedbfdfa7fe4e4ed397a0f |
| SHA256 | 3dd21e0f74201abe8cd74ec6a1d24bc5dc9888adc8df3e49387a080d750b5b46 |
| SHA512 | d24e0520dbbf0788040b29de11fb3f4d6e11371f08fd198b17f454955ef238679605f55857486cebeb8820d18969af9e3ae8f05e699f45056be668fe04ac5118 |
\??\pipe\crashpad_3040_MCWNCUYVZTAVWLYQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 19a88bad99bffbae6102e191cfedd75b |
| SHA1 | df476b325df883b73eda1b2349bab45aa22e808d |
| SHA256 | 0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a |
| SHA512 | 9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | f9e11f3a90e88623175a128b26306df2 |
| SHA1 | 400f17ff76a600c5523d1fb35323137a34f4f185 |
| SHA256 | a65884bd15b103a00e7ad3ce3632595d59047f8d22861c2217f4e5052997a0b7 |
| SHA512 | 22801c4dfe0716190bbcaca89a5d7513dc317f00d750f8edd141a269072f333d6a06f32906d3ee088d99e19610bf1242403047e0ea88e577c356f16716a1858e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6d3be001dc1be42717016e5c7041b36 |
| SHA1 | 105d8b3ff72d2caf7c98d1ad31057212af350108 |
| SHA256 | 2b6ea3a6f75769f35f35f0609922b760fea1cea2755fa20f97c7f44cfa139c5e |
| SHA512 | c420af2bf67ff2f8163a5ba06c80dddeb70b01b9e1f2467bb9055f22c1582b86dec1f37c1809a209f6d19593aa2a3f01ac0ba5bcd072d603b5e56c27f6b566b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee4d02883b8e5d082901f0a64cabe112 |
| SHA1 | 589facec8d24fcfef6e3a39e062ce4a5734903e2 |
| SHA256 | b0398190809f9a00821abd489130fa1a88ae0c1bfcda8a0d98f89aab3bd6d64b |
| SHA512 | 6d1864bab179635ce41d73aa930857183f729fd2cb5faac10aa65479b7ea158dd67de4b90da8e0845e416bbe69032c9bcd92994ec4dd3b9556e268acd2943688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | af3556a0cbcfb381fb251d5f4d59c6fe |
| SHA1 | 2c0c0f54d6a861bab8edd5a1ef13d0fdb14e9bb2 |
| SHA256 | aef156df12cd1916095f6cb65aa30a9ac70ada30119c7f039d14106a426a82fe |
| SHA512 | 99d58fa78759932c34e9f81d00dcd0a314e03f3bb7c41f9239b58f74491078547089d2482b0b7b58e8efe622bcd38eb2435ee271516441e22ac3460174b569c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 947ee8cf5afc95baaf27578240c6d5f5 |
| SHA1 | cb4a670ade2cc85572b246eef261b53b53dd509b |
| SHA256 | 406f9a4376a755cfda20ae028d08cb167d42c54a959ba35ee42e7ae2f6d5255c |
| SHA512 | 48af7c3310de523e35c17649797d738b2d4d9c1a8743b975fb0007fdd4badae6dc959f1b6d3c1a7f2787b760897130bf750ad2a0f44b1a19c39dc99142ff8e40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 40e2018187b61af5be8caf035fb72882 |
| SHA1 | 72a0b7bcb454b6b727bf90da35879b3e9a70621e |
| SHA256 | b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5 |
| SHA512 | a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\170ce29fd1bcbf73_0
| MD5 | 42d4238adbc8923ad4aa13a1559e6257 |
| SHA1 | d4d43a527a8a22ad1af2248ccbd62a0b38d36f0b |
| SHA256 | 80fe9ec4fe7bbc28f3ccdfcdceb17907ce4675b91ef9a3bc97ec35f7da0deb59 |
| SHA512 | 4f8b016bcb936de6a96edf14548eb7a898e2ae0c8a7e335e2dc4b0bfe2a4ddc0729f16b335c4db155fb2090e426d0f4f119807ce4870c33a6892832fb0636b6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14890b696f24395278738245f5a6e3c7 |
| SHA1 | c25bb18da337c07e96aa2da8357f9f99ec8f4252 |
| SHA256 | 035eb28ab49441c40e72c2a6e05ecab4c4a29acb0767825451219444aacfdf9a |
| SHA512 | b377e00483846b10317fc0f0c5ad4a86164f09f5dc5daca8c73e50fa0028f153a3c70aa064e3978ddaf6f3b0046ea74f301871ca334d334135f057c5dbe2a696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old
| MD5 | 5d8bdbd96d682b8b18e95420e68cb249 |
| SHA1 | f8b0605beaac8330768dd52a5ef4a8a2abb3667e |
| SHA256 | 5597b35523b147ea6fd63c4d3adce680b48d61c661ebb5ed722766f95fcd26e6 |
| SHA512 | 35eca7caedf4c90b5d0a11e7ae8d5368bcc64b43b7a23d342f0763aeff05e7878ac83564b40a5bc7eedc10f945e5e8be74a7e2c75d143bfbeb9edc8be54a2c76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d
| MD5 | 94692fd6108e230174b9ed3f95f6bf49 |
| SHA1 | b037a193f3cf4423d89dd13e624032dc3e1b488b |
| SHA256 | e47f4e4639a95988266ee2152b9e08f585639b5bab00684c19f70896fe3e53d6 |
| SHA512 | 304d40f466954410a11aee0ffb8bab5f86e912c10630a503e5b4aeb2af5e89503f925593627ea3cb9ce2a4436020d5bae3e20f09137e33ce2847d6dc3458d7eb |
C:\Users\Admin\Downloads\7z2409-x64.exe.crdownload
| MD5 | 6c73cc4c494be8f4e680de1a20262c8a |
| SHA1 | 28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0 |
| SHA256 | bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e |
| SHA512 | 2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85 |
C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\index-dir\the-real-index
| MD5 | 92a9ef0aa1ae3775c02da70db42b1423 |
| SHA1 | 78a2ca2302bac7c81e55130fa34ff2b49c661b8d |
| SHA256 | 670f7eb7e36f05744a84a7f4a27593059074b396fe6e175d7f43d8fce6447f36 |
| SHA512 | 4fd57856c03e16a0a83d26df150138ba6aad523ec64a0e7af2f5ebec23ef6062ed7f7b6edde6ac0270c942d7d517d12c63cc4176a1858dc1cbc29f50e20eebc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\index-dir\the-real-index~RFe578fec.TMP
| MD5 | 8d3a3e372fa9f8978eb5e16c57d4ec43 |
| SHA1 | e376da23c86e93b2c685d7b898f6e17383df9c16 |
| SHA256 | b813afe29203e8da1720ecad0d7d75eee8f3ae105d70e3471b9bac6b6acf7e45 |
| SHA512 | 6d87a57c1c7e4fcd811cfe940ba3f46e69eada1aaecbe9bd285dec117b97eecbdb56992bf129a8fd2d60f9f31ee34d5e8c51ef1599f863aab5ec8dc67ddf1daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 465d6faafeebab7cbd13460b5d060239 |
| SHA1 | 41bbb1795686073d344fa1dd76d4cc25092c8674 |
| SHA256 | 4c7fcf36150f5c37144b71470a579b651cf2a9496b8eff24b8ba90b1406f1621 |
| SHA512 | 6753e79d07c18ac4ddd06e20423d4a8731f2ebfb95029c8ee292964911fae6b2d6853d2172d74f7830856eed719afca8eb348c9d7832ba79ca8a061294a016c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8fa2d120758d248ffdf974ff9ab958b3 |
| SHA1 | 70ef5fe587828cf0cb5a715332a5cbcd72ebe169 |
| SHA256 | 018a2e5a7b2461f71a59dd513238c072f0a7a703b8ad9e7d205f72f2fa06f668 |
| SHA512 | bf1d11df9e2f4eb16b16080fc6a60c658b977fed7dcf8f2e6c8f15e79954ade834171d5ea9e9624668a6b7a354f7fc2b1154207c7d18d55571a2abf9f86f0812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a23b.TMP
| MD5 | 6b7f099eff29e9f83a1a755461758cf9 |
| SHA1 | ec19e2558d61a45aa7649cc5b42a22669e02f70d |
| SHA256 | 0db4f2c50ee72ff84cd20935fd6b143450f9b0437486f081c6eefef952b0452a |
| SHA512 | 34839f79144c087f368403cce51d3ee88e69b721eb8909750669065af6b8fa2e9fe39629bea775cfb3fa5aa4649a92672b2073100e861bf5b7dad0d9e66a01cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index~RFe57a662.TMP
| MD5 | 324340b6ede1b6479caf3d528fbc1df3 |
| SHA1 | 02b5e8ad07bc13b1ae5d8176acc76a03b2e621e8 |
| SHA256 | c0c6b63fae8b24e2ce3b5d3635a62e9717e24359bb189c51a6defa5ceac849ff |
| SHA512 | 95ad64e3113b7aabc852775c9e3d5451b58d08a4e488f22cbf80c7c157274d48e08f12b2769e8392bb16a8ad29b25dae3ccc1000ed164280bb9d0af12c86b0ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index
| MD5 | 002920a693d98c849b170c85a6ed5d61 |
| SHA1 | 82e70afe34ecb5d97b81307897f46c5a90664d7e |
| SHA256 | 7534d352d7164da481b1a1030d775d03e2fc89bcddca86707e21960d6a0b7a0c |
| SHA512 | 4240160a451397abd075db726de12261900309eb3ceb3396403362bddd83312c6fe5b729aef31c81f5ef20093f54174161bfd1e5e0f8dd9376fed9e0e8ee6323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86022787aac77d7a9e0a323c5a7d1671 |
| SHA1 | a479e0197c0391e27d76534668bc82327313e7ae |
| SHA256 | e55be54577a31cd59d483c16e7beaf6e7b58a99936c4b118c00c2a5f8529fcda |
| SHA512 | 342715f53b22dacc421b3403f9fc21d5f1b05067110fa45a7fae6d324a34139512782cc478eae3a61d645d2710ec22e004699bb4eb107a5b3a843855788c0e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4a9f095af3185fa20636aef6a8a80846 |
| SHA1 | 4f51c795553e788582d56841db4dc8ca1728f6e2 |
| SHA256 | fe5776d0fa6837e10e06bba4cd88fc55235dd087fe3a469d97d085e0cd93db9c |
| SHA512 | 5b3adfdd63044eb7380fce97e1abcae6d897437ffe914d50d64b2197b355ecd68c2f49eb30deb94f1ba0a28a3c62ccc6410b5a0601138d4bbf9bb29f0fdfd316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\index-dir\the-real-index
| MD5 | f4b928b28b5001f19126b227d9ccad26 |
| SHA1 | d8ee670ce1b530b2252b110eb841e637434c71f8 |
| SHA256 | 9178648d4609dd8f154f8d41b9bfa0b477fa8efda5c2a4d404b969f5f86102ae |
| SHA512 | 663fcd99f7138f259c360ee731b224cd3b40babb16ca09499455fd3d9d3c878e5e95c4c1002b9658a364ff42fd989cfc5657aec8bb48cbe7bc919eacdf3756f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d63af26d-2b86-4d3e-8923-3a7b67027215\index-dir\the-real-index
| MD5 | 464ac714c1fe3a92b533f2066f682893 |
| SHA1 | a49c09b6f0a70039597fc2c059349ff5aa50e7fd |
| SHA256 | 76c428edd4a35ce32b80d4a0449d87076005d997ad1062dc94884071dee1c69b |
| SHA512 | 9a1cd29db7dc03f3567c4b92f85f88344b3c7e03fa5390c72097ab7dd2507c1f986b14b46dc257e5c7a1abddedc72822a0152bbe524a811099937a520b8f70fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d63af26d-2b86-4d3e-8923-3a7b67027215\index-dir\the-real-index~RFe57cb3f.TMP
| MD5 | 2593e5b94d68bbc060034b60ca184e2f |
| SHA1 | da723765c2cc41d5a48ba9e2fcfa91cf5eef1860 |
| SHA256 | aaf81dd7aa38c34fc0855e6b941668cdab1e99b4b88bea300a5b010e77013bb1 |
| SHA512 | e696d0921478d2c90f53ca869897fc1d119a25806f716fcb965ceee6ee72737b0bceb352bab273e14480f8b9b8608ab32097dfe8b5fdae235e7cbf37881bb6aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | dd6a72e1d20842b3f918411b6d8fc8a7 |
| SHA1 | 4ea535f2caafd95e415d274a2287a48e2723994b |
| SHA256 | 9b47d04978b34b04fb582b733e3f4fb831795dc80fb002a36f8eb74145f94546 |
| SHA512 | 5e4934bc5b4ea0bfc9960c4c70a5d8c3d68a8a9bbf1aed288231a5d226756e393ea2aaed390e68ed2c8ed6ab29127209528cd7e1e5085ec69c1d293170b4991d |
C:\Users\Admin\Downloads\VanishRaider-main.rar:Zone.Identifier
| MD5 | fb15aa11afe0227915663f01c2d7644d |
| SHA1 | 4178c1448bc26d71e489be4d40ae7a7588db60ef |
| SHA256 | 1b1f01d1967def562d1b3549d4e7c4d3799c475fc379f9ec632c2059fa733141 |
| SHA512 | e8ec99f97c244ef130dc3437ebb3a90ce24a81fe1c90b77b8fc453e8ec820fbaebae40ed90fe2fe9107ac4c6ec92a8c773d4da5c0b5490bed4d131c619d91891 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec22f50770391322f5bb30cd9641a566 |
| SHA1 | 1834325d4edcf15cf1897c5e9beb0da1a937d05e |
| SHA256 | 5c836bd284ec9a5759e33d68b6d183c4f1fb6a1a9c37b20f4bc05d54d0eeccaf |
| SHA512 | 820e6e5816c3e002bb64190257bb97b381bb11f74171e248b50c968c1fc2c7704a4662501dd5c4d1cacdbfbd32e81c38746f500e91335c16f5da368e130182ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57d1f6.TMP
| MD5 | 6ebeba9f765cc7167ab36525410305ef |
| SHA1 | a6767b66a45c44da3db0b6b9dfa1dc0ae712bcde |
| SHA256 | 407e0fda6b28a09996daad6dd7b1e93fcaa0e6f18a27cffaaa7f8f7492698770 |
| SHA512 | 10aa6ce85fd8d55adba951a8d41561197b998c44b4f3c92a4d1497a5e512ebdaf5557e732826c457f276530b2c627c7a61727db39f086d92b9b72d6e4fae5cfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 0acfe1179cd6386c72cbfefdf0244533 |
| SHA1 | ccb1aefd53f05d9f982c195aa9ced3e4e417be35 |
| SHA256 | f77e0594b559ccbee8d103f22223416a7839c80c0e986dc7219579f0b3592d85 |
| SHA512 | f3b63d7a5c6839165ebc85060356b94d4e293f2f1105eb00c3d8464df17e380f454505be01a80ca5b2a9e658c2068c6e0f1cc862d1875961c8451ba18518521b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10404c9c80cd4b67dc31653045ebd8e2 |
| SHA1 | 6dccc6f2682020a3ee9c3bc842e3ed8f7151b4e1 |
| SHA256 | 728a4ec8791bdf47beb488972ec8d4a1ff5bcb7d99e80e36e9435aaa2528f4d6 |
| SHA512 | 9c98319189b0f7e7af681a2386e265ef60e1b650baa64654ac049525a124757cb5b5cb683fed07bb97baca5966427a7c81d3f641210e85f01ba789e2659b3fa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc309d09b23c7969d8a590812810afca |
| SHA1 | 2e5b0d029c81492c3452c238b209c914f804188a |
| SHA256 | 7139fa0795ff008d0cf6e57124275ba15cb0982cde7c5a0a6d5ffaf555ed4e3e |
| SHA512 | dc0968d2d41995a6313984de61ec0b2d3da653e700b6810ff4f5153c9907ae2ee52358c6a79c5a9872b6f4766c02dc281595651f16f5b4efd427432c4771f9f7 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | e03115ee7530777231a0051667ab23d3 |
| SHA1 | 5ded32077cda52b5527f75017552a598b0523db7 |
| SHA256 | cccf6f489961bb78c5c4baecd964442b14593799403e2b6e4d50082c3e64803a |
| SHA512 | 053f81c647b55df05bef067f26be1d25b44cdd1d5a59c4341904f0b9173a1ad6cc3209035ed4782626b150f090f52276c7d99e77eaf108b2fed52f2179e959ee |
C:\Program Files\7-Zip\7z.exe
| MD5 | b6d5860f368b28caa9dd14a51666a5cd |
| SHA1 | db96d4b476005a684f4a10480c722b3d89dde8a5 |
| SHA256 | e2ca3ec168ae9c0b4115cd4fe220145ea9b2dc4b6fc79d765e91f415b34d00de |
| SHA512 | d2bb1d4f194091fc9f3a2dd27d56105e72c46db19af24b91af84e223ffcc7fec44b064bf94b63876ee7c20d40c45730b61aa6b1e327947d6fb1633f482daa529 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 4eaae49d718451ec5442d4c8ef42b88b |
| SHA1 | bbac4f5d69a0a778db567e6978d4dabf2d763167 |
| SHA256 | dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58 |
| SHA512 | 41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | d882650163a8f79c52e48aa9035bacbb |
| SHA1 | 9518c39c71af3cc77d7bbb1381160497778c3429 |
| SHA256 | 07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff |
| SHA512 | 8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log
| MD5 | 4a623f1eaad87f1df348400628cef807 |
| SHA1 | 17491e7ada7054937f7e28ab8a1befbc50a2f52e |
| SHA256 | bef7098ef010e671087b9dd5be2ce9613860ccb0034628508102d97daf5d53aa |
| SHA512 | 9f0cf4fd908720a6047250052514fc22100f1064b3ee4b1d6b321de2714730c36d9f286567115087bcb4d22b4bc4c4f08a1235daa5055406bb4e3338c546bcff |
C:\Users\Admin\Downloads\VanishRaider-main.rar
| MD5 | 3d15d9b5d05223d0b812f1f51eb05ecb |
| SHA1 | 7f0f19e7128f546193685be6efe39a2ec61d8175 |
| SHA256 | c39552926a046eca64dab7cafbc9002ae22d592cba749fa03b6416b4a299431d |
| SHA512 | 7c65b4fddf10687c119718d136e45c570c4a5f9bb2ddbb23731813b5975d79a91ec062d7722909ede8ced4ac5a6fdb654ca9f1780546f50400f5de095f088ef1 |
C:\Program Files\7-Zip\7z.dll
| MD5 | c4aabd70dc28c9516809b775a30fdd3f |
| SHA1 | 43804fa264bf00ece1ee23468c309bc1be7c66de |
| SHA256 | 882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863 |
| SHA512 | 5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58170d.TMP
| MD5 | be92e0f7f5962846328d4e1e94df764d |
| SHA1 | 5ea6d96a588a01b9c1cba90392e507442456ddf1 |
| SHA256 | 25f2ed7241f614d1bf7e9daca12c4bc448aaa25c20aa7edc74c37f4ef557be34 |
| SHA512 | 683a741dc86aa9714abc2d0ccc2c16bb9429cfce3de5b3be862c32556992f88eec5160c71dd29ebd2b23f943be226b5946c58d7257034908df3532fec4ea0aaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5416b551a2d2c61db838290f3f5fad8 |
| SHA1 | b8dcd7d520b0012689e87dc7e631fc77a1e6e8b7 |
| SHA256 | 1f47fa788a171a147e106d0f0cbef05bb3dc5b7032e9e8bcb63df8a280b57b80 |
| SHA512 | 522a6f63cc58910e2b4a06cdcdd970a65faf6e5b35a9f779cae82b152a87fa2a9faa703fd12fcc426e0f8eddd794a612622c4cd3f5ddad8210fec5ff606226c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | b4a31ad7236cbab44efec67b3dd569c4 |
| SHA1 | 707290883a5305e8df0e37823da078112b6d36fe |
| SHA256 | 0222e9f63c5babcf0d48a4b1f10174855575c8812ae1f408bbdef541e5a68f38 |
| SHA512 | 3107d5a3ee93edcc08dceca5526fc12fe14ebb7be707a332c830636e9f2aea2bc9aa7d4fc25839a913b0e5a0cbcc61292c60f946f9240d1050d270d6980d3c99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | e8666b1baa92802aee93b7f28349f385 |
| SHA1 | 8640796d047dbfa811a2a1948afcca041bf7ba1f |
| SHA256 | 7454d2fe75a06dd90633812e800b0a65d96386021711c73da17881d6fc004626 |
| SHA512 | 6b991103f2b242ccafe7d581996ea0d10a3012d019b2fd1c3a2228ce5b3e67943cce5e4481faa5aad2508bbdf2d3e8e74373ce679da7d1c94259ff49749ed4ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 41c1930548d8b99ff1dbb64ba7fecb3d |
| SHA1 | d8acfeaf7c74e2b289be37687f886f50c01d4f2f |
| SHA256 | 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502 |
| SHA512 | a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | aab192dc135cda9c3cecd9dadca524d2 |
| SHA1 | d050ba1c61b1e554dcdd0a893ff933434d079249 |
| SHA256 | 2c5f3bc25403fdbb86be7de3340c93e35f1f101d8690cd9923a0a6ae0ca7a5dc |
| SHA512 | 77580ce764299f166af6a2014471a22de62a1c03a64acd63b66f0a7abef1a1739458b8d9cdf10789c4a99f2a5546509014241083d78b5fddb92010bd755cd3a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0d2bcb4cb23169e4d0dd5ca526683b6 |
| SHA1 | 5b18793febb10c13212cd202bb2c61393940bcb7 |
| SHA256 | f360d76a7ab5382ebe7daecce94b5eb8799d878e89808dd6fab8bdc75da9cb39 |
| SHA512 | 11d58521f5e8db01c02143b7ea5a0fdf9ae37efc3bf4bcef2173ba0b79eb8a390f44d54d50f8b575224a5686d74c7a8e65a0ada97597ad9d20481ca43a391287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 78f52f121d1a54cfd949ccd4975cc256 |
| SHA1 | e979725bc9bb0d179bf4711a9dc8c0126f7c664e |
| SHA256 | 2e42f721fe746275f8a9320bcdff2cb8f497c0ee2cb30c87ec8a5778767f7253 |
| SHA512 | 6b227b191c4e5eabd4318ccac942ffff949e6ecff3bdc7cecc7d8bd6841f525b05270cee3777dc1953bcfa9f68eb5d018fd8fb0b111de8c3b753b3a3726127df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
| MD5 | d2987160c87cf307de32e4e64f6cf699 |
| SHA1 | da40011de9a9ada677d3065ff3364bdbfce7fe63 |
| SHA256 | d8ee5c85c8770540568bdf5acc8dfd3df218b3cfbc50bf5f0da79e30893597ce |
| SHA512 | 028108b59acca3b56647dd1f36989eb9e7d28263ac3cb891b051fec6c5328ea1a98a36d069456aba0aeafc2b29d442a38d4f05de52a4ae4520fb40227aadf82d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\ee91b116cc2005be_0
| MD5 | b94b1c5e34816debff5cbb2d16a014b6 |
| SHA1 | afc7ce6ebc587c35c0c4feb13eff93ec16f29ab1 |
| SHA256 | f259a569b3cebd431face26e1a4a0a99836769f081755d4f3ac623995fa9ad27 |
| SHA512 | d9383f9fbc958d303cf69633bf64b5aae318915ff232f293427d397d51c4e0b1265f7c3d83dd20695e5cdee57ecff364ae9d71a598c10824f2c540f0bc50183b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82c9e6b3e9009d32bb9a368de2b18573 |
| SHA1 | 0b868a1d03c9ae7036c1fbba52247e60fcfdda30 |
| SHA256 | 0a2c5a6c8239486ab3beead1c6f4c8333d6fc48b28cea6ab0925b32257d44964 |
| SHA512 | 6a016c19e57958b039bab8cd4fa00863dc70c81b5ff00829400badd87c115617e7056e9477b0bf437d4f61e42d9ca41ee3338f9957dc2f78ffa9bd5e54dec87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 069e71b734b439f78df59ad308eacca3 |
| SHA1 | 444b689c93854c8cc716ece3b9426a47f08f6541 |
| SHA256 | 5b2eafbde05a225063e86ad163bdea44bfa44a68547b72ecf4613f7c818be6c8 |
| SHA512 | 87023a277e0b27c2160dfedb9871fbbd3076cebe0e25e3e6f74b997c0304dc3edef28d667a9dc371cebbd829b47c212faf100e41205153e9fa2766d9b9ea9dfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 8824c3c7a5153355d359ccf9ff99657c |
| SHA1 | 85927fcd6a2e41871607ed231aec27e5b00bf64f |
| SHA256 | 4b3dd1e1987cc48dba6564c93fb696e8f26bc2ffd9f3697778358d6ac65db44b |
| SHA512 | d3f3916926765d8e2f0983238540da1c22462ecd553c231666ef840b322cfd026637646f4be5b36ee99da3f47a0149224165d9b4dcead705888b58ddc80ebe12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\index-dir\the-real-index
| MD5 | 174552ceb87baadf07def9ebf02741c1 |
| SHA1 | 583089bd2c08d3c35c6b355b8c475a3f7d136513 |
| SHA256 | 8b154134240af8a292e8caf2f6ed2433ae6730db486e312d73d3bd9460b8d3dc |
| SHA512 | 77f96ee40a4bfdac71dc77d5cc4037da781294d35f38a8a548cab77bb2be100d5d02ed58b4ba077148989876c6bda8cc8a5115ebee26f42e7a26bc8f14e06e82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 139895cefb75c9fe1de4ba8373970699 |
| SHA1 | 7d6ecc2d8052cbb14eb003b435cf0d1f2c101c53 |
| SHA256 | 67493ba6438e1d0af9ad9bbb147c5c93c9582ca168232818cae20a1df881d34d |
| SHA512 | 845af0baa18aedbc1b0232599cad4a01741586812125212311eed5d14dcd8580223560da592a5b91469e10091dab6c3acba6effb184492a4d4f350ef47adb010 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG
| MD5 | b52d1cf1d52556924d1ad696d427eb72 |
| SHA1 | 0c286e33d5be4566504f2fa617269d4e44d7cbf8 |
| SHA256 | 1df3927dec9ce8e826ec9149c2180d9935df6c0ed616174adecdb4befc4c38ef |
| SHA512 | 35f79f13191c199de3bc18a95cd29cc789eed3614a7eac320fb628be3538e0dae81a028eee4b32f0e662acacf350e6810040dec2f33ddfd31bb9fd93ea027dd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 536f800428c5f6154846cdfe0b633931 |
| SHA1 | 27b1f141ccb1d9b3f047c92646edb34ae6443b2c |
| SHA256 | ac3c7c32fe85a2978eabbcd97abafb155504daa445c5c4ba509efffb70c66e17 |
| SHA512 | b237458872929cd8d43f96726af46e213c07ecc501c811111b62b13982b9f872232b6b3925328d48540c2bc830757332b3c9498cdc6cfab795f749048037ccfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | d92a88ffbbbe4964a749f540ca353d9d |
| SHA1 | 7fa3be77ed7990838f59ed61b089f1eb37c0ec06 |
| SHA256 | e88ba291144b9e085f0a971fe66ebbd2499d10768a37ceca1308b8be32adb42c |
| SHA512 | 90246cccb88b8ae2b2deb996c70b0d9d78ccdba68bfd89addf0a4fa180c3f3fc160c4fca282783c91a314efa80d10120bc51cf0c17be1245399daff4139c2f69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e
| MD5 | a00f88be67c6d1d35fb715dcfe979be3 |
| SHA1 | 577a6cbb5ca3f0a03f15c8ddeea09412ed97e4ad |
| SHA256 | 70249c80030135a097ed0a32e5a5b31e8c3cd449894bd8b7f88a3eaf6cdb1e0e |
| SHA512 | 52da9a3fb0604e87c29856c307469d46a658f907bee0608f59be22ae91ea999db4175a956b81452c1a399b654f182cac60b513a92bd23a7b537100582bac3476 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d
| MD5 | 4fc560a33ee7d7f92c80ecd6ad7054a0 |
| SHA1 | 40f8c0b097c4ab130f4d0a1c2b5ffd03c985cb53 |
| SHA256 | bd49e27cd2992425b71f24c27f740a6500b3a97c94fddf0a9d0c1878f4c84697 |
| SHA512 | 6d6b7d0c20486444fbbc42a93b22126e447b4f2c90be0b878de347590dc6e11bb8519def3cea91b7dd723757ceefac3a64d36d75b6fdb433157f3f8c19086607 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f
| MD5 | e344ffe4c42d0bd6ce582309320ed274 |
| SHA1 | 1274d5f99d61bc98dc9d14ac67de0934353cec2c |
| SHA256 | 1856673f290b60e700d17afc618dc9b69b2f1343991009a8ba804bd0f20f3127 |
| SHA512 | dbef3a90caea1db80c28d3397185ae507cbc4071eb7473fcb10b4f892f53fb23908b3c02b8575fff7ab27fea2babd70a8f5684380bdc287eb3b51bfeeeeaa768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b
| MD5 | 2b3a50da14baa1b43f0f413a84e34c8b |
| SHA1 | a23f693526a16507733ad96d54423e6ffc2a32be |
| SHA256 | 63f8d57468e48e6695b1c9e6eb42b25f113e26c8d6f99e30f2f04e5f82fabeea |
| SHA512 | ce00e74df7d3bba84e631a8086426272b6998ad2583a158d8c2e01e6ce96e0819125546eb8b161eca525540853929b862b0aafc8ca231915a80ef1b51907691a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a
| MD5 | e93a7b0487c20bcfe9ca4e102ee950a8 |
| SHA1 | c9a60cbb5cb81746f9d2d4dcf43a72257804f75b |
| SHA256 | ac27be700e31e255097e00096ba3fcd034aa9347ffce69b35713960aebe27941 |
| SHA512 | c86b03fb76ed7bf17c8b14c6ada4a1d0457905cb87841c0b5d7d7751179c36d883e27753fab13da914c163b507ea43eea79c1fb90b570a383fd2a0d6779a2b0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094
| MD5 | cbf7943de02ac06279fc2fc95f9e6698 |
| SHA1 | 1fdb5d1270f940bec7f8679f19ea58bcf7563db3 |
| SHA256 | 8cf4fc8c6822f3743e93326c7c6e9086942ffecdfa6d911013aa286fff2be78d |
| SHA512 | 865e518efb06ffaecba7484b00718505ae261a48b8a1c5307710176cac07b9dfa4f26f178698a66077d967117a093578f7cd70930e6bc216b7c9d7a721e28632 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e
| MD5 | 126603dc5cf7f2aaa4f014c6f1b3f22f |
| SHA1 | 2dbda64230fc6652c905fd12fc704631a874d8c7 |
| SHA256 | e446c1c9ffef5f742051d48ecef519177992c7d77eb14ef781b4076fa1c7dd22 |
| SHA512 | d6b8e193b55440fb18bd637b0d40f8cf3a9f0bd61ec4bbec5d8a4bffbba301e283fe8b39c2a34ced9ceef34ead7f8b45c35e4de6494b335ad5c4c358cba521b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
| MD5 | 2461774b056015cd03e0e9bef57f8c5b |
| SHA1 | 531ee184a2b017e0c9582751198c8b9463bfec87 |
| SHA256 | a2bd5249ff35e5d16b84ab1f75e3c4a30dc00c5a0cdc142ee0595ab8154df796 |
| SHA512 | d83fdcd17033c866fb78be0c7fb43599f0436615d856c707fbe9748b985f4fb50f3e351c2afd0b85f06a0ab7f8fb1d999dd6e1b7f154a76fd06b9abb2c8ff5c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f
| MD5 | edff2a505ddbcf57d72bcd16ed0d84b4 |
| SHA1 | edaa2dde0ada20c983a3df59f15b8653e1c3c3bf |
| SHA256 | 230249c55b3085bde5eab2fadddcd9a77e7995fcec2ef059e5e9dc2c99e1e61f |
| SHA512 | 17cb71705f68767728ce7f9faec1c88872886f73c5f9a936da5bf1dc4614c03675d64913029da1c4b4d3129c1a099cea015273a397f83127cee1fccc0e782c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\index-dir\the-real-index
| MD5 | 1f9ff20191011f1256eedda0e66e327a |
| SHA1 | 66f22c89a67efb0319c9eba6c8765068ed8b3678 |
| SHA256 | e802e2dbc65f22c1b1f83fb409698351de914061f31dfea8d97f5e9666a400c1 |
| SHA512 | 13e2ba4f5ee6662346a69cdedc5ba6dc49564e598e58ae0116787d687bd57e9f79ed2ded26bf5cb263e269d539ddf6129df420808753c1b01bbf0ec57a488351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d63af26d-2b86-4d3e-8923-3a7b67027215\index-dir\the-real-index
| MD5 | c0a9884c36fd79bc7686f4d2a7495699 |
| SHA1 | 4d97973b1a7a94583ad97147a2618b11cf376b12 |
| SHA256 | 9b64c37b8ccd1999e441451cddf137f99dc049daed154cbc23b679c93e247f7a |
| SHA512 | 575bfd77e6544a74c4a3432dbddb601576691e27d4300d383f9ccc06fba002968d946c9977f9379702cc2968782f7ec8457f4044b09d5ba13f22c3f7e56d9cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt.tmp
| MD5 | 21a9a1b214cb61d7cce1fb89e52f3ddf |
| SHA1 | dbbbeb6ad96e908962c213c34ec4c702edf1095d |
| SHA256 | be5b91b89dbc9e158be1cd53509b929c71344dd01305e6d6e02adfee4c772e67 |
| SHA512 | c63ad25dacd7d3f963c277798aca13b7840fcc96bcacd058a00f36d7159a5e7addac2df52a91b1d17c983867c43a1050cf804b818f0a1b92efc637a350637822 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e5286413bf90a54e2a8f2b57de0013d8 |
| SHA1 | 0b7bd4babf501c7ef437c0966c50b8f8a8d448ab |
| SHA256 | d15c8f31283dbbf77539a02fa6b6b39a6e31784ecad1e7f127d7f4722161cf47 |
| SHA512 | 286ca922cf3ea53630302bcfd172c553c35c97da0d242942227c9b0a1081e5be17d7ad0afcc9a35488d0cdc5d9dae76f4ba53f2b22724a85a74809c7d06b0625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c566b0b54e0966567ecc6087b86bc38e |
| SHA1 | 3af585775e033414d36947a939c540570a044446 |
| SHA256 | c6810b43fa3ef77391fffa6638d4d90aad34b9bac41414d978e119fdfdfdc02a |
| SHA512 | 9390b404248a17259ebbc02f26386710b8b0eafe05cf12e5c3d17979b406f1bc78e72c8f709e617eb972b3e7966f2bbcc41ef1ed26d7e87e6b2f63056559be81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5dc85c9bba7b7622b1e5516e824b894 |
| SHA1 | 5cf0b8270c2c7b89abfab80d334d0c72ee066263 |
| SHA256 | ff23babbb6a190cfe65e5b5e5ebf7f435d674c4ec5ebb8317b6be1d5c405f749 |
| SHA512 | 68b53ac187cdd3e386aaa40fc9ee4b65c027aae500dd67f45d3fcb1ca6a2f47ed7d9a2322643c99a92297b2c06eea5358cf26cfeb5825bbf044885c9173e0833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | bbc866220110cc06fb52809e14a437b3 |
| SHA1 | 7b54967716e6845cfce33b6bbcb9433e3cb079d0 |
| SHA256 | 036750022fb9e6288ee04cc956bf71250a23c43228e70f41c05ac0bfa7caacf9 |
| SHA512 | e004be111b192afbea03338192020ce577ecc50d72e108129a75af6c3fece612053ad0c0926c22423c9da7d13f9a95792ab28d79fcaf3b4d66d9dc3ba1ac59a9 |
C:\Users\Admin\AppData\Local\Temp\7zO0E560169\vanish.exe
| MD5 | ac59764dee7fcebe61b0a9d70f87c1e1 |
| SHA1 | 4faba8946b946a6eeb121561417ae13e4ec8c606 |
| SHA256 | c6487e1da77c82d40628312680ad43343cff5b92462ffeeffed30f46b23625ab |
| SHA512 | b71f1dbc069ee6612b0d6a136d77080f919958e7a6bcdf65260e04ac5efc484042aca0716dda8199970bf7f2d0f4864a4888e3b0dcfd1ef858c615f839c3ac65 |
memory/3200-1956-0x000001B815660000-0x000001B815688000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 14e4d6ac37801500183a01d6b26911f2 |
| SHA1 | e689ef7c6c04d21c519dbf20c65f6da7721a894f |
| SHA256 | 830b47f29a96ab252cd85522d5e38e8e5b822efa3b2e42a971c035a5b137b614 |
| SHA512 | 185a6b0b30e311a7918f82a520835ad02c1ad7812b9e500c99491ad9d63f92c3194ac639fa0f8799e0f9d389a01da2ba773db1c23962b8d64c5ae1e4c38b0308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 3e45022839c8def44fd96e24f29a9f4b |
| SHA1 | c798352b5a0860f8edfd5c1589cf6e5842c5c226 |
| SHA256 | 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd |
| SHA512 | 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
| MD5 | 00465b827667a1e056b435f7a8fc56be |
| SHA1 | 2219e6b4476d1ae94f36cada58c99f47e49a430c |
| SHA256 | 72634b06aa838d77b77b56ed48413ac57fd568dd41747428043bedab8c3fa010 |
| SHA512 | 526cfb5348f44191107ad9510d3817028112a0f691149c726f22826178e3a8ee41a6801aa58869a14e2b1f6dc27d7648b28bc7daf19dbc7dc22afec11dc8da5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
| MD5 | 5866d1872b69791d585c8c72f7b401c8 |
| SHA1 | b47a17e8417097eca1d2fafc3ea8b5c8bff04cd7 |
| SHA256 | 32ac53a16cd3271ec9c4993db6b1dd707ecc10587867bc868e7e8a25650c84bd |
| SHA512 | ebd5e6dcc64f2f0cc22683fd915d5ad86ae5629d871eefdc798ab53fc9008cc67713788067a1002c73713527d2496b74a175c0ed6ba1d8d7f5a3198926501fc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
| MD5 | e0d05a0e58948fb2cb5eae977374be0e |
| SHA1 | 0f46ee095e9c764a6d3c325562730e18220e8daf |
| SHA256 | 3e249c785ba141cc0110e058fa9f454eefe0c6fbf3b959744e0213b68f32914b |
| SHA512 | f602e1d97a62795c71af2dc7e3dc18af953cba8a0f77a7feed02c1989b9a0d52e52ea6ed9f44c01bb69fb847aead9f0a17fadf1ea1ebd886a91ff6a93e28bca2 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\adblock_snippet.js
| MD5 | f5c93c471485f4b9ab45260518c30267 |
| SHA1 | ee6e09fb23b6f3f402e409a2272521fdd7ad89ed |
| SHA256 | 9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690 |
| SHA512 | e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1617070900\manifest.json
| MD5 | 2188c7ec4e86e29013803d6b85b0d5bb |
| SHA1 | 5a9b4a91c63e0013f661dfc472edb01385d0e3ce |
| SHA256 | ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62 |
| SHA512 | 37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules
| MD5 | d7c9c6d2e1d9ae242d68a8316f41198c |
| SHA1 | 8d2ddccc88a10468e5bffad1bd377be82d053357 |
| SHA256 | f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547 |
| SHA512 | 7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2431eb49e76b14376c106d6433213c8 |
| SHA1 | cbbfbd1ea462badb0f4a3a1390a594a03457867d |
| SHA256 | 73d54132b03917ba5dd1184f3ae3b9535c55949ab3ddc9dcc0e56949d7e1ad8e |
| SHA512 | 212e3e4dee62a83550a41c7e878ef80b01b3c93ce7294c33c0f10bac375e2a821a6734c49b139b9d68e6d4f497f591ff5c5c44a950d8b4fc3bbcb35d6a2f3c0d |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2097161191\manifest.json
| MD5 | ba1024f290acf020c4a6130c00ed59e0 |
| SHA1 | 01274f0befca8b6f4b5af1decc4ade0204761986 |
| SHA256 | 551b8c76c19c654049d2d8043a79b8edb3c03e1b695cabf76b4076ed4921ae28 |
| SHA512 | e55b871dd3500f30d639089cc42a4edc3bd4d26d2c4fd151322a363fd8edec82d5345751953f9b581e40f22b6a8976faa0ea7ec9fd286f73f747120c87ea7157 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\manifest.json
| MD5 | 7122b7d5c202d095d0f4b235e8a73ca5 |
| SHA1 | 0cca47528a8b4fb3e3d9511d42f06dc8443317c2 |
| SHA256 | 93b603f06d510b23b95b3cacd08c3f74c19dc1f36cd3848b56943f069c65e975 |
| SHA512 | ad6fba6e0710cc26149dcf7f63143891aad4ebba0cc45670d8885fade19dc1a50b542a15b10a7604b6b1be4b8e50fcd5514f40c59b83cc68bd10a15ab2a93c1a |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt
| MD5 | 8595bdd96ab7d24cc60eb749ce1b8b82 |
| SHA1 | 3b612cc3d05e372c5ac91124f3756bbf099b378d |
| SHA256 | 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831 |
| SHA512 | 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\Notification\notification_fast.bundle.js.LICENSE.txt
| MD5 | 7bf61e84e614585030a26b0b148f4d79 |
| SHA1 | c4ffbc5c6aa599e578d3f5524a59a99228eea400 |
| SHA256 | 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179 |
| SHA512 | ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_1768555119\json\i18n-tokenized-card\fr-CA\strings.json
| MD5 | cd247582beb274ca64f720aa588ffbc0 |
| SHA1 | 4aaeef0905e67b490d4a9508ed5d4a406263ed9c |
| SHA256 | c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5 |
| SHA512 | bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-checkout-eligible-sites.json
| MD5 | 16d41ebc643fd34addf3704a3be1acdd |
| SHA1 | b7fadc8afa56fbf4026b8c176112632c63be58a0 |
| SHA256 | b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c |
| SHA512 | 8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-tokenization-config.json
| MD5 | ae3bd0f89f8a8cdeb1ea6eea1636cbdd |
| SHA1 | 1801bc211e260ba8f8099727ea820ecf636c684a |
| SHA256 | 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d |
| SHA512 | 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-notification-config.json
| MD5 | 4cdefd9eb040c2755db20aa8ea5ee8f7 |
| SHA1 | f649fcd1c12c26fb90906c4c2ec0a9127af275f4 |
| SHA256 | bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd |
| SHA512 | 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-stable.json
| MD5 | 2e7d07dadfdac9adcabe5600fe21e3be |
| SHA1 | d4601f65c6aa995132f4fce7b3854add5e7996a7 |
| SHA256 | 56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a |
| SHA512 | 5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 6909fc39fa01618e214bc656beb36772 |
| SHA1 | f2c1fc2afee995391a971a16120b496d08220c0f |
| SHA256 | 05a1744de1f4313a7063538fdfc3d62bbaea87a6b3005aadaa91774f73268bf9 |
| SHA512 | 1ff056546fa60b021cbb0032699b19e16f4bba9b96155b985f0e9a4c539f9aaefa2b23443271895f340a3ce714ea500ba97df7c13c08dab7004fe92f7ef31ece |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_2123738466\manifest.json
| MD5 | 578c9dbc62724b9d481ec9484a347b37 |
| SHA1 | a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d |
| SHA256 | 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0 |
| SHA512 | 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640 |