Malware Analysis Report

2024-10-19 07:12

Sample ID 240505-j1xmyafa93
Target https://mega.nz/file/jqxVWIQT#EcaGfUbysreSEyuzDiIu9RNSIk7rIGYTYiGugzjLoqE
Tags
nanocore evasion keylogger persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/jqxVWIQT#EcaGfUbysreSEyuzDiIu9RNSIk7rIGYTYiGugzjLoqE was found to be: Known bad.

Malicious Activity Summary

nanocore evasion keylogger persistence spyware stealer trojan

NanoCore

Modifies Installed Components in the registry

Checks computer location settings

Executes dropped EXE

Checks whether UAC is enabled

Enumerates connected drives

Adds Run key to start application

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks SCSI registry key(s)

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 08:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 08:08

Reported

2024-05-05 08:21

Platform

win10v2004-20240426-en

Max time kernel

429s

Max time network

779s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/jqxVWIQT#EcaGfUbysreSEyuzDiIu9RNSIk7rIGYTYiGugzjLoqE

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\godhuntermode.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DHCP Subsystem = "C:\\Program Files\\DHCP Subsystem\\dhcpss.exe" C:\Users\Admin\Downloads\godhuntermode.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\godhuntermode.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DHCP Subsystem\dhcpss.exe C:\Users\Admin\Downloads\godhuntermode.exe N/A
File opened for modification C:\Program Files\DHCP Subsystem\dhcpss.exe C:\Users\Admin\Downloads\godhuntermode.exe N/A
File created C:\Program Files\DHCP Subsystem\dhcpss.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\godhuntermode.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\System32\mspaint.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{F00F8890-8DB9-4E98-BDC6-7BD15F187268} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\Downloads\godhuntermode.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 64681.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\DHCP Subsystem\dhcpss.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\godhuntermode.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\godhuntermode.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A
N/A N/A C:\Windows\System32\mspaint.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2196 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/jqxVWIQT#EcaGfUbysreSEyuzDiIu9RNSIk7rIGYTYiGugzjLoqE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300 0x470

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8

C:\Users\Admin\Downloads\godhuntermode.exe

"C:\Users\Admin\Downloads\godhuntermode.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /create /f /tn "DHCP Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp7772.tmp"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /create /f /tn "DHCP Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp77A2.tmp"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fd391afe.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7f9dcb29.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3428 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ba6c3171.vbs"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8954252987890860282,4179672308508578317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd4,0x10c,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0xf8,0xf4,0x124,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0xd8,0xdc,0x10c,0xe0,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0xe0,0x100,0xd4,0x104,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x40,0x100,0x104,0xdc,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7138413558253227350,12288916614247194872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xdc,0xc0,0x108,0x7ffce33e46f8,0x7ffce33e4708,0x7ffce33e4718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6541626517622421692,1912925466605200789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,3795070441996784804,18419501745391962985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0x100,0xd8,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2738675195520079679,3850033831590456740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec9846f8,0x7ffcec984708,0x7ffcec984718

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\chkdsk.exe

"C:\Windows\System32\chkdsk.exe"

C:\Windows\System32\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\System32\dwm.exe

"C:\Windows\System32\dwm.exe"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.138:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 138.61.62.23.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.138:443 www.bing.com tcp
US 8.8.8.8:53 gfs270n070.userstorage.mega.co.nz udp
LU 31.216.148.27:443 gfs270n070.userstorage.mega.co.nz tcp
LU 31.216.148.27:443 gfs270n070.userstorage.mega.co.nz tcp
US 8.8.8.8:53 27.148.216.31.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 july-pty.at.ply.gg udp
DE 209.25.141.212:32243 july-pty.at.ply.gg tcp
US 8.8.8.8:53 212.141.25.209.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 79.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 pornhub.com udp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.18:443 ei.phncdn.com tcp
GB 64.210.156.18:443 ei.phncdn.com tcp
US 8.8.8.8:53 22.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 18.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.16:443 media.trafficjunky.net tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
GB 64.210.156.22:443 media.trafficjunky.net tcp
GB 64.210.156.22:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ei.phprcdn.com udp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
GB 64.210.156.22:443 ei.phprcdn.com tcp
US 8.8.8.8:53 unpkg.com udp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 ads.trafficjunky.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 66.254.114.154:443 ads.trafficjunky.net tcp
US 8.8.8.8:53 a.adtng.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 154.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 ss.phncdn.com udp
GB 64.210.156.16:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
US 8.8.8.8:53 hw-cdn2.trafficjunky.net udp
US 8.8.8.8:53 ht-cdn2.trafficjunky.net udp
GB 64.210.156.22:443 ht-cdn2.trafficjunky.net tcp
GB 64.210.156.0:443 hw-cdn2.trafficjunky.net tcp
GB 64.210.156.22:443 ht-cdn2.trafficjunky.net tcp
GB 64.210.156.0:443 hw-cdn2.trafficjunky.net tcp
US 8.8.8.8:53 0.156.210.64.in-addr.arpa udp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 july-pty.at.ply.gg udp
DE 209.25.141.212:32243 july-pty.at.ply.gg tcp
US 66.254.114.41:80 www.pornhub.com tcp
US 66.254.114.41:80 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 july-pty.at.ply.gg udp
DE 209.25.141.212:32243 july-pty.at.ply.gg tcp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
GB 64.210.156.21:443 ei.phncdn.com tcp
US 8.8.8.8:53 21.156.210.64.in-addr.arpa udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.171:443 a.adtng.com tcp
US 66.254.114.154:443 ads.trafficjunky.net tcp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 ht-cdn2.adtng.com udp
GB 64.210.156.0:443 hw-cdn2.trafficjunky.net tcp
GB 64.210.156.22:443 ht-cdn2.adtng.com tcp
GB 64.210.156.16:443 ht-cdn2.adtng.com tcp
GB 64.210.156.16:443 ht-cdn2.adtng.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
GB 64.210.156.1:443 hw-cdn2.adtng.com tcp
GB 64.210.156.1:443 hw-cdn2.adtng.com tcp
US 8.8.8.8:53 1.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 27.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 july-pty.at.ply.gg udp
DE 209.25.141.212:32243 july-pty.at.ply.gg tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 64.210.156.21:443 ht-cdn2.adtng.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.171:443 a.adtng.com tcp
GB 64.210.156.1:443 hw-cdn2.adtng.com tcp
US 104.17.245.203:443 unpkg.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_2196_CHZPLBVZPZRZXYVO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a07fcd7a6323ce5863cd03978af4c54d
SHA1 acadd8c06b8067ba29459344c6997787dda75306
SHA256 20b323d94d628e1c875396b81c22979315a840fa5392f9ad2426a30a5c88b7ef
SHA512 a30acdf1c3cb9902f9e0f75eadfd3ed8f2b4bf954591de671dff1d26619a30e00c4eea646c7d9343b82245c9a0391c961eca73e67f55faadfd2455d1e0bffaa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 286b72e2d6040ec167f3b094c3bce0e7
SHA1 e362eac9c8591591a5c417155581f640a6b3c1fd
SHA256 2b77efe294e0952d3ad4153ebf106c0998331b547df91fc48a801e6c752c9d7e
SHA512 95fa2df0adbaac5aec036c28975e7fa24b038134b13787741f7f6a3736a0487abd41eff808e0c6553a9a6668b63030e7969dfd98098d76d92e6a968a2476c649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc415c88249a28b24a3e88e2ab90a0da
SHA1 209bc411afffb7cc4209b9b0de33841dc079952d
SHA256 4692d58a7f877e173c60dff37434624472264c693f5203a58727cf87299d9c90
SHA512 37f8962d60e8ab524453dfb1dbd6be57cd02a9dbac5cc8452800d929b283a4ecb2619fe2d0e6964c9e070cef9761ddd87d68a1a9304ee481b18a837a9db64454

C:\Users\Admin\Downloads\godhuntermode.exe

MD5 fa27771b02f19cbd8ffca1099538858a
SHA1 ae591814aa4b40bc0ecf87a50d0fc1df9d16c7a7
SHA256 26fa94e684087b55f0d0ae839904aba0de3d6bd7f8fc2d19ddea18e6f66b8396
SHA512 c985071e77314a5a3687a522fff337c3ee4b08d228b999694a6f5dbeaadd8b03f717b4c5c50526cb45cff319aaf666a7ddae63f402ed023e8246865750d821c8

memory/5680-177-0x000000001C1C0000-0x000000001C68E000-memory.dmp

memory/5680-178-0x000000001BBF0000-0x000000001BC8C000-memory.dmp

memory/5680-179-0x000000001C840000-0x000000001C8E6000-memory.dmp

memory/5680-180-0x00000000016C0000-0x00000000016C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp7772.tmp

MD5 27c110eeac8b064d06586616a32e5ccd
SHA1 c02635e49bb1bbc6a2966e0b7952fff0892d3cf1
SHA256 21ad204215b4be0d8900c4f8d19a58fc245db473b3d15101212899b8364d2294
SHA512 a6928600c976c1ccacfb98c80dd5479f40768100d638babd36da0efd1c34d4dbb7ca555b59d25a8713ad38cffbe7e4ead1c6731820286502a4c986cd93b15c7a

C:\Users\Admin\AppData\Local\Temp\tmp77A2.tmp

MD5 0fbd9807f0c83972cb1427b4e01f2d12
SHA1 9a1852011cc1771b3e40f3430bbf9ba3713c7c7d
SHA256 5f9a59be7c04f1de60e0fb648b3fa989c62dcefda47c08f2ec31eec42c644535
SHA512 81c962b71040be6d5185435ad661514dd1586ff859218a6a58844d20a77596f349ed96b60d3b62e48456492afd4f546491fdf6ddad4c2d8a0ba33c3ecd5a4d87

memory/5680-189-0x000000001D0B0000-0x000000001D0BA000-memory.dmp

memory/5680-190-0x000000001CA00000-0x000000001CA1E000-memory.dmp

memory/5680-191-0x000000001C900000-0x000000001C90A000-memory.dmp

memory/5680-194-0x000000001CA20000-0x000000001CA32000-memory.dmp

memory/5680-195-0x000000001D420000-0x000000001D43A000-memory.dmp

memory/5680-196-0x000000001D440000-0x000000001D44E000-memory.dmp

memory/5680-197-0x000000001D450000-0x000000001D462000-memory.dmp

memory/5680-200-0x000000001D690000-0x000000001D6A4000-memory.dmp

memory/5680-199-0x000000001D680000-0x000000001D68E000-memory.dmp

memory/5680-202-0x000000001BCC0000-0x000000001BCD4000-memory.dmp

memory/5680-203-0x000000001C8F0000-0x000000001C8FE000-memory.dmp

memory/5680-204-0x000000001D6A0000-0x000000001D6CE000-memory.dmp

memory/5680-205-0x000000001D030000-0x000000001D044000-memory.dmp

memory/5680-201-0x0000000001880000-0x0000000001890000-memory.dmp

memory/5680-198-0x000000001D660000-0x000000001D66C000-memory.dmp

memory/5680-206-0x000000001E380000-0x000000001E3E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9801acae6e3df7b5fcc86e3a77e097c
SHA1 0cc69865adcf2d88a644076b812a78b8e58dcf41
SHA256 e656dfd8b95a17feb2c145441f72fa5afd4da5516956ba19e2e54ee950467ae8
SHA512 84468c1ac89e58e44e1f4273ee4be832aea282ec46ac06024338c24806464314ffb2542df4165b904abdf18a904643ee5fac4ada656f9c830c3e53fcbf8a22c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 beae77c5adf9acb6ebac78db1609ff56
SHA1 b59eb570240242f362ee8a2f88e8fc0ebd907c72
SHA256 a14fabf06de5b5f0bc390d98d07cb62ec8061cd9ee319da6af5198662c107294
SHA512 75431a184d80814fee0339d0ebd6f58f494371da8a3fcc97bbb34d3320470420628293bd7820b984347435f3b4d4cc18c7f902e1b188eb4342a3cd117f5809f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6315b0f4b7796b09fefe968bfb5e313
SHA1 a1d4d536ac8702066d80622e029686212dcc6d1a
SHA256 2cbc8b551c7b42400887376215f239da5a5d5dae4161c11c2ec489907e0946d5
SHA512 fdccdf1fa33e5f8a3433590dd3201e367999e743c37cfc2f0d77a08985262c0a0b5a334bb59c0a573b26f83be80784f66bbb58e38d6e3cdee35402ed40ca9693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579635.TMP

MD5 4fcf4f0dcb9271a7133cf6be8a2b33cc
SHA1 4c5522bad83c6e8dedf3d2736e4d49925c6be1aa
SHA256 da994a4a81835c80e8478a0057e44276baf0f87b75e5ec9f95135206fd35e75a
SHA512 579a6f190cf7adb55fb17a3678b2f79550284ed35521605daad582fdb7c488a9ab7f4d19044dd0ebad01a43d62ead71e0593a4cce31fef03cebd36cdb7e02f30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 113182a1eb9f484c36442766a910decb
SHA1 63fe54e499ec84503aa9026fd5e8eb35084c9bd6
SHA256 0fd763c027f4943368d2c02ec24e9ade90df50ed5674e449fa1e27f27c57a493
SHA512 842cd262cb5206305e961d4c6fdc031163ad0f66077d5c3e0d13d85a5a88f4efa9e924f823670e7441b1ab65054dc4e1edfe443e7f463f75a19d1b509c6a3d8b

C:\Users\Admin\AppData\Local\Temp\fd391afe.bat

MD5 d229105818dbd31beda5c7ac688b9144
SHA1 239f10f37e9336455831a837c37d70163428d908
SHA256 f8fb4cba52e082171390b683d30b50458bb448f96cf5aa7dcd0333ae21b6aa51
SHA512 fe491f078c34fce2878864f007d78675688684614a4c9af58f835228cb4b102d974afc70ccac8bd456b5ebd105c8b28547b2e34b13b4fd7da9e452721f914d13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

memory/5680-286-0x000000001EFC0000-0x000000001F4CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7f9dcb29.bat

MD5 9dc0d60dea713244cbc827523c242b8b
SHA1 a52952c85055461fe98ab1bb4f345bccce9d8c94
SHA256 c01daa14e2e6c62ec793390f8c69bcedfb0bf01e23083e55c02af0158d46aa4f
SHA512 6407c8c582041029605a272d9004fba945d97e8a4dbcb942f6facd8049e70adf113be1a68e76f15b224d9ffa4c0b42a37fefb08aecd4879b8ff708095568ae5d

C:\Users\Admin\AppData\Local\Temp\ba6c3171.vbs

MD5 4b4eee10ca7ce39678e34812d0d99fcd
SHA1 887246ae31161c8494241e2110e4e870ab5085c7
SHA256 da36498c1ce80e0330382c43b46ec54011a48dd5359bd8633bcd6fd7d146ee34
SHA512 6c79a237bc1f3e9a3d7e13542de75ae7b2d423bdf909ea79ab803e5b79bfb11fc818d666d7e03fb00350c97ab860d330ca6760b756b1d1d20398d094c2d791a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b10bc071f2a7c445bd8644aa9b5a7394
SHA1 22778e84c466ed369e532feec1d455fb7b9d5281
SHA256 727cbd8b64ea3c6c3342c863fff7b6f132ad52b4a16463fd076ac853ede2580c
SHA512 bbc78b31b7fe3e717fc49b83b1f271b3a0acec469252adf8d55af18bf0083b42a82e05a63acacc785f30514335e29970198c18efcf463806567d9cbf19b1124b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 643e63bf4bd625838ec63c14c8d12beb
SHA1 8c6f1a426125870af21a527f706a6164cfd2aac8
SHA256 35c725da797f5ab2e3ccf1b22667c3579fbd62e9cbee5f45b08c58c7eaddb8b5
SHA512 751d0b8cafc858f7267dc6f7bad749ab73dd6cf1528fa36855d812217f2043a83934e5f9700f46bf4509eff02a9e0a86071b5676f995654b4e16fc5ff1a259f1

C:\Windows\Debug\WIA\wiatrace.log

MD5 ef29c46ce4172fbbc4d8e4f927a80f1e
SHA1 d2c4dcf4b58ef0d2c1177a07f2760534274f328c
SHA256 a631e446b8b5b0a5cb0cee601aaeb3bebb2baf627f738175c8a73528fb31152b
SHA512 449d3b306f257c8642abfe43e9ae0a271d69070441f8681768bec1848ee45b7d1a4cffb12e61777399c9ffef2ed0813d3d41f1318baa8ebc0873e54daecaf595

C:\Windows\Debug\WIA\wiatrace.log

MD5 0979af4ddaa34fee7691e228487a8d39
SHA1 51fc98f164ed5f37c8e3068b97566b6afa353925
SHA256 018be1c2c72b45ff53babd3f4f6d035882da3b5e4107e3668a9ab5efea859971
SHA512 3e015bff4f83fa1604ddc9acbfd7f89ef871e0c600b2e62ef4d40521ab637f4af2d33c2cef0258722c4b4bfbd7019929aa65b774ee6a19936991bae1a212d184

C:\Windows\Debug\WIA\wiatrace.log

MD5 cba88607660bef68133cbd62bce7e05b
SHA1 41a6a8fb1f23cf27a4f548e1212924e04158f365
SHA256 67a3e8076a1c764854db9588328cf6e68e65322e9749c020f13eb1e1962418a3
SHA512 7b15abd0020241da55685ea44801c20e08b7b5dbd014995d567396e29e0c0b66766e5d3fa1405ad6220a19d02bd2d9968de584858a480c303f3c4c11a22cf01f

C:\Windows\Debug\WIA\wiatrace.log

MD5 7dd6557ca911b7eea1d68ed678ec3d69
SHA1 c55335d13f01880f327a208f27c192b2a7897317
SHA256 948bccbab715d8a05d0384c71ad5b4c826c7c7dcbc5cf72e9919d4450c051931
SHA512 0505942df21135c23fdcc73beebaad2be8bc7e25fef6096e189ba25307c6e9f0df00f607659d58e2fbbd5f51636f76f1b279ed5404e0fc27ac820ccef9703c03

C:\Windows\Debug\WIA\wiatrace.log

MD5 5981517d59f00ffaed82e30d1f28eda6
SHA1 e0b3a0712c5f37e042bd0b21306b0b6d8f5a18d7
SHA256 4851005fa044749c43dcb45b92ffd38e84b6f61c21f2b3e6e384a251ad658010
SHA512 72bba8ae2a85ac0c43c4b26d7678428254d8e960d3804499545e9910eb05e6dddfa9147a6b658d6699decc0c936c0c804b0688d0ad03c3f4a83715bb9fa78ab6

C:\Windows\Debug\WIA\wiatrace.log

MD5 9e13e847be92f3351017b6eefb207213
SHA1 9ce1e59ece78d1f86dd9ab8b43758b7b104388eb
SHA256 a62162bf980b1feb57948000980c3f352e87ad007d22e6c6d912d6eab32f45ed
SHA512 947255b7c44b364598e589227c9c4b7c829730f2e7d42c8ae6e6d4d21d836f4f61caeb09187382aa7277c50feb2f5b4ce11cd3fc118ba30705d8349ea29b6c00

C:\Windows\Debug\WIA\wiatrace.log

MD5 8e69252cd31004db972de725f2d8b034
SHA1 d8c684904f9a0476bbb5fc2c55d23f8eae56affb
SHA256 95d31563017d6853f5dd4e225506753e8f065124fc2169aff402febdc2ea0bfd
SHA512 5d4f05350baa8baba9010f13c9ae78720986520dbfbcaed590ab586788f2981f9099fe5f20ff2694a5fc35621024cfd93027d8dcfb2ab858fc7bce5c6b03333a

C:\Windows\Debug\WIA\wiatrace.log

MD5 ffc9f542a69d0cccdf5fd65cf73e9258
SHA1 a2ffdae1fde8c2c4667e9f47b166fa714f6ccc26
SHA256 8b58e59de128b1d819e3ec54f71bb78584cefc2dbde2f95bdf306da2a21ef2f2
SHA512 6e529d147706abaec8c6a4464c68e962b41ee511c136e96b184a2924db7f5c5a8023b437f46c53c8da2055c8269276a4aafc24f32e87ddfbe8260c37b93820a1

C:\Windows\Debug\WIA\wiatrace.log

MD5 d8b32baf72e5c8daac1a2ca7d94c2d3d
SHA1 e960299d2c453cdf00588736508386574f4a24f0
SHA256 8597e151e9252042b9c3868493e0b7aad7ed5288fa3eecd847cdeb2c5517778f
SHA512 9bad67d47943614b701141d50588f7f7eba52539c5a33985de9eec344ed729e6f0b093cc5f9d39e9d09c02a6292dd14b99be73cdfd6556aeb61c79d87f92c553

C:\Windows\Debug\WIA\wiatrace.log

MD5 f159c496460e816be5471b59f627a855
SHA1 251fd587086f8c169954f8271eae4a0ccd3bd883
SHA256 4d73e777cb4fa8674254fdaff54ba33f8b4c6298264315e1f1d51a18f3b0015e
SHA512 1347e68bc61d2cdc6ead48434928ac0f30be2c902ccac6fcb52f6603c25d305188f96efe024f5741eb817167b97eb10d7fd3b5940c90d8d245d173f1644b4ec3

C:\Windows\Debug\WIA\wiatrace.log

MD5 0db5654fe4887b726c60595dffed9262
SHA1 136933adc8219b98a335d77c4c1eb521e52e1d73
SHA256 1f1187ef338252aaa4ed39595795462fccda8bdf1da7532b0981b3b4743a65e8
SHA512 45a0ff0819a9f48ca23f165bfe0a4387f49bc3210fe1a057652bc32eb1d4b50c86a9b288038f6bbcd206c0133fcee7b138dc004f8287e04ff56a3647b797a98f

C:\Windows\Debug\WIA\wiatrace.log

MD5 bcf1461015a74f0bd8b4cbc6169f5cbd
SHA1 68189c6c483ce0332baeb12af64137e81555f9ee
SHA256 b8119b4ad5722edcd2f367449f5e60b314ca9fe210e8c6afe43c1db156044c27
SHA512 9aa1f447eb6fdab709b82ca99a1cd2666c1c3a6d990894418a8415a204626b78749c6f340c06a12e73e94b66e2451b1521087b7ef86f9128c6cd1536a8f805cc

C:\Windows\Debug\WIA\wiatrace.log

MD5 2cc658dcb64aaa43922158a88dadcdd3
SHA1 727b223dafba653dc869fb8d05eb3f5889fdf954
SHA256 d1c5cf5df86ade85609ac53caf93d45c65be1e32d2919bb19c0618abb88fe539
SHA512 a10087acd022053ce8e069a5c940648483eb19649b2271ef6f2907c58c4846fda59394504860d3518cba0e6605a6e74183632270f8ea54839633c03a9a7178ca

C:\Windows\Debug\WIA\wiatrace.log

MD5 abc5470349dcd7e8cc14cba8a864be96
SHA1 e47ce7a901fb5f2d7e3484d5c4075620d4958a36
SHA256 228e320b4d063b794f05c91a52d290f28ed3ea658fdf6798b16234c8a2c76e88
SHA512 5fa4ef35d4c7aa8b6b85ee6187a8ec088dc00d481e873e0141935297fe096333c5337dbece480104e68d68530cea321ac85ed5409d30908cd92859757fe255c1

C:\Windows\Debug\WIA\wiatrace.log

MD5 8d78743f5136832bf4fa50a4cfc549ad
SHA1 2153da241201cffcb44d7924301f14cda6d9cfb1
SHA256 2b3b0dc39370c9f336717f74b924f34ad820d3ed810712106226954ca9b3a202
SHA512 61e04c8e20789b6c43071b52c424ce5aeb55d954363c8f9af2433d971b91d0eab42c8485c53d91662cc0c28e937b62981264c4e2c5e6324f80e131bc76b74375

C:\Windows\Debug\WIA\wiatrace.log

MD5 724a0d0e86035164267984557c13b0df
SHA1 432075a940b9c747cd08bc4c5b5aedd14ced58bd
SHA256 33589104a4c21e7cee7445eabe6844f5c520c798bcb08cb96ed5f2b4d9b725d8
SHA512 c6baee3b60d3fc0d54383e85da1516c31b839c71cd12d00be52601abb986d06bc1eb4b10e03cc88b9e12f7e896136a113e6fb3135eaff6176f57779f5d1a23da

C:\Windows\Debug\WIA\wiatrace.log

MD5 9ab5dbbd217b8ca9b7ba59e3d6cdb0eb
SHA1 11cac25b6290d528647c1bf662a5618e3139d681
SHA256 db83b97e64e1ff7157fd90345187b8be261e9e3df56eaf996f8cd49bababfbc2
SHA512 eef3cedde83c8754c4fc103b763b7f01ec4277f5c762bd843cf445073abaaf6c39bac2d5993c370f148f287e1a753bb0cbf94b36c2212151e47b02e134b61557

C:\Windows\Debug\WIA\wiatrace.log

MD5 047d7bf807285497e5c6565f2f6f9194
SHA1 b31919bac13aa0899f8cde83268ea2537e69f32c
SHA256 6a0c11d54c9e816da37a5ddea4d068be39e1971f586f3eac865e9fe25e0f2bfc
SHA512 b07b063b1cf8f605107dfca3202083f811faf41919dc10850d8c7e44bef271bd5515b7ba7532d51d0c248691e4f153d3ff2994dd214432af3eb8d3d8e07fdb8d

C:\Windows\Debug\WIA\wiatrace.log

MD5 da192aa3223a9730ed8ba3491cd48116
SHA1 1cf501f3a804ceb32c81fc3a8b5e01c6eb243457
SHA256 41bc243a81d2a4507848d6e9580299f77051faedffc813c147798bb3ce8e7d66
SHA512 b9076f49334ca2604c8ebfacff4c39066296877a88967c3a26ee3bbf7cb2cd137382b309db2710947cf73ddb5616dcf5e1665baa3c0591c5ea81fe19e5b3c2d1

C:\Windows\Debug\WIA\wiatrace.log

MD5 fff17bd4f097cd28bf7ff414dd5d616b
SHA1 7f75fee0f15360cc3d3fa6d2685cf15773701672
SHA256 4556177e89aff1028f001cbc624a43156f69647276907c0b30365b71a93acd3f
SHA512 7da0a984e99dd90f418b0300567404f3a0875c6e5b3bf30dd6e4abf3fba578e625b6a5fa0e3f07d6fe8691359143c63bcb8f22ac2d2ec220b0c5f601025a7fe5

C:\Windows\Debug\WIA\wiatrace.log

MD5 84a6215eca0ca047fa5417999918d5b6
SHA1 88a907ffc477a3e54ed676eb56f26c3d269f9200
SHA256 76ad26161ae670246f3a263d87bc8181a5e0ee57a71779fa28254b485dae4940
SHA512 d61d1f1e04a3978190e20c27b45c11e1c55b843d30c3c33622e9e35bef714099525ff538e139df59b008c3733dc5269b01664007191fb9f9fb4285ffa51af9eb

C:\Windows\Debug\WIA\wiatrace.log

MD5 0988d2fd296f7526da4ffff6524a950d
SHA1 4cfc23500165c311e8a455c5ba775678988191d4
SHA256 111ea0b49643a7253838e1b07d19d762f36bb7ef843f1952e132c4d0cf8beba5
SHA512 76c247c2750c02215b66c7bb1249f1a1e0d68429821b29490d85c91fc3d53e089df66d3c0a780f4edfe472525cc0b02644062f8980bf9718fe1c0a2b7093b32b

C:\Windows\Debug\WIA\wiatrace.log

MD5 365bc47099ce3ca474b33f7d8a679ad4
SHA1 af4553850b8122e027b8dfe47fe1610649f73e43
SHA256 0fa60d6937763e2a08b3a8df7d6513ddabb9c16a9e4fe75a30e0ea5fab545f10
SHA512 9463fa99fa4749d1aea81c38af7dd8df46299bc15e7bdfec6e861448ebb0d8bef5d2fae2a4abb7b569daf07883916abba4efe2bba52f602cd0e157dd2218304a

C:\Windows\Debug\WIA\wiatrace.log

MD5 19dede4a1561ad637f06b8dc62a30ede
SHA1 26990ff494534c3318ec2b223f3f5b409f25003e
SHA256 74e2a632db175f1ea472f066d2805b34bab9b24d1d7e37fedba5429cb38c81b7
SHA512 3b2f24bba4b3e64efee4fc7595aaaaa4a5582da94bfdf97763f100ef3f84c17ece2f2574e48ae33477e0b895a34815f1ebc3c35132bec62c8edf6d4cc2eb3d3c

C:\Windows\Debug\WIA\wiatrace.log

MD5 434683e9aea46759a5ece31f22c7077d
SHA1 7baf1a2948ffb93b417a1b18898fa64787ef1107
SHA256 aedfeaa824ac42eebc5ea5e2c5abe68d9b41eddcf3758086f3abdf81d348e8c6
SHA512 272ad01c599e6913c70a225c48a2fd1320340d6525d53ead97086314b859a038189755e170bfb446d6a742dcd21c6f13f09e7650d14c586b61d6e78a1d7fbac3

C:\Windows\Debug\WIA\wiatrace.log

MD5 c5702593d62f6e9490ce745809653d81
SHA1 726cde8f693ec30db9d1279887fbdec914eaf127
SHA256 75411f323e62c357ef3c14ce3b91b9fbdf22d1a9c5f388374079765aa5323a66
SHA512 7d8fce4016d764101a1547898b41ab559f198c6403c86afc0203cf585bcde8478988dac3c3f26565a0b6484f96780e7579b60750af8fe1d90d44b010e3610cb1

C:\Windows\Debug\WIA\wiatrace.log

MD5 2f538ecea140d0fdb529172bfb781887
SHA1 71f40f8f0fa315c681d82273c1046e068979e962
SHA256 43703dfc05d8d0e4fea6a27fc73ee99114a7261d4572fddaabc0c400563d46cd
SHA512 0b4ffe4282952b8f85cc5c9abffc0147651f11213c085d5b8dc123b56837168fc04a55a5ceb7be2cb62d4af5d4033db6fab8cbffc30cd6764ba1eccd9556b7b7

C:\Windows\Debug\WIA\wiatrace.log

MD5 1cd2e090d7ac62f2fc02266a2902353b
SHA1 bf13b1dbb7170a020510c9b57ec3b1947e16495b
SHA256 ba8c7e8a0c834eb468252baf5c8a5e23480fb8c592d15aeb2bd1255d88f728e7
SHA512 be74a8b63cd1e24af3aae8e537f034afda400b03ab7a59c81b3928bd8949ff6c7fbda2a78a9866f7a0d667f8df2f9a185239bb97a5f4e73a66060c5ecf2a7c32

memory/5856-419-0x0000000003040000-0x0000000003041000-memory.dmp

C:\Windows\Debug\WIA\wiatrace.log

MD5 b9dbd5c2f15173ec83e6f15a5be461d3
SHA1 183b8592ff1380fb694a014484fd9d9cab0ada45
SHA256 a30f1ef359c521ace9555ccd6da2d8a4b4c9c871b3aa91bc2dec976256761e06
SHA512 80a5b658ba56365a420283cd370f5f73300532543180025557cd8409a7bb66dc4da4a4b2be8ad4d6f9d4be41f35916cc1d08c9009f9b673199b76d3c8e1662f3

C:\Windows\Debug\WIA\wiatrace.log

MD5 7896fc5c8697da26893043a8b8901058
SHA1 9d67bff6e119fe33b6dbc2f0c8212c3025047874
SHA256 fc6ace5a5896755b05849ccd43b21b830bc23aa692d1e73d80272b38882ab772
SHA512 fc6b79cf62231c08f32eed4e11bd6851e12f6146b2722dfc365f8d5bd17c486fedde8522613a9f3d9aa685e0b3d21092f24dd03af8a5c007672401ea99fbfe01

C:\Windows\Debug\WIA\wiatrace.log

MD5 58b933f0d8a389236909fc19f7eabc1b
SHA1 f6bbb1107479196f6148233405d04d210e0fe868
SHA256 60c200e01740f6b5769777c31b3cbdd0894498dab556e4e8134a6701ed02229b
SHA512 879738bad6381ec80d274419e3b0e8c013a06c53163be94ee4275546b6f480424e35d088a09c3a6611f36485055a5acd6f1f069b4712f335d61f6872915e3378

C:\Windows\Debug\WIA\wiatrace.log

MD5 e250580cde1ed4e5bcdbcbf8ae7eed38
SHA1 e75943ae16e9907062ff54f71292704608e3833f
SHA256 b76c0c09872ee2424ef93b695d1ec1fbf04ed6c5e2b168942795d8835273763b
SHA512 d7cb633fcdd1fa9580364464441aba063d7c555c8e90c65c7be5cc063c9dbb73ad7609a00d097dc601a277f048bffd8c4fb801dac8318fbf8d88a44e0c598c88

C:\Windows\Debug\WIA\wiatrace.log

MD5 e138f14a769267db63644d5d87310053
SHA1 826e2fe89d8fb4e6ff301b67e4183685c53e4e79
SHA256 7418a6527a976d3c3708e0ba4064579aa7599871963ce94c2161359dff94f097
SHA512 b1f92984ecf880762410cbecf376916e919d6a502bd7d852efa044ebbec8a96934ee79b338c69ef9d1733f5236177d3cc094af06a18da04160dcac0fc328b1f1

C:\Windows\Debug\WIA\wiatrace.log

MD5 5411104e472f211f3ecd6d68dc811b93
SHA1 14c9745a7417aa53efa72cdaa2a1aaa7d4ac5630
SHA256 25e7196f6291118609132704735e57af46e5a3393d1ca11512fbdaef0a63afdf
SHA512 0416f76aaf38e5499eb4f72d808bb15fc8ae88da6aeace7db9d81d43486d01b7c8519702eb45e5705da7bbf9877c099d8474b9c50e79645c83c0670cbae0feee

C:\Windows\Debug\WIA\wiatrace.log

MD5 204782784ca651a35062fc1f069e6444
SHA1 2512ac74e5e133368b5bb1771805efe34aca54f6
SHA256 9e2a825ac7b4c0447f11782bf13080bc38021854637a512a8a6cde117340572f
SHA512 63fbd73a458357a341379833db72d2a86bbf749026a8a7cc84f6d2bb586f55765d090cd5d0881cee1f5f137c54fed1fe285f093592a1c03300cfe77c61d2cd04

C:\Windows\Debug\WIA\wiatrace.log

MD5 d2c693bda4c4fc8d9b7df618ae64c542
SHA1 1066c378ce95b0c0473b45337e5c52a8f937f395
SHA256 c70b898b42fad2e56d191eb024862a1e9657cd75f09c976cbe445af1f08b31eb
SHA512 de0a62d43a418b9a7824699d0ff29ed7a87e39d665857c210e9e44d07e8c53ebd2b5052c43d0c5467f46b070cd52dab504f455ec3e4b2941d73f57d2a0462f38

C:\Windows\Debug\WIA\wiatrace.log

MD5 fff67ec4347e79809037f67d39946c52
SHA1 2bbe60f2d46f37e284b1757bf19c8e6310b71e4e
SHA256 89099851e14897121531a65f3e2b42444924bf8d7dd02c080e8725b4ee30c0e1
SHA512 85bad4834992bdc0dbe50b54037b0f9220e8d7056687dbcd9dbd01e161927bf7f2f64a10add741c7e542b5bbb1e96ad20402dedc85d843ef2d518d8e255869da

C:\Windows\Debug\WIA\wiatrace.log

MD5 078d92c9defccedced239d5bf5244cc5
SHA1 3ab74ab535d99ba5f7b71c35e80b98e6f4161fce
SHA256 3ff3f717768039af9d36f333750636b2caf408597d01a12fa6e38921f1c76a51
SHA512 dbac60841ffadabc9b73a43b7259e8ef96790397f8666e1c9783d1753c6a5a1a150259d30aa31c5949a88d9abd975b2d4169a4e234d230cf19cab2310c191f64

C:\Windows\Debug\WIA\wiatrace.log

MD5 d9d031bf9238f3bcf61824f8f266cddb
SHA1 7b95d7eda438f745e20d7ab13ccabe804295962d
SHA256 beda1ede3eac51bee2fd4e3a9c0a3a15c5daaad24743e946434750ef3e7561d2
SHA512 6d2287f96c711208844f5db79308f0c4bd43b3353baa6f6bc410f14ee953455f9d577a12af3770f4935e2a41207db74192869357084cceffd94fbf2833a5648c

C:\Windows\Debug\WIA\wiatrace.log

MD5 cc007b791295679a0695d5440b1cc8eb
SHA1 d9e1243f12dd69213ca769a536425a9c02d6090a
SHA256 758ceb38860628a6c9ff9d9fda7555ac65dcd596e334614f05920986ae3a45c8
SHA512 79cff7c1c667c2140c3621eb82d93bcf12e52bad94ba22bc0e79770596d27504c55ce16db94240fb6dffc4af9fae6c2de5b7b3f47c4bc465902a726e621dfdf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed8ffd060507259835f776ded216f54c
SHA1 e9179310bba1a998b7c2dc31a62a925903d677e6
SHA256 9211e535f90f588a54e4d9e1933a0040d93b7b84b8c3631c700f390548abba5b
SHA512 a40aea2f09adf1ffbb0b629c4582fbb84f2e1c7f80fb34d00c8f8659a28c6956086cf8041e85e2219a3c8bef4a2028db119ee431717bb4f1c7dc75ae108a5924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4de99e2e5da8fe5627b8bf11583ef1af
SHA1 d9fc86065353f7801473689c1985d9b19f52b398
SHA256 263d5f4c68e04b27ba787dbe49238a7ecfa936512a1878b2232f14ff68d8ac02
SHA512 c4888b7a3201aadac9a638c07d3ff390e65c51d1c6a5d427b0a68de26c6e6dc4be2d9172c0d352d590f29e16f6aa85da1c7a8b0579d52f426f52682248bf21b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 75f1d5724eddb6c481e2e87727c0a19d
SHA1 3cfe079018e25b2646f23e0744bc5af2114ee256
SHA256 751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c
SHA512 a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b51c72c8d620bd8e97e033ca5f77eb4
SHA1 c3b080237c17474a4ec89da8c5c05f55e8469090
SHA256 23831756bb8a33063a3d23dea52716c579995a193fc49e5e2a7337cd62cafdd1
SHA512 892dc4cbd19b140ccf043c3f9f62ba25158fb6c8ec9e9fc1d1a36ed34a92da4b94374409df5f64015b108d5d5f80de7573ac7a5a9b7d4c75a3a885569569a23b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38f33c410d3ea55c91be3ef5bf8d43f8
SHA1 573f02811e40596bbcc090cd17b1d2816503778f
SHA256 3098a29234800c729f412e14ee9e4a5d34fb05ce64784b6ac9df7cb58ad57886
SHA512 7ee39f1b01d70e5b1b4112421f282253a5e1860edde84134ba42e6dd9483326dc38d7646fdaaaba30145158e90b8da684c05f04376281e59ee03192a541b0bef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b442b21a1963439f3243bc4ce85fd5d
SHA1 1dfc16b62a8f443420e1e0385bc98781bd25b5c0
SHA256 9d4922b2a1afe009bc9fe600a52e244ada74633ad29542c111d76362953319e9
SHA512 3a7f3351939e9b35de337b6bf15502f1181b859ad5e4643ccc7c0711ffa9133f8a3829a80c55912c2a66207dcb396d1452db49051c8e0b6bc25be55db39e5c06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 42eb72aae045b6e17763085077b7e3d2
SHA1 faf86819a6e60c69e4bb824e70a30a3a500a5d39
SHA256 61bc6939f5f42be5c409c0cd1aa1ceb63a32970bc055c1f30ad82007455937ee
SHA512 73d094cf05a2fc843afdcbe4b9ba51b19e2b1e33a401e5c8643726fe582d76d04fc05778511a0902c00ab6daf7b9130f25ec1bd2f673c269a31cf22cf67c9b52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1fed202e40df316a4a56b3df8358954
SHA1 809f42ea853fad4e22df2828cfae219bddd8ce3c
SHA256 e8722731ba5df0b3cc6e36e0282eeb20810973b330e02b4a5b8ebeb986f4aba3
SHA512 a6bfe0196250b6a4e434c118d11f66a28e3e7518cbfce00eba9a9d03e9943dfe154a0c6f13a911c97d88f2e15fd6d68c7f9e3d426670e128af23d7abc273824b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a10a720a1bb4ca6a_0

MD5 729eb0eab5b079a97786253ae6d2adcd
SHA1 3db2475a2f15d7b20a8e5fd0ab18e61afecda04e
SHA256 cdc304fe2789f51ac5f9df3ce3f73b7a140a641673975e2286259bf351e80db0
SHA512 04b8f4aca615863631b994660396e1885bdc3adaefe9e3db2a4fbfa44396377c0bc3c77dcf41566312aeee88a562d129eb5bc2fa8366153b59ef9b364cc6d880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f36646a2689d6294_0

MD5 078e3f2b38b1c144429867a167748812
SHA1 80cbc87d2edad50e53fd87d32b9872e3b19b7062
SHA256 8523565ef57b30ccba491a7d924c0e329d3bee8b0700f8c33350138155f3aee2
SHA512 6f1d8436da9f6b5c9f49f382ee208d336225d6b2977b4d540333714b6f147dbb80c79d13905b0bdacecb37318fc661a1a94697766312998c28abf09f79c8b740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794a28efef760392_0

MD5 87055676f2d7e112503e93ae7f5719a9
SHA1 d9ef33c4ab6f0a316219e565e9b82bc656c46486
SHA256 6b64f0ae8ef823508ba1f87b9b0dd808d3785edd353f7502a1c3ff5c685b651a
SHA512 1481796a20695d9f9ed6f965d55d93c9d25ca63432d66e838197c3475b0241a3ce656419f38f2e465cb8a67cee1b996b942f953c5ca3d10e1c729d0a4c6d707c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0703586a7ac1f49_0

MD5 b2f3abd6f546015e2dda01a44605cf92
SHA1 acb0d20341df124ee5ef3ea3612edd6fd4a1a78a
SHA256 7541691b8d9f684eb19c6aa70872d6cbea9dc50c0807dbd8ae70234bb8fb3129
SHA512 629b6fec8641406787153034388cd5f35efdec81919a0123a716467a1e70f4a9fb2d18f193282b807a39d11d9a54dd7dea20c9cc38ac3561f30233ef3d52973b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5454766477332684_0

MD5 cecabbd90dc9dae750946507b73352ef
SHA1 c13811202110e5cf6683ca3b81e95e769e58d4da
SHA256 7aeaf40396a7fda4a8fa1bae5cc77f18c264b95997ec17223e730f58e84e75e8
SHA512 0b5279be90eaa32a0e23c88f2b8b2832c05f8e11568eb264c605bed2a89f1c33655f78844348927c283887cfb26ef3ea4fa8950cf856f0731cc06549a03a03ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b217822e1e724b9_0

MD5 42aa479a9079814a6c6edf12518a9784
SHA1 8573d75b103817d891db553dd001ebdffcfc99d8
SHA256 8158d57cd5dc6ff51ef3cdd76da033e8f301e07ce8226fd78bc3a530fe66e94b
SHA512 da9812a92de44e0c8c3d436dda2e52712509bd02ed73492fbf246edd482752b0cace8b7bc42b53cb9ebccf02c134dac7088d08dd3bb69be9f73cc7b0fe5509f6

memory/7040-703-0x0000000003A40000-0x0000000003A41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f36646a2689d6294_0

MD5 891fc45843923df81bee6687e367371c
SHA1 6aee0ef5a66bdf48a2d962bb4e49b2d0b3692ccb
SHA256 a8b0ee6d02d94a41906604b5226e4921c0ca4df2694244308c82b65d312fa52b
SHA512 b0a3ac2364a107c72147ba0367c7a33e8274d61722d354889e0330f1721ac75e1d1e0578371640c20c7fb1ee01f08754ed299a18ce535faa73bddce30763554b

memory/6612-741-0x0000017770540000-0x0000017770560000-memory.dmp

memory/6612-766-0x0000017770900000-0x0000017770920000-memory.dmp

memory/6612-753-0x0000017770820000-0x0000017770840000-memory.dmp

memory/6612-857-0x0000017770E90000-0x0000017770EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95e65792d99c22e8dc1237bfa31ae928
SHA1 a678455e338960a82f65a4341e817a28798ab687
SHA256 40b9bea697768e78f805dc2682e91954bbf4dcbce284b455882b048bcdd9e551
SHA512 618f9ad6192ff67ba819fa866b2e42a12c8d2a09a6e5e9a373adadf07d6bf7c70c0bf3bb06eca9e0743fa8d49700b2d54220e9d41c7f624a5416514e838ee879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 4e56495c183f58ed37b4d12ef2d175a3
SHA1 34572eeef7ff8a59efbc7d88a63a0f51766efeb0
SHA256 896467962b903ba642fef6baf96b80bf0542cee29654ac357aa8d76953725eb0
SHA512 80e86ed7386bb27a3823fff3242547c85a54ef6448c0d853522345d9d9689a6b407039311b0f69067a4d3e98fccb95e52f8a656b998af8c42fa7919e10998ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 e3ef760339fa699c028ca73c8255271e
SHA1 ab589500d38d817ef0a59574a2a6ecb9cffbf459
SHA256 64069d6d4a08911a84fc564f07c34417412b95d40d84ea31061ac7226fa0435f
SHA512 678a03adc2fc471409fe2ca2109ba47314b03bd02157e548d9b61870a32984308ffc8774b807d823f61e9fd489ef743d0c075d5e5f8b6f794f353fb6dbc1f9aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 aa6ad8e9f00cbbaf2d4eb888c106909b
SHA1 9e5426a62d346e7adef24c3553c87eccded3b377
SHA256 305c1da319eb0e629a1c13252b72db8983915199f1702878cc7ef569ff1de71f
SHA512 fffc4d40393f472e84cf98d1144516f80d3eba27c586e93f697d70f306a969017d972e7b87295ec6901f66b752fe7122964e8cc93de2841dcf3bf2bd82f8b682

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 5a16d31f5aafb6faa08ac1110f135e3f
SHA1 87df7fe0aa4a6f518dd237803bd72638bd2b90cf
SHA256 91eb454ba34c3c40bd85158046f285e797a21dc861e5b60cf05ad7b604a539d8
SHA512 f55a1908999184304a213fd93edcc40dd6092db8702ec33dc61bf7ebf77980b52545f2b6a526f9165cd6206839fca42f30e72644a19d27f651f3ee73fb6f2b13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 36f3265ba7104be29d9bf7789235fc23
SHA1 40170cd3aa19747a12608802a9d276a63c0f2229
SHA256 6c3c6baa2b293320a1d28d930ef91b3a19ceb105fe6a02ade44f05d447e9bbae
SHA512 690011b1b026e3a646a7160a398edef62e250c33137892e654cf88cc972ff1b0f7c79ccce40dc205020a8b25afde7eddade9001564a87b6d5a68122d3a7be13e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b217822e1e724b9_0

MD5 ceb015b63c11930186e17e0b5f7ed89c
SHA1 33f708ebb9838e4c54205c4f637ed47cfd0070f6
SHA256 4df9d2a50745e5b8f78b10d76f29a6d5d01182befe524e38cf5a11fa1151b9e3
SHA512 34d9a96073309f8f3f84cdae93068912ec1e022a1faa96a0f2e63bb4c2a0937b8f78b924976960259533051fa4af09d6295807e6f15d94cf5f594dc285aff28f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d1751ed4-f995-4a11-a046-c3bb3314bb3a.tmp

MD5 8d9807cb258dd88d58e1fddd0e60a903
SHA1 e7ba397ca3fda28b88e8bc3a6ef5d9e8942269cb
SHA256 f73072f8efdaf74b50c4771a073e76a5319459a9b541a01ed6727eee247618e5
SHA512 4e1cbfafd066a650fd927726bf3968224cd80a7717b39a22299e92e8e8f71c6e38321361eaf0b15b48f480b12b6b7e0e6f9186f3ad8e7b0f80f74951e71aaf3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 681df6a490ec8a294d60e10760124e5b
SHA1 3ed0d9fbc3f0c71143cf9a3f6ff285a6aade4df8
SHA256 5300a52ac373afcc0ccb145131a1ace75858995634b3270c7f0deca99f00a16d
SHA512 cb57a33834e1775900ebabefe5839f46106c1c90373f044cd891232c214becdd5a85f5c8206f2ecd57a0d9361407bfd44119956fb977c752c71ca59912d324b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a10a720a1bb4ca6a_0

MD5 fae0dc5925e88faa20c3689c8db581e1
SHA1 5fec944647256b833f1ed517b5be717a8e3d3977
SHA256 fe631608d41bdcedab3b894ad76710b125933cfd607e1cabf94d2bbbb0fcdd0e
SHA512 a79fc2355ba5ba59a763edb353d761fb4131d39ce2b6c0ff6efc7d565b505f36be6d6351508b8167815b93493ff986f2ca52479185bfb06b3c16bd58bfadec62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 db3dfb3894f6bf6dc1bc54a377cf1fdf
SHA1 5c820104c0260fd73a7228293722f3e0ceae0cd1
SHA256 b217d08bb10ed810a9c71eaf674189ea08db8df55845670a51145ddb18935ea6
SHA512 ac02386d100674bf23c88a018f102e98f1a9a0cbfe483bdba7f2050c2c56f381aa209bc460c43c707630e4196350c14b560fbf9c50615968e70f67cb43a26e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f36646a2689d6294_0

MD5 02a08fd49c866bb13afb0f19a95f57f7
SHA1 ad6f8d87592797290e5ea613bd1d7db1ef41cc0d
SHA256 efd413d0d0d90a28253767f9f95965115c48e29d9b90d0edbd971d13eabc38d7
SHA512 f453f92747a3a904f0d0a4197b4449fa0641e7ca1f994c1e5456d6f26e86ed91ce788279383f4c36683994740212a5cf25fc09929b4550f91afb3694f32cf884

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5454766477332684_0

MD5 e9e543382d457c1609796d773351b2ac
SHA1 602f0cc5b83031be24dc653bba298a4ca3aa78a5
SHA256 9c8ee9ccb88f5abf8148c57f90eff8353021286de3688827c80effd237258d5c
SHA512 2d7b87cf71078e7e3603559e1369512dd5100e00cd4347bd964486b210721437010ac6374c0d7df472ee06972d1893c8c052bef11e7a3f2ad8d38049f5e68ea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0703586a7ac1f49_0

MD5 fb1c1fa8ba083632ffb1f6ab7cfd702b
SHA1 e20c0d8cff62d95dd5f171731cc6b114adde0674
SHA256 dcaff21f9408ffbd54b7d8fc6c0b12e85f3af5c318e6c018ccd8f60eb1a2b3eb
SHA512 103ebb9d5253ba698db2236227402012d0fa5f94b575afe081adc4aebac136c22ce87a0c8addea29976c7c2cbc8e544301a90b62a8fc6222189c5dca7e9c5f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794a28efef760392_0

MD5 1d3b9cf71b3cb11c92bb8fcf8efe4da8
SHA1 e7e702437ff677ef2fe97e5397c17958e789663f
SHA256 da6e91b592feffd191607b04ed44892e987d7c2826f3e4fdf06c306a5dfcdd14
SHA512 7f6b6d204f9dbc82dc8cc791ff2a1eebdac1951cdf2770e8a94e7cb94653666a5c3990c5658f4da3a5b2ad2df3a2c522ac155d19cd4345640e03e71b9c0de00d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 9faad3b59cdfda5a84110cd375b97bb5
SHA1 343e69ca6d945ae1ef2b7d5d7e3ebfb57bba3578
SHA256 967d3aa5799b4b47041ffbd3e22d8dfe8191dd88c8ad2b396720adc651e76f99
SHA512 c7520213df3a06ca6eefc4d5ca5e02650aeb9a3e74207cf2253daf28d1eb2fb2d5bc3d3a35da63bf172cd1aff8d972f6d2f931d3a467182af829b9e871ff52e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2bf2eaad-191e-4924-9ce6-ed3ef1e80e45.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7d9b56d1f4089f5c51c47ffaccc22
SHA1 ebd4f269e35ec329548fa76ff3efe2e9e8b10492
SHA256 a6b5e6634a0d0eedacc1e2d3a3b341a043dcb6f4718ad5991a99cf8d544a18bd
SHA512 336e16ff1472d77f05d162a29c019ee82b53956d2367a122ee038148f48d492964a16c99f29793444fa1e12c5d6b54ade5fc70918aab1ecc016087e9c9b793cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9eec18f8291c8fd25be5a16d31cbeffe
SHA1 03ff2b974a93226fee37223cffd2a135f14ce301
SHA256 fb21ef29defc12e3b3ebd80a9984cc9d03ccf4e6d160d2a8d08a1b46f38f59c9
SHA512 e0068e7729542f3a7e911e8bfc02dc23c2f14751e9d48a69f1dac924285bdfed35832a30dec95613286f7fc0c35f376f089c89cd8c80d0b36d97472e9b838331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b7fc708fce585b4277fa7e11c95acc5
SHA1 892acbac4e7226183e7c3b5645f04064d31e8b82
SHA256 771077898eebf3115c954a0d88daf869d2fbb61bf106a1ae86120de5fe3f577b
SHA512 f598e612f4cbda9afbc167dd807a899bd8a52cc5eddf704b604ff3b818c438255cfccf9303c236b4ac703a83699c4f0e76e814493fa87b7b340e08f99555b2a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a8dffb4816887af982debcd6870451f
SHA1 e98998778a9891bac7ac57de2d93ad0410b79bd1
SHA256 59dbcf195f4f22121780645c95540e1c3ea2e185f05e858a06c0bd2ccec49c20
SHA512 1c55e689b8da24bdcfd8dc8944e861faecbd49f05cf54f5fb173904c475f5c4a2c46205cfc8fe7032e48628bb8f8d1cdda7690efb2c4e51a5f9450252f29c246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 533624f4a33d00b5e1f4973b9d9c74c3
SHA1 924cf0e2c9e541710a23364249f09614890637cf
SHA256 703d3048239cfb43e209e8c8b4e579bee205d944778f3bc8c6693aee467e8e8f
SHA512 d8eec3df5e48a13045319108b74da89440b341f430b582667311f710dc457c35b1e22395cff45fe7582ba3efde80195196a4324569197d52968107d59a189a09

memory/9588-1460-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

memory/12904-1466-0x0000020A05D20000-0x0000020A05D40000-memory.dmp

memory/12904-1461-0x0000020A04D00000-0x0000020A04E00000-memory.dmp

memory/12904-1490-0x0000020A060F0000-0x0000020A06110000-memory.dmp

memory/12904-1480-0x0000020A06030000-0x0000020A06050000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a37a9096-0ca4-492e-a412-07a969eeccc4.tmp

MD5 0730bbf77b7ba366e4028150569e9739
SHA1 a5e833c2f5ce27f4b6790f63eba050069c0a3d66
SHA256 33ebdf649810cf163fbba03832713c4508cfec688558ba64480ce1cf2d12b38f
SHA512 7b001568330b7782b7cb8b8f2b7b598a321b9009c8840984a253937a7b8bd61a484ba3b8515a4a9f715eb0b2407e8b2a072fe77569a5543e3e8027775b8cf2e7

memory/12904-1589-0x0000020A167E0000-0x0000020A16800000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 059311cc9ff2fdf0951a6c93a4bca76f
SHA1 9276701483966063a8712ef2d43264ca1121897b
SHA256 d35a86b6b3d98f8d57b16615cab0c5f805411d5885f18931e0763ce11eb03000
SHA512 ca80745bfa42a95e11420126dec8238a21ab34974bb9e2b0bde96da3df6da86cbcf0b4955c820ad0abb348fbdb67ce59b11d8c232368c41cc16a7e6e2d9e2caf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9843211dc0adf611_0

MD5 f850f456b0cb2c50f19754491fb0033a
SHA1 380a0b4a56fb088c4b245d9f707c60a51b65f17b
SHA256 896a2b6353cf76d1b2e5bca9b5e51dececac0e3992e83ff8cf9d2ea735a50660
SHA512 c5839202ffa7f65fa432ce38ae9273c8c4495a1fd0b1760efa079144321de0692f249a26c0a87e97fb635da588b33fa12835b61b21f3f89e24a327370f9b5dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fcd9cba22f410513ff8f16b29f315c44
SHA1 8a7a79e89b2f91d05345db42af683b5d4fb62b4a
SHA256 04a59b8ca67b1434046af70e29cf5e5f9067ce18bf592f768173d384e6094307
SHA512 6c46567bf61933517942105af5b6fc005c22f0cf355340f8001f740a115c0dd35713d47cf31e4fa38295ed7a3d503821fcb23813376923a8d4bf37efd5ce9d7d

memory/5832-1722-0x00007FFCF50B0000-0x00007FFCF514E000-memory.dmp

memory/2552-1725-0x00007FFCE7290000-0x00007FFCE767C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55b4a4b28a5b6254c704a904bc535095
SHA1 59815c1ec165473513f9f332a49df6e5b58e2bf6
SHA256 a67d0efb9e3842f06c5acf23b976dddbe170f923552d22e64ea12a625c27842a
SHA512 3a0fc0d546261063fe4e6b6ac8721f23f960a7b9fb098646f203390a2c734c773732a08efa684102d379e4ab63e3c28913388a86c34199c2d04282ffc7d48a1e

memory/13476-1760-0x00000000032E0000-0x00000000032E1000-memory.dmp

memory/5680-1773-0x000000001CEF0000-0x000000001CF00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a33aad2a1710d4f7a7dd18266c51ca14
SHA1 7994c33a01cbbe38bec71127fc9fd8d0242685d1
SHA256 3dce4f06b9f0bad04fc99fcb6a4ceddf75ac1cb4cc41d4e42fac759284e390e5
SHA512 9002658f9776df4b5361496e558f549e306813ba4c6a2d374cf221b40e12f7e365dba8b73f5872f6d4231dbb50a1c88aa0e30675d0be2cd62451e8485cdde5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 be8617a4038807331e451da3032c44ad
SHA1 01477357b7edc70b8d6e6b21167f45044c56606a
SHA256 4c19042b02a5fc82d231a97430b6bc78fed70d8fa21e7058cefb6c45b691d0c7
SHA512 b5dd5a28e1498d7891727334a8954cab6d78dbdea379c695d9f396d637ea4fb3dae18a85c0963bbdfb4503405d3358e7ebc5100ea9eef26b343a667c0cb9277b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c3894ed261776070783baf99a7fbad1
SHA1 204628774e2d4bf7cc07b773c34c19b3d20d86de
SHA256 b2e6b504c24ec24510dcb9a570a6b5bb8c6cc969f1d74f7d30ab7abf0b80fb70
SHA512 e42614983590604d820f4892e16a3b7958e3d3d8ff7d0f63f9f107e61fed41c63ba76004dcc78ca63f9db49ff6f07a166580e260aecf0ea1a1218107652b28d7

memory/9500-1819-0x000000001C3D0000-0x000000001C3E2000-memory.dmp

memory/9500-1821-0x000000001BC70000-0x000000001BC84000-memory.dmp

memory/9500-1820-0x000000001CAF0000-0x000000001CB04000-memory.dmp

memory/9500-1824-0x000000001AE60000-0x000000001AE72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0735c922b5b55a0428b16e3d3bbbc08c
SHA1 55c8d7065bd35ef33461ee52673e2581b9293c0b
SHA256 bdb23ae7c8ab3c4aed2e2b424d51d4c74439b146171b27328355deb93b3078dd
SHA512 16c76f91be0919ba1d79e77c16b6214c0f853162caa12a17069157f69e43971a69b0d8e3e9c09b2f830fda8697c25545e062f3ed97a3c711bdbc4445286afa92

memory/18136-1911-0x000000001C580000-0x000000001C594000-memory.dmp

memory/18136-1913-0x000000001D110000-0x000000001D124000-memory.dmp

memory/18136-1912-0x0000000000FF0000-0x0000000001004000-memory.dmp

memory/11436-1916-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

memory/18136-1919-0x000000001B680000-0x000000001B692000-memory.dmp

memory/2768-1925-0x00000204165E0000-0x0000020416600000-memory.dmp

memory/2768-1921-0x0000020415640000-0x0000020415740000-memory.dmp

memory/2768-1927-0x0000020416BB0000-0x0000020416BD0000-memory.dmp

memory/2768-1956-0x00000204165A0000-0x00000204165C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\N2176ZEZ\microsoft.windows[1].xml

MD5 bdd90a1d11585d1f2b7720be412bc048
SHA1 b6245dfce68b60c708dd7ecabaebeabcbb53920f
SHA256 ddf2d606339b78bea2b3d3e823f4074cc7a4c8281242a81cc0c2c0332b08330e
SHA512 e62ea18449d0d36f50bcb3590a2c60397a8dbb7654b375facab3ee3ef6d0efb9a1cd67ba8e4af23ac1b3ca5955a9125c7b8fa2fa6781ad214f37d0ed3ef8c950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e5b78d30239b8aad0d10cf91c7de801
SHA1 9a8bc2ef5795444db590d90bdb3928bb110fc612
SHA256 6edfc204c9e27bc3b879358369be0cb43a7e4e9101f9757047b238af418c2db8
SHA512 19154c6e62a0ae4aeca9c524b309fe50b703d03cb66cb149ffdd372e51f65e34b95067fa2e7220358863295b00feac163dc41e4d61f3f78757f056ceb2c51923

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133593708664047825.txt

MD5 8cdd0e31fdc880d03dd47abc4b0efbf9
SHA1 37648604549b090bc8683dffda89fe8338b18d9c
SHA256 edf5f36d377aa149ebfbf55c896fe8716ea11f49a9ec61df2d327bc43c835bab
SHA512 b7cb49eb50e7b5e0d36c7e971b39bde726d36383f5723ad5bb082c266435550030d5a8b53eda5c2ddfc720d73007aba4ffd36b32949161876104328d98a9a511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b605890cf91f8b0aebda428105b5078a
SHA1 a62429fe17eff9ab86529ea3114ed7ea851d9e6e
SHA256 a3e3222f71116abf1c5ac9b4a5ba578e6b6e4277eff66c76421dfb1473402dba
SHA512 5e759e8327dc418c35ab5894e1fa122d57ad977370a03bc2a2427565d5f8bca28c95932be0c54c5a7a427e7538efe0d7b007d799f818077ec70d64cbc926b9bb

memory/11460-2103-0x00000000042C0000-0x00000000042C1000-memory.dmp

memory/9140-2106-0x000001D47EB60000-0x000001D47EC60000-memory.dmp

memory/9140-2105-0x000001D47EB60000-0x000001D47EC60000-memory.dmp

memory/9140-2110-0x000001D47FAD0000-0x000001D47FAF0000-memory.dmp

memory/9140-2129-0x000001CC000A0000-0x000001CC000C0000-memory.dmp

memory/9140-2121-0x000001D47FA90000-0x000001D47FAB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 78ce69b7490c95de59354fd1ff3991c5
SHA1 0e0226f95a26455970d7cef2676ece754c2f1451
SHA256 6876ace86a94c10461dc109b1d20795f2b9c0346b79abb8aba283a6951b05b09
SHA512 d86f925506741a5fcee894eb0f73c149311eee7754a37bcc61f00bd4b1404a8aa2028b156ebfb55032fc3ffc3a224e431cb1c6a7ce40210412c0fe21a1180b1e

memory/6208-2251-0x00000000049F0000-0x00000000049F1000-memory.dmp

memory/11396-2257-0x00000220DED60000-0x00000220DED80000-memory.dmp

memory/11396-2252-0x00000220DDC00000-0x00000220DDD00000-memory.dmp

memory/11396-2260-0x00000220DED20000-0x00000220DED40000-memory.dmp

memory/11396-2288-0x00000220DF150000-0x00000220DF170000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa9b8c1ee469fe472ee9dc41c7956a5e
SHA1 c791bf9888c024663fa2dddab3e2a5b83989a3ed
SHA256 c1fd208247913792eb936d31b5c91cdf42ed12bec262ec3c6c7400df1402acb4
SHA512 b67ac73d20bcae6ad56533e01592fba3057fda5782dd341b533b0c7950e6eeb45524cf86219ce5a3926726c6bd289dc37e1a14cb9a780e102dcf2e2fe111c62d

memory/4128-2449-0x0000000004300000-0x0000000004301000-memory.dmp

memory/16128-2450-0x0000025C76500000-0x0000025C76600000-memory.dmp

memory/16128-2472-0x0000025C779F0000-0x0000025C77A10000-memory.dmp

memory/16128-2462-0x0000025C773E0000-0x0000025C77400000-memory.dmp

memory/16128-2455-0x0000025C77620000-0x0000025C77640000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 68a3e3e5bd7e928d12246a736823ca97
SHA1 b575cfb1d0e428263c047faa7d04f45ee2e44a0b
SHA256 7edc57aafa07a44f25d53328244d01f05bbc1f274fc697f674047e668352bf4b
SHA512 13ae3719711dd7bd26fa7c93dd0e4e2313651408bf455cab2c2a1b24146ff3a35c1bf2b742aa135e89f48106d182284da3236b03098d044ac88b8f73f68874d8