Malware Analysis Report

2024-09-11 05:02

Sample ID 240624-p5775awgrp
Target http://virustotal.com
Tags
discovery exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://virustotal.com was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit persistence privilege_escalation

Sets service image path in registry

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: AppInit DLLs

Drops file in Drivers directory

Downloads MZ/PE file

Possible privilege escalation attempt

Executes dropped EXE

Modifies file permissions

Unexpected DNS network traffic destination

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious behavior: LoadsDriver

NTFS ADS

Kills process with taskkill

Checks processor information in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Active Setup
T1547.014
Event Triggered Execution
T1546
AppInit DLLs
T1546.010
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Active Setup
T1547.014
Event Triggered Execution
T1546
AppInit DLLs
T1546.010
Defense Evasion
TA0005
Modify Registry
T1112
File and Directory Permissions Modification
T1222
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-24 12:55

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 12:55

Reported

2024-06-24 12:58

Platform

win11-20240508-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://virustotal.com

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1780 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://virustotal.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa9083cb8,0x7fffa9083cc8,0x7fffa9083cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,2116456385730484165,15208223407926123555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 virustotal.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8294f1821fd3419c0a42b389d19ecfc6
SHA1 cd4982751377c2904a1d3c58e801fa013ea27533
SHA256 92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512 372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

\??\pipe\LOCAL\crashpad_1780_BWRMRHFTXSXUQLZC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 390187670cb1e0eb022f4f7735263e82
SHA1 ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA256 3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512 602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2f687f1287e04f45486c45a46a2aa16
SHA1 000ae7135a43425c17c1a1f4850ab4ec556141c6
SHA256 73d6ec99ee9a6da42f83e4d92f2a4886895fd3d6c9aaff4aff29bc125c39e6f1
SHA512 e174a40e4d329250e30575b71a170f17bf90f5efeede120316c59fbe95e4725f0ba2b878b5a1e7a380fb3bd9862b4be3a9ed2680d4ae8924ae8523d80fca362f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47edb3e25cc4fef65cf03c6ad6f65ab9
SHA1 aa12064a1cb1d1eb8e32e50b567bc23fba075a7b
SHA256 266c26accc51fc4ac943ecd16096ba9cbdde053b18cc7d67a7cd87bfcdde73a8
SHA512 f5e506b9398a898ad0a751cd0ec0ee88a4a0364b2691d95d8d16179b488b1ad6093e4c53e3de58b28c29447c7de0d79ad2af361fdc100f715683d5015600d575

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 12:55

Reported

2024-06-24 13:03

Platform

win10v2004-20240611-en

Max time kernel

353s

Max time network

461s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://virustotal.com

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\Drivers\PROCEXP152.SYS C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCEXP152\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 185.228.168.9 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET9C41.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\SysWOW64\SET9C41.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\SET972E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET9760.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET97A5.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\SET9C3E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET972D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET9792.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET9C40.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\Bonzify.exe N/A
File opened for modification C:\Windows\msagent\SET9760.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET9C3C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET9782.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET9C3D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\SET97A4.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET9C3D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET9781.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET9C3C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SET9C3F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET9792.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\help\SET9C3E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET975F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\help\SET9793.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\fonts\SET9C3F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET9C40.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET975E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SET9793.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET971C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET975F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET9781.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\executables.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File created C:\Windows\msagent\SET972F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET971C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET972D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET9782.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SET97A4.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET97A5.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET972E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET972F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET975E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\TreatAs C:\Windows\msagent\AgentSvr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31E-5C6E-11D1-9EC1-00C04FD7081F}\ = "AgentCharacter Custom Proxy Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}\ = "AgentNotifySink Custom Proxy Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 1.5" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\DefaultIcon\ = "C:\\Windows\\msagent\\AgentDP2.dll,-201" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0FA9F4D5-A173-11D1-AA62-00C04FA34D72}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ = "IAgentCtlRequest" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.aca C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\FLAGS\ = "0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0\win32\ = "C:\\Windows\\msagent\\AgtCtl15.tlb" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\HELPDIR\ = "C:\\Windows\\msagent\\" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCtlCommandsWindow" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputProperties" C:\Windows\msagent\AgentSvr.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 436107.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 681153.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NPE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NPE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NPE.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\procexp64.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3888 wrote to memory of 520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://virustotal.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c7e46f8,0x7ffd9c7e4708,0x7ffd9c7e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x47c 0x2d4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9720 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ProcessExplorer\procexp.exe

"C:\Users\Admin\Downloads\ProcessExplorer\procexp.exe"

C:\Users\Admin\AppData\Local\Temp\procexp64.exe

"C:\Users\Admin\Downloads\ProcessExplorer\procexp.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/about/terms-of-service

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd9c7e46f8,0x7ffd9c7e4708,0x7ffd9c7e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1372 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8

C:\Users\Admin\Downloads\NPE.exe

"C:\Users\Admin\Downloads\NPE.exe"

C:\Users\Admin\Downloads\NPE.exe

"C:\Users\Admin\Downloads\NPE.exe"

C:\Users\Admin\Downloads\NPE.exe

"C:\Users\Admin\Downloads\NPE.exe"

C:\Users\Admin\Downloads\Bonzify.exe

"C:\Users\Admin\Downloads\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Windows\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10180 /prefetch:8

C:\Windows\System32\mobsync.exe

C:\Windows\System32\mobsync.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,5998348961463314418,11152664155327439510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10144 /prefetch:8

C:\Users\Admin\Downloads\SophosScanAndClean_x64.exe

"C:\Users\Admin\Downloads\SophosScanAndClean_x64.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.36.21:80 virustotal.com tcp
US 216.239.36.21:80 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 82.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.187.227:443 recaptcha.net udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.134:443 aefd.nelreports.net tcp
US 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 process-explorer.en.softonic.com udp
US 151.101.193.91:443 process-explorer.en.softonic.com tcp
US 151.101.193.91:443 process-explorer.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 3.161.82.55:443 sdk.privacy-center.org tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 151.101.129.91:443 sc.sftcdn.net udp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 151.101.129.91:443 sc.sftcdn.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 135.230.219.23.in-addr.arpa udp
US 8.8.8.8:53 55.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 120.186.224.13.in-addr.arpa udp
US 8.8.8.8:53 85.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 13.33.218.24:443 www.datadoghq-browser-agent.com tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
DE 99.86.4.39:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 24.218.33.13.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 39.4.86.99.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
NL 23.62.61.72:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
IE 34.247.240.165:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 165.240.247.34.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ad.360yield-basic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
DE 18.245.86.37:443 api.privacy-center.org tcp
IE 63.33.125.116:443 ap.lijit.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.82:443 ib.adnxs-simple.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 54.154.21.218:443 ad.360yield-basic.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
DE 65.9.66.97:443 tags.crwdcntrl.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 108.138.8.164:443 aax.amazon-adsystem.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 216.58.212.206:443 ampcid.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 gum.criteo.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
NL 178.250.1.11:443 gum.criteo.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 37.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 116.125.33.63.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 218.21.154.54.in-addr.arpa udp
US 8.8.8.8:53 97.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 164.8.138.108.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.45:443 ag.gbc.criteo.com tcp
NL 185.235.87.98:443 gem.gbc.criteo.com tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 bdd8765c3b5eb78d0507a118e6daf417.safeframe.googlesyndication.com udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
GB 172.217.169.65:443 bdd8765c3b5eb78d0507a118e6daf417.safeframe.googlesyndication.com tcp
BE 2.17.107.83:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 45.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 98.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 147.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ad.360yield.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
IE 52.50.190.34:443 ad.360yield.com tcp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 34.190.50.52.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 warp.media.net udp
GB 2.21.188.27:443 warp.media.net tcp
GB 2.21.188.27:443 warp.media.net tcp
US 8.8.8.8:53 hblg.media.net udp
US 8.8.8.8:53 mnadshield-a.akamaihd.net udp
US 2.20.12.78:443 mnadshield-a.akamaihd.net tcp
US 8.8.8.8:53 27.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 c.pm-serv.co udp
SE 92.123.135.91:443 c.pm-serv.co tcp
US 199.232.209.91:443 softonic.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 l.pm-serv.co udp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 78.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 91.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 13.107.21.237:443 bat.bing.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 11cc4a38678bf43243a342281d5f2fcd.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 storage.googleapis.com udp
US 34.120.63.153:443 prebid.media.net udp
GB 172.217.169.59:443 storage.googleapis.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 59.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 x.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 2.20.12.70:443 player.aniview.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
NL 185.89.211.84:443 secure.adnxs.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
NL 185.89.211.84:443 secure.adnxs.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
FR 178.250.7.11:443 dis.criteo.com tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
DE 18.245.31.19:443 api-2-0.spot.im tcp
IE 52.17.120.207:443 match.prod.bidr.io tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 cdn.indexww.com udp
IE 54.72.66.109:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 3.232.87.104:443 cs-server-s2s.yellowblue.io tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 76.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 207.120.17.52.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 19.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 48.178.144.54.in-addr.arpa udp
US 8.8.8.8:53 109.66.72.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 104.87.232.3.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 18.159.181.185:443 match.sharethrough.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 2.21.189.68:443 eus.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 121.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 229.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 190.223.60.23.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 185.181.159.18.in-addr.arpa udp
US 8.8.8.8:53 68.189.21.2.in-addr.arpa udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 f7b508b5c812d892c3d723ff8da4d273.safeframe.googlesyndication.com udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 js.adscale.de udp
US 18.173.205.123:443 js.adscale.de tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 123.205.173.18.in-addr.arpa udp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.45:443 ag.gbc.criteo.com tcp
NL 185.235.87.98:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 ih.adscale.de udp
DE 18.198.21.213:443 ih.adscale.de tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.121:443 push-sdk.com tcp
DE 157.90.33.121:443 push-sdk.com tcp
NL 139.45.197.227:443 notix.io tcp
DE 157.90.33.121:443 push-sdk.com tcp
US 8.8.8.8:53 213.21.198.18.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 cd.connatix.com udp
US 104.18.41.104:443 cd.connatix.com tcp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 104.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 gsf-fl.softonic.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 199.232.194.133:443 gsf-fl.softonic.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.194.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
NL 185.89.211.84:443 secure.adnxs.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
FR 178.250.7.11:443 dis.criteo.com tcp
IE 52.17.120.207:443 match.prod.bidr.io tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
NL 63.215.202.140:443 equativ-match.dotomi.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 29.233.55.162.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 2.19.252.134:443 aefd.nelreports.net udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.18.38.233:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 104.18.38.233:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
ES 23.60.219.84:80 www.intel.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 certificates.intel.com udp
US 2.20.12.71:80 certificates.intel.com tcp
US 8.8.8.8:53 84.219.60.23.in-addr.arpa udp
US 8.8.8.8:53 71.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 docs.virustotal.com udp
US 34.117.229.111:443 docs.virustotal.com tcp
US 8.8.8.8:53 cdn.readme.io udp
US 8.8.8.8:53 111.229.117.34.in-addr.arpa udp
US 104.16.241.118:443 cdn.readme.io tcp
US 104.16.241.118:443 cdn.readme.io tcp
US 104.16.241.118:443 cdn.readme.io tcp
US 104.16.241.118:443 cdn.readme.io tcp
US 104.16.241.118:443 cdn.readme.io tcp
US 104.16.241.118:443 cdn.readme.io tcp
US 8.8.8.8:53 118.241.16.104.in-addr.arpa udp
US 34.117.229.111:443 docs.virustotal.com udp
US 104.16.241.118:443 cdn.readme.io tcp
US 8.8.8.8:53 files.readme.io udp
US 104.18.167.110:443 files.readme.io tcp
US 8.8.8.8:53 assets.zendesk.com udp
US 104.18.72.113:443 assets.zendesk.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 110.167.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.72.18.104.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 prebid.media.net udp
IE 34.253.46.26:443 ad.360yield.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 26.46.253.34.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 20.114.190.119:443 x.clarity.ms tcp
DE 157.90.0.38:443 s.richaudience.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 support.norton.com udp
GB 2.21.188.35:443 support.norton.com tcp
GB 2.21.188.35:443 support.norton.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 35.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 2.21.189.25:443 assets.adobedtm.com tcp
US 8.8.8.8:53 websdk.ujet.co udp
DE 18.66.102.126:443 websdk.ujet.co tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 25.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 126.102.66.18.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.243.72.129:443 dpm.demdex.net tcp
US 8.8.8.8:53 nexus.ensighten.com udp
DE 65.9.66.103:443 nexus.ensighten.com tcp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 symantec.tt.omtrdc.net udp
BR 54.94.200.16:443 symantec.demdex.net tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
IE 66.235.152.156:443 symantec.tt.omtrdc.net tcp
US 151.101.193.91:443 en.softonic.com udp
US 8.8.8.8:53 sc.sftcdn.net udp
ES 18.154.23.235:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
BR 54.94.200.16:443 symantec.demdex.net tcp
GB 2.21.188.35:443 support.norton.com tcp
GB 2.21.188.35:443 support.norton.com tcp
US 8.8.8.8:53 129.72.243.34.in-addr.arpa udp
US 8.8.8.8:53 103.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 235.23.154.18.in-addr.arpa udp
US 8.8.8.8:53 16.200.94.54.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.clarity.ms udp
GB 163.70.147.35:443 www.facebook.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 24586c831fdd3b99b64ae9103d2c0833.safeframe.googlesyndication.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 3.217.89.82:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 ih.adscale.de udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
DE 18.196.242.157:443 ih.adscale.de tcp
US 8.8.8.8:53 login.norton.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 13.107.246.64:443 login.norton.com tcp
US 8.8.8.8:53 82.89.217.3.in-addr.arpa udp
US 8.8.8.8:53 157.242.196.18.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 uidsync.net udp
DE 23.88.8.123:443 uidsync.net tcp
DE 23.88.8.123:443 uidsync.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
DE 23.88.8.123:443 uidsync.net tcp
US 151.101.193.91:443 sc.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 108.138.8.164:443 aax.amazon-adsystem.com tcp
US 199.232.209.91:443 softonic.com udp
US 8.8.8.8:53 process-explorer.en.softonic.com udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 www.nortonlifelock.com udp
US 8.8.8.8:53 cm.everesttech.net udp
BE 23.55.96.68:443 www.nortonlifelock.com tcp
IE 52.211.131.117:443 cm.everesttech.net tcp
US 8.8.8.8:53 68.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 117.131.211.52.in-addr.arpa udp
US 8.8.8.8:53 8bfef6d3e9d562f3d7a2739366c1d129.safeframe.googlesyndication.com udp
US 8.8.8.8:53 oms.norton.com udp
IE 66.235.152.225:443 oms.norton.com tcp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 zn7ngvh48sidro926-gendigital.siteintercept.qualtrics.com udp
GB 2.21.188.35:443 support.norton.com tcp
US 104.17.209.240:443 zn7ngvh48sidro926-gendigital.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.209.17.104.in-addr.arpa udp
US 104.17.208.240:443 siteintercept.qualtrics.com tcp
US 104.17.208.240:443 siteintercept.qualtrics.com tcp
US 8.8.8.8:53 240.208.17.104.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.norton.com udp
GB 2.21.188.35:443 www.norton.com tcp
GB 2.21.188.35:443 www.norton.com tcp
US 8.8.8.8:53 buy-download.norton.com udp
GB 2.21.188.35:443 buy-download.norton.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 www.sophos.com udp
NL 23.62.61.56:443 www.sophos.com tcp
NL 23.62.61.56:443 www.sophos.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 scripts.demandbase.com udp
DE 18.245.46.89:443 scripts.demandbase.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 89.46.245.18.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 img03.en25.com udp
ES 23.60.211.52:443 img03.en25.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 api.company-target.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.71.22:443 s.company-target.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
DE 18.66.102.127:443 api.company-target.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 partners.tremorhub.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 35.169.21.146:443 partners.tremorhub.com tcp
US 8.8.8.8:53 js.driftt.com udp
US 8.8.8.8:53 tag-logger.demandbase.com udp
DE 18.245.86.87:443 js.driftt.com tcp
US 8.8.8.8:53 s1777052651.t.eloqua.com udp
US 18.173.205.127:443 tag-logger.demandbase.com tcp
NL 192.29.202.14:443 s1777052651.t.eloqua.com tcp
NL 192.29.202.14:443 s1777052651.t.eloqua.com tcp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 52.211.60.23.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 127.102.66.18.in-addr.arpa udp
US 8.8.8.8:53 146.21.169.35.in-addr.arpa udp
US 8.8.8.8:53 87.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 127.205.173.18.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 conversation.api.drift.com udp
US 8.8.8.8:53 customer.api.drift.com udp
US 8.8.8.8:53 metrics.api.drift.com udp
US 8.8.8.8:53 targeting.api.drift.com udp
US 8.8.8.8:53 14.202.29.192.in-addr.arpa udp
US 8.8.8.8:53 bootstrap.driftapi.com udp
NL 23.62.61.56:443 www.sophos.com tcp
US 18.172.112.40:443 bootstrap.driftapi.com tcp
DE 18.66.102.127:443 api.company-target.com tcp
US 3.94.218.138:443 targeting.api.drift.com tcp
US 44.218.6.28:443 1037686-36.chat.api.drift.com tcp
US 8.8.8.8:53 40.112.172.18.in-addr.arpa udp
US 8.8.8.8:53 138.218.94.3.in-addr.arpa udp
US 8.8.8.8:53 presence.api.drift.com udp
US 8.8.8.8:53 event.api.drift.com udp
US 35.174.210.7:443 presence.api.drift.com tcp
US 8.8.8.8:53 driftt.imgix.net udp
US 151.101.66.208:443 driftt.imgix.net tcp
US 8.8.8.8:53 28.6.218.44.in-addr.arpa udp
US 8.8.8.8:53 7.210.174.35.in-addr.arpa udp
US 8.8.8.8:53 208.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 8.8.8.8:53 download.sophos.com udp
GB 2.21.189.234:443 download.sophos.com tcp
GB 2.21.189.234:443 download.sophos.com tcp
US 8.8.8.8:53 234.189.21.2.in-addr.arpa udp
GB 2.21.189.234:443 download.sophos.com tcp
GB 2.21.189.234:443 download.sophos.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.sophos.com udp
US 8.8.8.8:53 download.sophos.com udp
US 8.8.8.8:53 scan.hitmanpro.com udp
US 8.8.8.8:53 files.surfright.nl udp
NL 52.174.35.5:80 scan.hitmanpro.com tcp
NL 185.105.204.28:443 files.surfright.nl tcp
US 8.8.8.8:53 5.35.174.52.in-addr.arpa udp
US 8.8.8.8:53 28.204.105.185.in-addr.arpa udp
US 8.8.8.8:53 remnants.hitmanpro.com udp
NL 23.97.160.56:443 remnants.hitmanpro.com tcp
US 185.228.168.9:53 8.8.8.8.zen.spamhaus.org udp
US 8.8.8.8:53 56.160.97.23.in-addr.arpa udp
US 8.8.8.8:53 9.168.228.185.in-addr.arpa udp
US 8.8.8.8:53 hash.hitmanpro.com udp
NL 23.97.160.56:443 hash.hitmanpro.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 scan.hitmanpro.com udp
NL 52.174.35.5:443 scan.hitmanpro.com tcp
US 74.125.34.46:443 www.virustotal.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_3888_UKUBGAACBZCLVXDV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 76b7c7ede8dfe29fa0da08cb991af975
SHA1 4b1028bd426f75af284e3eeb3de234ae5f0e9dad
SHA256 239156b9f93f7fd1fd5042c5e4ad30bac06cf0294a50756e09a0bd9d8d9f4465
SHA512 e1ff28108fec9a53e343d06c90a9ea8964c1d8a5b415b1863703098d89fe7d5e1da906b2059f98fa8a546d33944bd89ad2b520ed550d49923d48af3403d54263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 081c4aa5292d279891a28a6520fdc047
SHA1 c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA256 12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA512 9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c06ea4e3923117ac11e90902bb767d3
SHA1 aff82c543edd7e206939e58359ea9903dded99a5
SHA256 f6868475115f281aec3196d11e562d5c6517cae28e37bc14991be25e4a783c45
SHA512 8cb206d87cca4fcd3939e100b4d002c79dfad29745c42ff81902cad01dcd10cf6af24965fb1d40fe0d87b5fddec98ac044a58681a14d0fa07c9694b64b9ed32b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cdb0d6b8c313f79580263cc9ff39ab57
SHA1 d991d7df6ea0c97a676b6949c48d4b3e5f5c1876
SHA256 df3b791303747a070c352c7cf38eb34084d1ea94974be1f4f376b2759579cd8a
SHA512 d231270eb87b3fc36ae5e105b8ef3bf9a116d68e12e34d1a5305fef78168f7e363982a4807fd3670b0fefa607f8d41fafe395706aa4fda22d7f2505f6ae90ecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 969f80e7a175cc3645758919c14a68a7
SHA1 03f2c79839c09a436da2b080a2cfb34fe359ddf4
SHA256 da6151f7c0fca510e0975bad2813d6a2c3792efa4fdbdca7f0b8609756317fec
SHA512 36f25271ac8d6de794439feebb53f30ac932b665404fb19748f2bbe96a1cfde21e027b7bfd5fbcc201b60ab9cb623a044e0f523fde5dae5273af9491f90a2524

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 77062c4b761fb53856ec13f6d7a92a10
SHA1 7c2e86e1fccd4117338ef7b11571c60d6023b031
SHA256 916136d8af7ecbef4aa2a5cf5485688f2c3ac87daacea6556f0d58eca5acd75a
SHA512 6868d96164817f607aaf4ed8b4ffa006cfd035e5b8aef786e06c1104a108aace30d0c4cd126b988d5cea3549b613a21dd9f7ef449bbbaca655534791b17516f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a71d.TMP

MD5 d23b9fe919622117a5661ef49e521e74
SHA1 82117e6d5c6c1397e301e3127386c54317a68d8e
SHA256 78d3d6b264cc5bc88e073aa71bb5d851fb5deca3519ae6192f02c0b36a717404
SHA512 6dcdda67b5ac72a33ffeba8669d837e6b2e515ba2d020c35deec8e4b36693b0206aadd0673e7ad3efc3bfaca57bf4975db9ce012b4b2903bad84f8287b17adc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2242ec764f364d394cda2349be354052
SHA1 f28f00a99de5165f18635bbbceefd87871947ccf
SHA256 1944316c6e7ec626db08fd78b772b856dd9b35dd409d17a093dc4febaf012844
SHA512 a2d3635b5b5dd2ff07492b375145c419a2afec55e45e331795dba3066149772dc58725253fa9f2d4432650ecf88ecfc4453586d7224eb977c8012304c4646702

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 59e89cfa71ea71dd68ba77139687871f
SHA1 e4e29922c94ad478c0bea45ecaaa2072b5e20253
SHA256 e7001f5614f56039d4b9a4671768fe9a6bbf7ca89d4c37a33293923fbb6f3242
SHA512 658c926057a53f1f3198031534533dd78c96115d0239c08de7be160f9a5fa83a33265b96c49c8e6975c9ed660c3692ce60aaecb6e8afaca25b0caf4b231968fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 3d987b84d52187cb131f644abb746f47
SHA1 0030db7851ed284e99745a7acd501e221784115c
SHA256 80df740334a5705117953c25c58523282d78c6d06eb3da3e0fba7820fbc5a1f8
SHA512 139a698ab427e75a9cf123df1d4eb3a8287ae9f15a6430e5758c49a18d022533752721e5349f2543e3ed0b641fab1bdb46b1836179537b4e6fd091ebbb2c7605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f739f2c95276c558b161dd216dbd8b3
SHA1 6fc3c787d698e31d04eba3bd214926fd81338ba6
SHA256 6fe29be69ed2560475846b10b3fb993e7c51cfb777f26d4d298ee285df722f6f
SHA512 237bf1883cd4fde17d71cc5d8b68291ea4697eee0eca0014002f1b47d4f65ff30f9b54ed5e4fbdb1f1011a106cde18e6a7a9eb7f645b68e251b343f784bf1126

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c95b.TMP

MD5 da58a6790add70a875a6f40b1b0d00a0
SHA1 919a631d29f85b9e31c62f88548ab91ba6840981
SHA256 c2669a6b8c8198c53e2468d38d3a99bfb4f35c41a40d886045a0fbeaa1c25029
SHA512 6385b0c6c975abe374fd5be82784212df4802eb644291891dc8a62674dde547b0107e756f01c85de206bcea681c4b6a7bb1cbbfeae75129d422ae475d391214c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ddb16b4616df4cbdbf307e14a7058c5
SHA1 f90e1229833e56aecd0cdf89095f03eb5b8d860a
SHA256 81beb103d8df992c940ca633fbfa5388bfd3501e8e5152ebdfc0d915ce7a2f87
SHA512 ab7044be3992c1c2362c6d3fd56ecea253107b588820d1cf88df53ae085cdca96ae98fe40df7ee6d87b63e46dd02565dc47b6eeee60b6015a2ca9e44f23eaa60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 953f20a46fe8cbbb391474efde51bcd0
SHA1 dc8eb019cb30d6ff8327c3f96d543e561144ec06
SHA256 59a77b9f2e038d78775f65acbd7c179e707e56766f2b2e0bed935d8a4a451bef
SHA512 37353c9de717da6f299f9c4e6b086cf8d9471e2545a41635702cf3daea72f59608e941d8ce8487ee158ebf2435640e1cc718f75625680e4b49dbd01989b11125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b588084b-cb95-4b17-8d12-e45bd7f41ea9.tmp

MD5 ce4e91592df57dab0304f6bbc0b2262a
SHA1 70b28c1e687528bb910b44080295b0cc2122c28a
SHA256 4291e83e58f68a0aa547585352b143ebcf785252086790bbc875f9a69fb5a5b0
SHA512 6b119be5d4bc4920eccb400f2a1365ece10a42676d22a8bd6da6a327886371c4abf5d3c7e9bf7205fa755255082615b0a9e4298a3caac0e01c13d3a7ebe9afaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 bb30ea3b46964f49ba85f475efd1fb6f
SHA1 1bb4aae7781af8b933e1dd4dee56879a3ef92d38
SHA256 7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6
SHA512 bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 34d417511bcc66045487a4307a08579d
SHA1 e2161accac890a2632bd6eaa7faaefc204cff6a1
SHA256 fcf96f427eebab9ffb97cf4ece8a7f3b37f9756d211164112371ce5950b58e4a
SHA512 a626a957f521fe0cccaa14ff22f08a26a968a6dc6633f5020fc668d0807ea98bba450fe76d9dd867ddff207b324ea68e0fe4b0dd7c85e2dcf39cf307a86e18c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1669240a2d0f4e905e5954e56d4286b6
SHA1 9b91c95430f4a5da249a3a33cdb4258a9b6462c0
SHA256 f23d1253c1d5f66e9e69f835cd6fb06b8e940bb65cb2de5a2d7cb4b4b1c5f3ef
SHA512 46cacd7921bfa037c4a17c36657109985e933df2b29518e6a7a61bfe616e59eb59546c11d0a265b191d2dea27101741e34f05d50049ef4f5764be872cd23f260

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de6238da320cec7c6b0db06856e442f5
SHA1 95fa395b3bb8eb3332da361cdbd337d1e32d2f04
SHA256 50567ecc7f0b307f512a2d3a81af70fe429cf73e28b0bdd18dbf72fe6fc0253e
SHA512 03f7f7d471e281bbf11a7a14036fe6a1d097fb7281631ac16f77e068fb871d668d7e950bb15bdea1306c9a534d0e0e845494aee5080aac3df59d82b8787b99f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2316d0c8cfcd1cc98e9fa467b5cd0576
SHA1 60b05ff9c19a13d7512aa2aa4ebc04e3f3730aa0
SHA256 72f8c40442fddd8c8c4a5b5c451cde8dbd9b2c7677effa7e96f02994b9a79ef2
SHA512 781f94bd5e014199e3b714f8bc0c8f0d9050068d3c6f0313bda5d884b4106cb7fb37415c77209ab3f1464eacfbce1ee1bc77de4782135b46bea9b37f7ece06bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 e93a392db46489dda50504bb3fe51742
SHA1 3fb72310fc23fe1c51c4a61d82961c0c59806693
SHA256 6d1a761f3a733dd4f17278c0c454ab8d64770d99a26697ae02a503335e394eb8
SHA512 43d526eed44e9bfd0858ca6336f9b01b2a182716da78355424b153cdff225278f4a2cc9f7d4f994ee44602e03da90aba5a576490eac100829da41549bfd0bcb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 2b68b6ab84032f0911489c4c58633cdc
SHA1 3c3031758c4da1e211aacade4531521b366e0088
SHA256 b4e93426545e8eb336a931116f845e536f6629cca187316060f64cf4d45e1c9e
SHA512 eb147fb492d9fd01bdbc9fc50d4a2d9b4287ef1e2a7767cd447dfc769a170e7a529d287a850b38ebe1b08d62a19cde4af6a8f6c16108aa210cfa1cce68bf7a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 8963fc47cf03e6a6f5d023c5df89abbe
SHA1 b7edac8e126e79297c37e406a02e05bd252453fa
SHA256 1ceb5407e1286c0e54fc6dfd3c5f50eeea056450dc9bbd14c86bbebcaadcce8e
SHA512 8b5082eddb2b14870967758b6d378e7f4d5c5ab283d3e13a150adf089b55327713b3c13a9aa220c355f9325ce124b238eb32063f428ffdfc36e85f820b6e5bc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 ed0affd6eb9b53e47f211bc256b962dc
SHA1 5fe0929bb6d403bd970b9d289ba201cab3986cfe
SHA256 dae07b277b5d5f559df59b510602449ff45f7e8d08429eb24cb22148a6bf7614
SHA512 0b900cfe548e2e4d866753c5531d1719859a779cf1b26d321b94600ca8c3b3a9a38b4dde053fc796c17ececbc437f567d597aee19d968aff072084a170fa24e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 e7789186ec22ea8caf2d9978b893baea
SHA1 ed0f94668dd8e43e8bc4f3c2e50654ec3029255b
SHA256 4ff5155985f6257327889a66f2974aba80fa396dd9d6245bf5cc92fe48343eaa
SHA512 d1c798badfa37be51ad621d7b2b34bffc041dbbeb38631f00765310689fca14e1a37831b209ac7332d537d4ce8893ec02ea2990de255400d843f4402564ef93d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 06f6cadeb72f21fea2b6baafa80a7d3f
SHA1 6e702f40092ff9bb667015a5afa8d202c64fa107
SHA256 3930cb4778d56b24816847402cae4926ee8cd9a4a413d7113960f10f9731266c
SHA512 b68d09fcd7fbbac65983a0709fb570973837552c3e2579a2c1fb3ab3f2bcf4d58a60912a13a686806ddbd0dcea989905c547c3771f0efd239b0143f95e3df489

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 b45abe49adcff3c3216dff2796151fee
SHA1 c6937c61cf9ec94731d850a1e128df944e347650
SHA256 af62b8ab2b7389956fbc6d151839756f5f008f45d759c4a2a390e914d90d7572
SHA512 e07d6ade10f3b402c90ddc8d183957eba5c94dd34ac5838399f7a4313e79b706723b75b72c5f4d83845d6b8da4ac29d107bf5d52adf6fdfe3ebc9453c347710a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 9b880f2e930c5111cbebbff258381a87
SHA1 0b2ff3a135b55f7562bf5062bc849d822de7de58
SHA256 d9a51c4fca2d13afec2b50230426f0101fad7d234f863f790ea0ffc0baff76a7
SHA512 8decc75ccfd999b1a69621ec5f6ef7fd65104602bdd86f8ee076f3d83895a384a14758e5ed541b117a3e22783949b71fd84792207c1c2eb3c129164f17fc1004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 e96a196762833e0e345e0c6e510297e3
SHA1 88922525b5a2fc3888b929ca034152e217b01328
SHA256 d1785d3e17c81da635f0cf5806e8913a2a6efa4298c5938ea98765ba827214be
SHA512 d09e8f3120c2afc3be150143161e05fefe787bd51d31dce839566db2eb62989022bb72cd54d3e139f5269f99c65c365b185724bbb30a6932301c4ca07a96319a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 c53f31ffa788a276f0569b71b0a841a4
SHA1 2963d2260c15fa09f2f1df296bb401603ca9354a
SHA256 220e1dde9e1d6cae41beff03edb533b65846245912b2eb878c5c5db4c448f7d4
SHA512 06cae5fcc4d5fd1b846d15bafd18bd423255be6adb1f0b1cc896d1fe4db903b5d9990e00e8539df04ff1323c41be62c9f44f1d658c0a56f9871a73aa2e39d9b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70c67ad3e4065c4360820fdd6e96f7bf
SHA1 6291afcf16923f55972a2d71d2ad8fde15dbc299
SHA256 3e60a81c4012bdd05282c27f949ecaac7ed17d1957ba05ac33f76d74c0a099c3
SHA512 9874b5f41b91903014e0193a31a50377c8c14cb2bcb501e917330606a85b9bb5ab7e2b890faa344a61754628267230004066ad4b9637b284379890ff941c27c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 5fbdfa17e933b88c9ec284f288e03cf7
SHA1 66285becb57199abf31b207fccbd0585c6bf39ae
SHA256 ee576e567927164e3b5fdb3007022e3ef326d2f4fd09dc516cfda4671a17a2a8
SHA512 54d2369c7054e6a0a8fc47dbabd94e1c95b0eaf13ad1962252b3a062470b20efe7717248eca1cae845aea8195ff8bae70defd8cc0f495440a7907e06a1a5cfe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 7300eeb4e56acb43294bfb5e368af6cb
SHA1 e6a55de807fef526a214e29e2753293eec11875b
SHA256 9d1cec40edb742e72519318860e60a4832711b809a7526373b50d50b7ff1af44
SHA512 e5ffe1d023428f669846e5deddc08fe036b5ffcb632704b8ee2c918f47b4e3646197ceab056c84254e3db257e058614be35b5dddd5560d90d7663cf1e891237f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 17682bc653d107a9279f7f4b006b31a2
SHA1 53436b2c81c3515c91bc4f6b77a4e640cdaf1a8c
SHA256 5098770faf4bcd9faea1a31ba02c3cace71478ab83814ffa37a20102d8abadc0
SHA512 94be8a6edcbc340b7dae0a67f2eddba5f24355743db27203f555244159958d89898e613a2641ba1403098c3fe42dc8aefbdbd649550ed37f84a3be9b78331095

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 be2d4126996e9844dad4f9c1a20a2fe9
SHA1 0e76ab632b57f7aae15a77873464d0f3c8a76e75
SHA256 961f68a73dffdb1eaa0d79f1d7036f7f8d8195cdc2a278322d4daf4eb766bdb6
SHA512 0694393ed7202ec9a7346e965fb0a308f3de6b442f7b2f45dd874e9055f9ef4efeb690850d7f873ae04aa6cdf7edec545b1cb4b1e8ba8445162a150022a7b3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 6ad427130b53dd4eb4725d0a20868b7e
SHA1 6951832f9ef6014cae94a4689ffd639d395261f8
SHA256 e15d7e75091d9b1886d488c532517dd0cfdb507af2805be6fc07cb0308ca47b1
SHA512 8edd1751ba7ebd71b13f033614da09c1662486afd2ac185e9f7efe5034112eceac1c02e2a33a2907c8eed99b1c777d793c956d4b7db502d45f634832872e160b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\Downloads\ProcessExplorer.zip

MD5 5d9d611975e26ff785bf9f1db4fcbffe
SHA1 4d620790b52c37f49b147205448142114e1f84b4
SHA256 8278e1aeeb73773971d403c39f47f0998ab0a88edd843325c427730be529a302
SHA512 ff229057daba1e70d5b4b57c50c59865d4381313453cdbaa846db0010810bd66d97255300237013e75f044da8a8b87a080705e043f7cc2837ecd49c4e8bbed97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dfa2f8e2610081f1f2405095385138fc
SHA1 37fff46b11adb7b0baf981e18dffaea70d7ca86e
SHA256 7ad7b4c1c616b23317fb7b3ccd37604648f1c2857229b724e07d1abdd169456a
SHA512 b6818a36e77d34cccabd3853a28b366a43cee6e3db4696e1f9b989019f563fb1b527976e9ec229f29c088f1cc00b8091361b46d7fdcd3b4332cb328ff3db35e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f490bdad072fb9c0281b374cc113fdd
SHA1 76354e973700f51aaf764b85359153c8e4b8f980
SHA256 8860f45ed02e2842b4cfd11b6ecfcd0d8fd673e0eb87387c05bc3c7f5eee72b8
SHA512 b84eb9ba27375989a1cc317252747a1b6a5634cad00dbe05c82016854d1797b4742f784a707f35d9a0376efa34aac0f839c58cc020eb32dd6a86ed2e6a56a4d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f22e21d1f532c2127870b87ee8e52341
SHA1 54c15ea4494a8e04a0f812fa1dfc1f92dcc8310a
SHA256 2e3228266b6b1dc31e93e16996963de723b1a5fa71437bd4d1caac324f19c6a0
SHA512 cecfbddf06b973728f7feb69683799634650a36c6bbf9035768d0d53d218df98b6e35a990bf243213039f3f9208cd6e743bf33e1352f1a158e7eee6e26ebc30d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4dfdf836a02c8e43196ddf007dcfaf12
SHA1 5ea5fbf7ab98fd925555a1619973c981cfd97e49
SHA256 6d10ecddfb9567a2d0e47b06b6ea6c64789a72399d89bf9f4291838a8f3a3dc9
SHA512 2c2c14680f2b9fcb39218ac07c93484cb53a95e0a4ef6f54b469261f5b72f2f8a8d8f1f63a0d6a330142447e558e053412c5d125322985c99ab662829ecd6733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 592109f236ecbcaf47329488f3b90705
SHA1 c41730550930dddcf6dcda0aca36868e6552fcd1
SHA256 59e47e18bf02f6490e95c0ef8a79df8257f386646b44eeaea19e30d1d15682c6
SHA512 529c4404df96d27ee663947a8ccc8eea42403911ba7390ea52d3ef13cdfb06954f21ae72d1bde50eabd82e21878e2f246a210ded6ba311ff76e7a8d610c55909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 466e43124f9c594d03071d89e8bf23c1
SHA1 95c214bc5a9a1bff72fe946ce0c0b4eef5295b0e
SHA256 3d7dcd19ea96311adaaaf243e0c20dc63e6e2677ffbc1cba549ea94778b9c9f3
SHA512 39aa135103fa88321bbdaa1e6c76cc25d9c23cc01328f4ed9c73a7c99bdd7526fad0899673aa552e7799923d930f1b3c0eedfaee3af325410a80e8c372b6c2d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27cc62db37e45e101324733b2e8a1d6d
SHA1 99c6ae2f9bd0b0a0569935d581429e23f855a12b
SHA256 a9316e0a6e5996b4c57649939cc97a2e881479f812a2bf357d334ed87e29db02
SHA512 102b20e4a6e4b32538e70869c3408f3d14964d49f0038c0bd871d0ffc21024c2881d8543ca6627fd2a244439b5739e7539caca59c6d991753bb89a6f653bbc31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d724fa6af528ee2b71bf74bbbba45ecc
SHA1 53954dc64ed46b3c6ea796fac89ff0249843a85b
SHA256 94a7605f0a6000bc27f42e38f34a33ddd0f75f78a58e0af25b7a590fb465283e
SHA512 9734076a9117c3dde7df80e948313c2c026bd22b206dce7d64023931420bfefd38097928b9c116d59e01c19725554a22921eddd296aae0dbc008653729a89083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 568bacd6e133bd1954ec9db7bcaa590a
SHA1 4d3c1af9c8461e182a861d429664d9fe5bae019f
SHA256 671274258f783a641f0f2bf069c843038f42b86bf367de69510869fb0844b70e
SHA512 1d92448c9f0c73ac1164df935f926dc9651b6700972947a5848d82ca3aab5d639ffc1db5afbe130f769b6d1fafbde5d4e7370e672200969bf0966bf42f3fc7c9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9a9aa6cea5c1e039353030d80f9fb011
SHA1 10e5d2980814293e3d1c47b0d9126a023b1aa560
SHA256 b5272f7a9cf5e2f65d1ce84480e1bd8f7ef5fbafecb5fe088df4a1fda829b278
SHA512 9eecae90549221bfea543db69cf2a2ea4a18b96b15f503f93b79a22fcb2b69b25b9904e0f36ded3321a56871876261b582706ee925e28a9c994c1f27afc40ded

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f5efd408b7e20006a180b94646cbb797
SHA1 1448ff2c7fc07f1819d42d5e6d868ca1fbf5d2e4
SHA256 2caa1373f4ae9bda0fe92617764906aa43f1e63baf732c0e2fbd04cded61d0f2
SHA512 7c7db7e5228e5d73b001540a87b0b5d38c7ff0ace76ccb2a28febbebda50bbcdd75419e197bf8607a0fac5ce35ef4da4addab3dfba404a8d1dc2d3d05336b070

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 408c94a6c644f1f98359fc4cb2abe22f
SHA1 b519262ec638b5467fb663540cfb16ed112e16d2
SHA256 169279636f7b88641929296fd5a4d5f870dde8681f05a14a6c300b8fb9ad74d8
SHA512 d874bd328e8c31d3293e32019615c83e8df58663d7d5b0d7c52bc12db3f1bfe37ef95b758a9a83ba3140cb5e5bd8d36b069d13fe03b4f33b91aa75feaae703aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb0641c6b567cd79f6837f0aeaaf8f17
SHA1 649432363d2efa1ddd496117cda45bb92bb9d015
SHA256 4c435a04a94c8a40a56f059e01a2a339f29fbbf2b8e65ec764dbe002d43b7792
SHA512 8e1f02180425a61f4e5bdf20fe49930a01205402512df34438b84b5e0d60e3d162c47d0d2b73997d4d664a0fb2376e08bf3139cbbb985cf763c85f3653d3ed2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6343d074bb6f9f5d6dbd933cb7f3a2a
SHA1 56d9ed9dc61d6020ec0961a0b513075687da254a
SHA256 037be5a7d11ce66c9126158d93326a0b1cdd56f5d4181cab6de9277f076cbf74
SHA512 85f444e8d80658803194738c25b8e0f520d087a44ccd2114e211e44dd61b6dfc670afbcfe9a916bd9963b1c6cc47bb5895015f17d7ce1a5b365bd5801360a56d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 2448f641fbbbdd88f0606efa966b052e
SHA1 25825aef444654fdc036bb425f79fd1c6fc6916e
SHA256 03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02
SHA512 d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 342e152ce9d9ef895fce298a61a52570
SHA1 c2cadef1ca66600d5c2c6dcbee3355bbf901a591
SHA256 baa20b7c5a3388f6da66e839b2b187662d3ffc570704a0b9382cfd0874922394
SHA512 10196f93f2d8fcf8e7a7ff6e9706e42be64c075833331cb48d938fd1be321e8c4f926a9c888add217540380773ca2c4b269230227af8fe945344ceb6b26e40f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 bd17d16b6e95e4eb8911300c70d546f7
SHA1 847036a00e4e390b67f5c22bf7b531179be344d7
SHA256 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352
SHA512 f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 036b74783ce20828ebda3211e891cb04
SHA1 7db78485a24e74851b46bda99b7182c086312b46
SHA256 4e78c615a7d6e9bd891b73196de1aef20908169f95ee0506aa1b8889cc8e7cda
SHA512 603b40cb949f402480bafb423486cef83e34334f1f139e51fcc13aee5e2fd933613c26b011cc75a10a5730c4252c0b406cc24022bb5aa841d9c29b2ee8ad487e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 19c73397068ded824edd2c5b13d0a9da
SHA1 7f0f149b66309aaba41974d524ca69390a34e4f2
SHA256 8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100
SHA512 8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9a3bc37a17899361812513b1050ad8f
SHA1 d9b53cd82c1f27d2760b9f354a78d8aed962c207
SHA256 adffcb661ccdb62cb7d5925844b7b2044f15f35f41b82aebb68a72ec276fdb2c
SHA512 24a6898a3723d59f690e636cf59c34d0dfa68c924238448b4ff67287eb1c5bdbe28a125037718b8da5a4e5da3e7d73117aa450532417f89a2a665b634c5151c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c397e68f90117521f80220e12ac81539
SHA1 09c01fd9a0d575aeb4a6446fc14facd9cebe3d11
SHA256 adc8e65ebe4efcbf5e486b5f50bbdb9805d43a47f3b5c426af31ce77491353bf
SHA512 6a04d6a3c605d011a0cd72e36b61eedf2bce9682500c6c433bd64251f98600ae93939e774af01a2dbfdab6759e2642b0ff6bebe99ae8487ed8926276a8066628

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee370fbf6fb6a7f_0

MD5 f5224f35b47a983f5c9e79b5cf7c702f
SHA1 0c603b7d26400bbeaaa3024890dfe955c7c55be9
SHA256 63faa33f8099a3abaab686c34fe3a0f574a12d5731816c32602f85e6e4b342fe
SHA512 424555368cb356b29b76cbd2667c3ea7c1a1c7e1e1f3f1573f8d8e2bcc68cb4a8436346f096e47c1fd2e456595b5d5183ede41095c9ead58a8e2bea4d5b7bcdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb35d9970e959973_0

MD5 3f2a5ad3100ad81f02ebd931ac46ca64
SHA1 9de6f1c6ffd99483d0e98c089d0f18262112c280
SHA256 352d9358bb12cbce32f1f55ae124941197b624b7c66b84804f5bcf6a27d68d9c
SHA512 37efc9ebb6ce981677244b48bd3a0944170589a9d9afb25417b86deb281c7d792130d8fc51c3dbf7a2203de74300362e70408df6ed105eb98058f385d58b92cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1a74cdcec20e5c5_0

MD5 49f276a903b38e8a66f34ad78143f528
SHA1 1123bfe2a11b7432ac0866bc25b6b09439c4e8f2
SHA256 47a105587334293c62f38cdf5b63b4ac7a9324a609565e86001867c037bd3f73
SHA512 d74f4c1c390ed7ccbc2957ccc0d726dfd039333ac012b6e98a330df6d0618196eb4b1ef340e11bc805257a58c913289231186f2ebed6fcc4b7516c35cf532285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eecb2833ce3b9ba3_0

MD5 5557a916688a26676e8349c9022313e5
SHA1 defba29701c15bb5f1d7343aae7509db4ea6212a
SHA256 af2dd482d03ef5344faac918271bf58e6c21274ac4b81ac91ef300254354491f
SHA512 b671df026de57ac6646dacf1da50cbe3166089c25d3d3db8106dd1e6368305aa5bf40c95e5c64f87b018028c64d66a6d44e1f1fd5a00a8de0bd76c133de28f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 2c0e81de1c8bd797a4b53a619516fb2f
SHA1 ca672fb6a3220ca04497b6d68a044609f8a6cd07
SHA256 c0694c8ca3a345172b5745e46edb15d428be2b21e857ba64d86d0712d5b28e28
SHA512 e6646d5915163953074ba15d3d4797bf2819ead6cb8b0c789fe4b6ebe83e360e36b633d921844677f4d88ea6f0dc24f7ed2bfaf876761b9d0a4993ee308a3add

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

MD5 01668d8bed061315bc8d33d3818d0491
SHA1 2a337f675407fd005378e2a14af601d770bf8a41
SHA256 9ccf0b1e24c385728cd4fff2e9298ec7f872676331a61a5f90a04e3512ae1bd0
SHA512 060c50b4133f3d4e9a176ee05948d183035dbfed417a6cfacc21108ac5956c55e5ab80c98caea771ae5e499f3edd895c2e0b530d69e6c7c8cb39da4577d2740f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2222411fcafb272_0

MD5 75113de32f508f589519eaa57c89d5ff
SHA1 7fac456f8054d351e9233dd778ac9ef34b122afa
SHA256 ae4a32e9b391382c81c10c1b76ad2b4726ccb465d51289ec3346712eb8c000f1
SHA512 009a8bcb232b2857f3e968d47fc2e9b9709e7a9fa69687e8d75d1da1beb4c43ad920e0502e007b5781f13738f6c1ec0e5c0be24062c125358b8755a6bed8c319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

MD5 885aef498122042650a8ed2976656150
SHA1 10fa426299c6d67a7c743e60515e7c693005f909
SHA256 099703f59fe39bf750f48a3db944e4c5a8f595901db0b898df71a019b3623b1d
SHA512 80de039d12690bad3c03d714e562cdf5caed280484de91d7375b46dddcc587b643e06e9a11417afdba3e1bf221e7ab9b20ac253ee55da306d3a39a714ddf9d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

MD5 ca1681d467df9a0efbd57811ec10a2e9
SHA1 8bb9b661df05e19b49a63ff80b19f27fedba4939
SHA256 66e28cca0b6152e1bb21afdcb680acce6499477ecaef37bbef8350c6481d0c97
SHA512 0ce645b3a4cd8a3c10e000409a6cf7787d7682d004e662851167018d36a612414e638b6cfaa20dc281978ec64ac82e8c82870ac9abc19ab13688bc384bac3c3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

MD5 a063ac967cd41bde58fabc7b2d5aef4c
SHA1 eaf4ad428531054e07c5d43f6061875b409f5e35
SHA256 c6c4de8fe923e12505b4606aa7e334660b8b129578e082fbe09636aa5fe50b47
SHA512 459c969dae20c8931b04d3ee850192cc389d22b39b1f9637835efb160e0cd1a4572ed9543ef8d1ced66d95be17c6f6e600a1ee940636902dd046c2ecf8e40bc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 7618d2fc6268ef60a58e6f680b1c9ce4
SHA1 ef9e7f6431927337535d4aeb1f362d758acd0488
SHA256 077b7d09715d65f93f41e358693752cc8f9670a02a83f4663a8bd7480cea4fe4
SHA512 d2d4cf733dee37db8b60b2a30a88cce6bacf3eb794ff7059659aacdc4b455be198e340628149e07e5e1dd269528572d7891ee060d13771451f2fc7d3aba2b005

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 13b90c43340995dea2e1db7884509491
SHA1 0c991013f55ab72b224e4b10e37dea8d676d5f34
SHA256 21f7424145a29c2225f1a9dcd732fedfb46f0a4efa13539fa680c932851562fe
SHA512 5560a05a6e50acd9adf3fe56412a2238453738906c2ff2cc4c7efd03cc49639b7327d8d1d113f4164d6b8b94e5feb911ad13d9764dc2465b142ef4277d5f5360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 d2ffcbda22a44a746ebe9992e5f4c63b
SHA1 e5fcc991b5bf4b3867707942c081cadbf66720bf
SHA256 f5cf3442663fd25a427e9cf19534ad770ac48e8dc03a5f7dd48a8e2815902dec
SHA512 4142f509a866f5b82fcd0611e56d731f80ae4af83eea16b90ba5d426f27c21c4a6c54ac730a4f66b291d815eb167f31006a5da82884c5a4f8a700dcb22347c0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 22c4960b37fa95c61f403c418733a23e
SHA1 c35d0999f88bb10e819ed01d7bd2e4d7f74da895
SHA256 b388dc0611e90adf81f21ab04d69731a7ae51facaa494b6c16c38a0b7f1433ba
SHA512 2c7998376bc4bd9a17cc5882929d8959f4fc046362cabc0ad2bb6a47c7f4faf081ffa6d0d0a1792236357921e8957c9d07250465432215c9a496db5d163e04da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 dfa3261b224524548a5f64e64dc33464
SHA1 e20b983b94279564a0c2a189e2f5beea1e932bcc
SHA256 1e38f492fe988fd3573fb7369deeaddf542b51f94a1272220c1adac341671a46
SHA512 ee87b9fe5ff60c1d69a09dc1642218eba8b1b08163818854b12f36ae1fccd910fd37e692a14a098c1d011204ae34c5e837114b67842ff5f9a109a7ed732db119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c035c55e661cf4e0_0

MD5 c824d5ba9868966c54b531a6b022fb34
SHA1 a21e371a7d11c600661a80a8972ff08015fa710d
SHA256 95957841791729f8f444e3134a1a8d084a9f8f92578e324b62b7bc05ca3a82f0
SHA512 c66010932a8af3a06a7e784fa23cbf37f6e8d7bc43d0953b8a492b54cbfdd11e43d87bb22f78205296247e11dc879d1d625b45965c0413ae37dfd70d6ebbf773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 f5074d6293ab3640e18117b622c7d3db
SHA1 52b75a8056ceccb53ee70dd2c7f428a3e8a68a37
SHA256 30e172d4b58bf0968540cc2a2c32a145c317e18d4afdba0d512a16db83251bdf
SHA512 d0fdd820de93cc6395cee526aaa003ff3ea7f17d41726c659c76a3647ba52d360e131f5d50265e68829a89d57bfce59a173b5d3579e808a0ddbfa30fed025e9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 212f068e702474c7e3e3f230acbff9b5
SHA1 74202a457f7f990580af55d71b8ec24075711e1e
SHA256 e382bcd804bde55150df0498f091efb07b5150d87610ee557877152e96c902fb
SHA512 1c6158a4dfe93341013d7d5a99e3e345ca42f5057385567ac8e75e6ad91f185a20d5617b6728616a0266287f5e501c4eb627dbdf3ed87301ee14855836a42afd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 ad40009723fe0fc6f43680498f35d48b
SHA1 c88a8092e1484a399cc263e96d31b549e895e148
SHA256 2595c08a57af18666216ebca50a20026ddb203ce2f373a2e0aaaf611a618cb62
SHA512 b560ca0754bcb53dc98f259d094c8e88946ee25c24057d037bd6e83698223535f9fc5b4b374f11cb694df31a8c765df979712a5fd1443d50884382ec8ef223fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

MD5 ac849a732d1cd54c5503855f0de380f8
SHA1 eacdb368053314c8f703bd63bfc797891b3cb2af
SHA256 1bb66da709162d9699648926cde575a0c68a8988f03520b2e6b30c600b069218
SHA512 e5fc8627d7899c4547c0f68809de403148e7e11e734ecadee3a8706cc7b077a3383f9cafa59bbe8fdefa799cc1e2bf7c654b7cd48b6e212f472878a44a32cd01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a10da6f-8182-4f42-abd4-0c58e24b3368.tmp

MD5 2370ec1153b65bf314e3e59287196f3d
SHA1 b4fcb24466ee6ee756423b07056df383c3e56b3e
SHA256 f6ab833877d789ba52a05b9ad9d3895403da27d979478a642ba5d59952d33c85
SHA512 8a2ac47ee2a9bac1a20deea5fbcea03d5a6c26f04c23d611c3f2f7a4a5ae04933c45a041929970d7031feec89e5475a7b3111e9fd4c17bfe41d3a919dda95c68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9693990af05118ee69a9e9a86a3c64a
SHA1 1ab5e75d3e79897482abce058409f0a7bd5f0bc3
SHA256 a2a8427bcf6f4eb45737f5857d2c33d72fac1aac50304860e0e911c1f3e89e42
SHA512 cddc25824f32449e6fc6f2fd89fbe674fbd264f050ae611d037aa6780f74b19199ee57d0cea8d9617de954e76dbfab45a93897ac878df9e9c3459f645f1a40e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 90c7c3cd9f1bda2460a4ce30711d11b7
SHA1 5d62c16f1237f8429a215873602579743cb25aa3
SHA256 f25d0e3f8652167d6a56adb7c8e0441e364dcbc2bb847ad176dc3709d3272450
SHA512 55ee7a7956ddcf57e0e47d83a317ae663a26c5c32d549d2bd3ec4a54f30720ad353ab67b522310f86e1822c628ec5ed654a199d329752d5b8a4eb0c07f78399a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 47b6e3b9a667b9dbc766575634849645
SHA1 54c7e7189111bf33c933817d0a97cefe61fe9a6d
SHA256 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3
SHA512 a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 0e045ce9afca2d76d92e1d18344834be
SHA1 f1ebee178f8b20945fde60e392c53c7deeb5d3f9
SHA256 c5c5edb2479ae74b76265ce50f3288286418225c04a6f35148d3d2238a4fad8c
SHA512 d82c38a003956344659b0b095d6639e081e5a87a7ac822efd2366a39109862bd90661bd448e097deb23a26efa042703fa378f5d7c6701fda9651f2525b942821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 1ac27973084a93966f6a90d5b518e258
SHA1 787986ea7a061e18e3d858c919a7692c6d100ed3
SHA256 f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8
SHA512 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c89914f885c70b921293162ca4dc2b7
SHA1 754c448aaa183604e94e4f727ff818da51e61dfc
SHA256 ecf32db52814147659e44d7d28fac21ebd2dcdabf496fc77bf7cbe0605a98624
SHA512 f588c9d860f35ff19cf2482e0b7a60c41b81fd2b2ca5dae139ad144f916f01f7164328f70f19172bf7af9151f35c25fdae184dab70a6b46ef4c640402892d86b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b52f56b6437b50b3e80b01b4513d9f1
SHA1 d62daf7294bae05416a5d661f7f4585c87d05546
SHA256 a8c1874630d1cd9c7323f3c83f793c3e0722826dbc889e38597e1e8baa2e72d9
SHA512 ccbb672a2ac171dec442a56929011def330461c2ed26cf752f959e551934b3934ffddda47d6f0c6f13655d0b45a962b49c30dc0a2ec9abd0723add8ebf1e7f7f

C:\Users\Admin\Downloads\Unconfirmed 436107.crdownload

MD5 fba93d8d029e85e0cde3759b7903cee2
SHA1 525b1aa549188f4565c75ab69e51f927204ca384
SHA256 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA512 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d9a3f6caea3f54361f89146c167d3eab
SHA1 e2d9ad71c53bb4019ee02e3e4a539adaaf11ad67
SHA256 1ebf0f10ba44288b7e1ccfc9fa4fa5ebbc075adebc6fa5ede9b961b060697f08
SHA512 ba3969ca2f93323ba70b200873897023c64b86f17d24528b3281c0dcf43ee21ae0d58cbd4fa7b220ede6de1e136edb9b453d4001bd67949ed0a563fd6336f678

C:\Users\Admin\Downloads\Unconfirmed 681153.crdownload

MD5 ddfc82cf4eab81965e3ec8ca8915b00a
SHA1 1e5b94be6922e6198afe39a7fc695db291bffcf6
SHA256 4819d87fe9d0d0485fe85a3843a3e3ecd61ebe50a115dad01ec10275272be82a
SHA512 ac08fa6aa1e55a653ad48305bf19c346d0a82a30830ae5b8c84d557e44c57511e39c68deb786044481074fb694d3827f66cb66862ac52fb4437663e82d64ba42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8b0a181d8d32881164e9a8c6e6519e2
SHA1 1c6b17801ea9202d5d39654ee3cb7f1820264bfd
SHA256 988e51b05b87a8344e6597005b0a5fa9c5fa1e12b95fa158089453fd9fca95ed
SHA512 ac11955a0f918781ceb3bb9267e5bef233518d7eab7e179c2f42f01c54b8c8ef5c958adddd3ee5540f0b7d2bab7c2cbf5c678cd18960ccb3475e529e523baed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bbeae3a1a233613be01590ee92643433
SHA1 06667946a0185d2e196305fc331fe295c27a1527
SHA256 b3b356b9ee61302cc7606a6e273e1012efa25e5b9ada0c132711ade1afdac2ed
SHA512 29c908d31a4532e16fe97ecf53e6b7e3e940b18a98418bb28d5c79660f0d08ea1ec78a2dd12b4dbb9a0027adefff2b240d3042618b8f125a4e547afbeeff3d0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0e9397dcd01d724bfd4198ee34544534
SHA1 6c759f56c81f1fadaabd8be467295434c5c7422d
SHA256 cce773d510a59cc06e8a2264107b61d4a58cdbc90a3e8725ed0d54d4c86abe0f
SHA512 2c6bfd97a7ddee2c0eb71778335d051bbb70f02109884d9c4e97ca7aa3e53372082bffd97fd585be3aaa3f023d38fad301ec9153f1ab5ef4045e38304c3b721a

C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

MD5 2d82f8fdcc244ead80808f7e8797517d
SHA1 73ae4e08bef5641a76362899aaffc41331847aed
SHA256 9b33a5da7629f56a4eb1ab7a2fbb2aa42820ccc9d42d496214bc878bdef5378c
SHA512 364dfa1fe62b70ffc686e96af4cfb141a4a1dcfbb7e40400fdd5db43740bc737c3bad353d250b76c9d8224ad0b8d312fe4e8fb94f3ce7fd9b3c7aaf973e45923

C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

MD5 fc7ae0193af1a035be5e6e5c15f4ab78
SHA1 7ba6aba05a29c8ff23801b36515f32b4ab9ea13f
SHA256 f22afc272785e01dc2cee898b60fbf4049ae5914d1345e64e87cd074d1f7dc8f
SHA512 028efb44ac458b4fcdac6adcc4a7f00d4460c6706f45c0f79654e4780eaf823c5301413f0619c71246d6bd808aed64e8ebc853d2b7bf0bdd697d4ef47adf9a46

C:\ProgramData\Norton\NPE\NPEsettings.dat

MD5 bdf7612c664abc4c825ed2fa55e94f81
SHA1 cf26855e89cf6036266ffd3ee37201c44bb30f2e
SHA256 1014630d99383f09d1977dfed2ea419191b36209180f00c799dcc539c82ac9bc
SHA512 221630ecd17df51dfa5b14db1c01ab59b6802aa66c79e2d826c0fa8e252f6725669f441e4af5f29050d2e331fc334e1d976bbe261affdf241fbe5812aaf97cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f478df769fc504acc7c46f0f54c167e
SHA1 6cfe63d3e3ffa203df254b9e2144d80e2b62a4f7
SHA256 96ec204529f46a632e84b8d23a856d0bdd7493f27b04af89e10330a041321bc9
SHA512 52d79ea7bcef3946e0fecd676d41af832c11310693da40b523a551690bd4e25532ec96763edda7a404fd5bbc31850a989012540e973c6f71250c98fc374ae2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5032715d5d104169_0

MD5 71320a0b7c63955ce6e8dc340286b3e7
SHA1 fe5e1a87a7795b163160e9c8141a7f5eb17bd83e
SHA256 ab66df4ab247ac06680b307c1cb3b58d51e1bca0952244ffe259f316ebaa8f98
SHA512 190a884420bf95fcdc6b99f5644a567628de6cd2f4e31b842c38e939dc4a8e9b0f248c39c242581659c9760b338cf79345f8de6c050c538ae43fd703384438f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 484f43c2d4e2b4a6c5f1b37d93f00b8e
SHA1 0e03a66a85f784566fd4167ed7a87f10237a5c56
SHA256 b1d909a869d56e7033372901fa786161666bbf77485bc52cec13c92636ea1b03
SHA512 19ca8b822803691aec8327bee45e1b068f1eb645057d102673388edda390916dca8b5bf0082146ef3b4599e3bb86b7bf50518fe0b0deaa65ccafefe057157cc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 246dadc4c769903a3662c6be53267233
SHA1 eb258d12d96817a5f4e5d87afe2cb08967351635
SHA256 246a52b5552db6113f2a360e54cf3c23045dc4584d84ee4e8cc519e3b6e7d1a6
SHA512 a7def46c71833c5d13e3ffce145ada2a88758aa2f56d0b3c001e8734a5c1a824ceb5bf02e0350599df93da2ed46467cce74c79d6f3252715351578f850e66a28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 da54b2f3ed2234058eb9d7c3af9c2ea8
SHA1 14c5a33f6fb539f8f6f984d4e0e544ab7b4048f2
SHA256 8cadac76b90f3ad80ceef98880c96f96d32d916a6b3a11f988aee81f4eb22478
SHA512 eb3f0a4313ed61961997f2dbfad363703fa54443b129887152b6b742da95991f7c10abc6d0296cc37a011e261a5fbcd0d83bc6125242791cdd8eb37beeb1dee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2be44e10c65e3976_0

MD5 dd88b2784493ce3439c6f7e83a2a1629
SHA1 dfcaeaed03133d682d5266f1845eac6c31e01750
SHA256 1c5baf0db80f2859169d342fb01bc8410ef2cf16ec95d236af18ad53f07c05dd
SHA512 ea00417547a8daee6e05eee275fc572ca19f16f4369ed9cf0597c9e8fa7a3c9c60522b18d566043b527d228a2e7f83e66c3bfc48c518e5cf6816432b1d5a30b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 ea7352962dcced733dbeeb6aa45db29e
SHA1 9da0b31000e061e6b9232897e96730afa417c083
SHA256 fdac748d5ef90588e59034c5222537016bde4725721e926a6ac2dac81501a430
SHA512 74b9359c5c62a7a5a2d4043e4b9a78e4415359960335c1f7f859603b7da13bc37551e728e88be98b63d6e32d15313a8b801f5ff891b352e0e1b96b7681bb56ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ceb88c56dd50d3e6_0

MD5 1681c52ffc3e9f010a7076f3c46899df
SHA1 5fec0da76a294e466247bd850b13963c5ae261d6
SHA256 48e2c1699270544e62df369febe688b30e6709309055476887cb8b4f4d738bfd
SHA512 80fb24acfebeb42cae66853547c1100c5422dc678bb0fe8b3d58a4edbc0ba9a535bb47583df67553a9d3c4ee49cc807c562b6cf8ec49b409e0123c934c1a5ef8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 ac8806608607eb5747809dcb640c620e
SHA1 71b70cbabce851a59ac32deefe4d909d297694b5
SHA256 ad12c8cf050c00a71186a1d1dffd3e750bfaabff3b7ce985f6319a680a0c74ae
SHA512 25074e56b2c5a947c96719558ade9bcfadc0273d59afecd1328193b52817cd2a7c10e38b3d6c248b395d243fad710015a3cb385e927f6e6d4ee8741c7f8883c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec14f25f92415b2e_0

MD5 7908f342b02f1f5262173905b34cd4b4
SHA1 e1f5365d07de8526b9d41bc1feca2f885b8d6aa7
SHA256 a6c0091396027224e0aeca20d12178a66c369db3b02f812cb7a5b72ee068791c
SHA512 6ffb62293d6a3fe91ea698372c65ce2c52424eab5be6f205f4191237e461fa54717d7857291760eb171da8c8d139a75797e38c666b428c4a1f34c950cca601d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09ac11cca35a72c0_0

MD5 1fc7efeba7b6651a10dd12e462f8d736
SHA1 f9b66db90a179d4aa44e16f99559ec2943c73743
SHA256 ed3ae7846268ce517995dd7d03b395f29deaa7c727aa03b1f28798ba2ff3b769
SHA512 16e75d2add8e31e7f95e6648c3ab5229be7bf015996e4f1e8e497b820c9a44d373d2921b357d898d15cd72b55d996ec3c1dc4deeeff97843d8e4b3cb5b8ab93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8efaf556838c0a94_0

MD5 2e0f4e8149592f18df1cd980e11b37e4
SHA1 53689ede4b941a6290d859b936150636dbcba4d4
SHA256 f456bcaa645e1c951c482523fd0fd902b5c35ec5ac7e16de1b2cdc9ace474865
SHA512 533b80364532b14348f506a9a38cb01a9a160be84fc759be4d061ac4aad0a296dbb4c240edb019e1374399731866662824cf6b85681610520f3b943da8578d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 c7b6daf22c2f6b7b627e2909502a6e59
SHA1 11a5cdc1e5ac1415981079700ec4a27ee46ae283
SHA256 de9241b2ab5dc13222aa042bee41c3eb63f1cb3058d3de5c8080f6f33bc07d41
SHA512 f74b4b9aed6b3a03fe9d6a0f14232c5d77cfe90d79cc27bf9d2861974b810b4d1843cd2fb3e6f2beb74969d334a3d7af1ebd6491097883b0001c3e261e8f08bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 4f41e82db34edf0ae55890daf424f7fa
SHA1 c2a695b5fc27bed1ecd456ebf126b8e705a3678e
SHA256 ce7c439debdd84283f46237a4f1c5dabe14ac60643c509e97eace0ef244b256f
SHA512 d8216ce9431394ce7b35b7a67006893049535e9753a0b6166190f5bc386c5d8cb98004a8426b57383237faca264d9c6230ecfadb85e30f645bed1fab7822ea2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 a65067d6d579b7e86ce704a28ecc3e20
SHA1 554be0c2bc760ec6578c191a5ae42468e9108d3c
SHA256 e14145c5fc400af592d9241b1501237223bc5167f11a934965145866f326b988
SHA512 63c8c10997821360add467c1f51269513f7e7d18a558d274d027b748d3d381640042f405c57c53d5e7742a1595276053aba02eb954b4c60c7409aa2d8a9e627d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

MD5 11544edcd909a3be3f08e0f9877d40e9
SHA1 e5896c388109236c1114b018200b6a967bd6a41e
SHA256 9312acca497300cd22e4478272ea10813918c5dd7bee3e940a5e19c7569c5d09
SHA512 6285e46a13573c47e1839e14150fd7706f47f69f618e6f43caa01f0b7a609df2e5a7c9c8c0068a9a46b3f3aa030f475f519b84fe96167eb19d5d7455ed7d9ea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 b988b0bf57347d00ef2a22ee178f171b
SHA1 c5249d668514eea9ee09ad92084fd0997e54e884
SHA256 080f67f0f71125412f985dcedff58f73510631139349b3d38eaedf33badc6433
SHA512 9d479237d32dfacd2522f134c0fa72c988ff5548c517c2506d76fab8d9482833b637deffb96335430142efaf005dc359dab9a28adf4b1b96e48fcc050485dbc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 25d15814531ca6d71e896844daf6dfaf
SHA1 3a33e3f699e132736e9c9c5c5e89794ecc6fe685
SHA256 f03016493a64a646c10d0cdc1d59a18847ed74a459320d882edfe25b2171ef15
SHA512 5af9c8445c28f1a86c2b9adad391dc0aec0650c5ec54491540a37ecf1b31ef5a715c3420c054f159c46b4223049d3590743ccb2f3346ea0d108b2f80dae6bf88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 4136c36c33621e8d973bc3d1924648cb
SHA1 13eefa184c3d3ebfdf2072099530b3a3913fbde1
SHA256 b1719e38dbf4379d3095f34cc23cdd7de648e5848178696d4789c4ab1c53bd68
SHA512 0957510b8422bc1e749fe5befa386c2215dc9325cadfe62124d3d145c74e7fa30a9b4f015be1e5705642f55505801f97aa19eab4fd20751b95cac188e69c4e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2dbfff601c7832c_0

MD5 5b46361e6f9da3666cc80b88357b2bb4
SHA1 513c543b3d4b34dfaf69776e2b4c126644c35ff2
SHA256 fa43dc73c262abd473524b7c1d93c1ff42ee80cb1011621ebcb8c52adcaa5c3f
SHA512 0f5b2b2ef0170935eb58931ff84fca2d9e8c04386484131ecedbce867dfa3ab01ca701d47e54ce54c417b2056008e18e5acc981734b4ea7b3c3084ab2183329c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 3d4687dd232287d934e06a19400f220f
SHA1 47bf81d57d967f694acd93d0f848059d51fe3f22
SHA256 faae6d3677860e6112f41e0bb60bb583a88ab218f4cab834be7fad36b95de039
SHA512 b11b99e17bf6c7534c627195c1bad88f7864c1c727d92d9f9eb2572d821ebd5d59fe2f9d4dcf9a62bd817bf56b31d06e45048a606428dfde5d08f07a71a695b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 161bd0f4b427b55fef65a6bf087fdbfc
SHA1 ff8919162760aa68df27e5b4c55b6571b343133e
SHA256 9e75319101cfae772a09096b7116094263ca8e76451ca366481a5bd4805d066a
SHA512 2f9415d9f90a934878a465aecc9bd33220df33428ecdb281be635c63a4f36a94352e1bc0c0ca706f13b0863618f88c622426eaa1eb1c348197203f065d8ac20f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 d374d809a3009e13537d1fda0ebad31a
SHA1 092b8c58193d799884dc62a83fe962c4c67a36bf
SHA256 2ce6ff4f84c7a9bddbada7feb5d90d403431a3086fb314ecf90cf91c697f7c1f
SHA512 33eedcb082d5fb2adac2275c65655d96304384041a9840e3f74e93c262352fe05cfc98e7721bcf40d259cd7c73d0cbf1f949062db4dd9dd317fea6a3d5a0c40b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f469a992907a486_0

MD5 6efa9beb85b191d2efc58e895388a90b
SHA1 c520439479d2d5f2d195b43d456bc9c3a69b4779
SHA256 f2bf3e43f12731c0f4885e713ae939a0dd5d6f8ec12bae5f47bc6113bf62d81a
SHA512 7d694e38376d43c704c653468c83a164aef17792dc94f4c018d75bd3f78a270c8107a28168d03ca984e0f54ee722a41ac6883af50be0b2628cc9058e3fe0b66f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bb789e2ea58b743_0

MD5 44d7a4e6c170b3f2d001d7165e39c3fa
SHA1 cfbbc4316afb4ec9c3ae351e90288efd7c90661d
SHA256 b619755cd2ce8d0c8e115e684b610b4d5f387a8bb349e60f61386109f554c18a
SHA512 9d79083f45c8df1cc64bfb8927ca52b311d2cb585860c2383da30dcbe19798a9407d83e6bd5c9df5cab2a947ff12eab4a5bad2f82b922f36b2778554bc779559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 5b555cec6b48a67a3a938c505d9a2c0f
SHA1 bc29ae23103170e38a077e710d0b8eccfae604af
SHA256 f6e977afa08750340a83219265e344b768036dcbb6bcc3ae824c6f75cc6c650e
SHA512 2056870342d16ec2b0457acc6bc76760c7d3009e4526c6516db3a6bd38bc67e509ee7840b88d8c064b0250a684f49a5b5bdaa7039798eeb4f885901205f977c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 a10a41f99be2e66600008bce192ffb37
SHA1 6bf8a764cf635036fb85f1bf1434e56cb3208fab
SHA256 c304e5e546dd21ff25da854db94ed72ab36b9720215fe1c2bba06cb8e28c5a97
SHA512 dd98a6e150d5271f61ec46fcac454843ec69daf46f115743ddec88fcc5a4e55a71637283281e0a19f60713f53dcde972dc5ef8f321c0e322b51f6ad9f058c202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 b86f25ea8b224516189edbf0d65c4a08
SHA1 7c4b9fc4928cd5478aee2ad15cebb48a9f9d23c3
SHA256 38a0db6a6aadb657a12ac4e4bce2eecaf3a9265b167666e0577be6787db1bbe7
SHA512 f0cca78e4aecc4375f3568850c6fe320992354159cead9cfe842f8e1cbd839efe70bb83bb2105d981ae4d53f189cc27720054e9ae511815d58a69e65388d8774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e95bc43999b05ec3_0

MD5 ec535a517a068db6266b014a52d19468
SHA1 a42bead96df483e00d60562bc078457efd0d722f
SHA256 88f7ad7ccc0f4b0a186a0eee920ff87013980a567df4bde82b1063cc186b69bc
SHA512 961174bf8000467e2006fe5bb472bc27be57a1b2cd79658498250a9138970be6ddb009301a7cbcc9ab7c024e4123280d0ae8dd7270efaeed7651b2ea488308a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 fdfa75b3bcb2b6db83018d0b9b62a4bf
SHA1 235b480ede484d56d6d98a8c9b856a6a567dd4d6
SHA256 ac2b794aedb0dd3216cc960a59cf33c6ddb7a11bc6918f8b9ffe8aeb1466a8eb
SHA512 56f13b382aba37f21ae5cd56e8d00468e64f1e05190461a7c4fd5c9ff6fe04ef40fa133fbbed4bde3674ea46df344e2a7abb9e9a4cdec563540ea590e2c31f30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 6a79975d3086c75f8bcb377f6aa8ad12
SHA1 f7b812e137e6d42107029e4590059dd3dea69f7d
SHA256 bc4e6a06fbc0ca2e1c51854ab2b5989c53fc6c59290a4ba9072ec52d8c4ca808
SHA512 4933ea708c2c546f87aa538d1071ee6d1023524e4a5689c121afa9535c9dc596af2f854dc222edfe13dae09b585359cea72f21bd850837020fc7dfbddf626900

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 906c978537376c965f619ddd46a5b5bb
SHA1 0232c876655d1bae4762e047411a2031f3a3e173
SHA256 79aeebd1a8860ddf47d3fbdf9b3683fa6fd106a2ce51067496b9c53dbfc9b198
SHA512 53f48fcda48a98c0939a0eea0c4238e3e7df74a1d713997e4ff085ad6c0ec0a5ce436c222dc206dd1455f5c298dbdc9cdaf3675da6ad50ce40d6f2e02e608edf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 0ffbf28ca71dc886c6cd239e044da9a0
SHA1 fb44b1b2c5c1a17cb8680d70f9a69b04498ffbfd
SHA256 0d727a6ab2f049d0b33dfa5491b9ebe9d03b720f973f796f7adfcc7a442cc0a8
SHA512 c34765b9156d74daa101d548dbedf7af40f1f4638b850796eb0d28b0f8b85ec83b6a2a21d69c6d20acf24aa535ed2d80cb42379600972310ae11a05034ee258e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71cf33e27b57a88e_0

MD5 0687f12fceea27c6b7021d8a2768b492
SHA1 743980fbd9f4e45c0aa664706a0e38167e07f22c
SHA256 26653897b104ad6b099e471c55d75bd22df7832a8e984483a342d63edfb0d683
SHA512 167def0d2bfaad649d632634011d2ad7c9bf647c722cfc0600993d1a388264a860075c6c5342e4018d1d959d321f2bba309219a05b6c7b37ea79590d533b797d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 37eb92d5d452f37338d5dee7d5fc2056
SHA1 154fd03a1a3dbc7abb5295ff42204df2acb62e90
SHA256 cf5584d54225012afd353a8ed7722d82a0eee79443ad82d5d8e680675eaca20c
SHA512 7897341cc7861b386ad325b592ac79880224ceb2f11c14993173a6783284a04ca900d98fd5aef799a01ccddef401905548fa347321c4b5f1d41e5e1faa7bc9eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 6176cd487ce1a202f6608d947a2fa502
SHA1 19cb726e7ab76860c70b57358bf572c3c07458fa
SHA256 16425b4681434ff7fe946bae92fa44394b9646d4c1391a118523228499b343b6
SHA512 30bcf0cf0ebdd1d95029edccc254966dd539cbae46a561e4528249536ef98419cc49549d3ea2d183ad20347e9d69ef1d91de8e9cd09033fc8207b07771a4d04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 b7eaa8c06a2ebd8dc49a7e23ce95d412
SHA1 f8252a69a440dee541d6838aa068fbd91fecf358
SHA256 d1e38c0a7979ab461b2cf25fb3c92039b43ead39ea6a69aa150e327301ef31d5
SHA512 74c8c120a3814eff58200cca1c22f70bac2b66dca83de6f8a061d551adb5cb86a70421aea77220e0747a60e49828a25361d393b89ccba91aa24674baf3961867

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 b62ed3c9d6d88f2d2a057031127ae8e3
SHA1 848e8ff603006d00359d392f423669ad217e9441
SHA256 98eca8d45d4f7d08d2d7a5ec2e8b3e65271209abec85f94f3ec8656c0a08fd90
SHA512 c0f138e64c7352d8436574e999e919555953f6f70a56605185b3a6059c4be9ae69306f9cfa1010fe97856daa3131f461aff114bfa161864635fd51578d15a470

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 f66be2f6aa8e49a3e78dd77b493071b5
SHA1 70e64cf19065fee8cb91560e805f9dc8ac375481
SHA256 692b983850051eae8883e7573919fa190135637688edfa1ae50431c773635fe1
SHA512 31de235517fb635ba5a3f0c18d29f022374d3837071ac61bf8c8cfb225f868df5e80042aa9b99482b8bf144757f3deae4a1547c33dad2826b92bd65a4574ccc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 8e6cd45ef6d28339099b3d53c1278cae
SHA1 b5a2775d6d0803c65b1cdd7ac1739faa26c677fa
SHA256 9912bcdf62fc200cf3238feada587c9da824a10dbac7c9558267c091c98f75e9
SHA512 410a8f48d907e383439d5708fde7b291d57a2a9c26d86bbbdb46564e0d0d88068bed454cc1a79049bbb3914eb700a8e07884e4ff508d1a17666bf3b374f085ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 cbd086f0c8ddb305c5009d431e31f35f
SHA1 7715b9f3b9597cf7b9885025631341bede5872ba
SHA256 d950601143a34bed9d8155d7f80abe92ca1a39a6246252288b3d54a7e9e6c575
SHA512 44b91e3a83d0b95e82cf95ab4743a19202094e939c1f2c4c48a4778df8c18fee1bfd21015786ca26b1bd42ba3c47d7f4594171b96dcf3d561e2202f197f7c7e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 c8993da98dda49696b5c867383242eb6
SHA1 5e630b37df7223984fddff7c3c46c370fe3be41b
SHA256 a618b2cfcfbc3f9d70e8c2ac2bb57fe7571ddbcd1dcc6b8b6cb4f9f8459c831b
SHA512 91d84de467e18c5e126dc81fd0b0c9d3dc83c969d81ea7310c27d81b9318cc6e11109875d5b359bd259ef269b4553d42da1eeb49bd74e6aa7861837a01c71403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 cbf3fc41e1427a09bdede836098e9c7b
SHA1 5f8c20842f2b4ff2bb9f921e304dc3e0f256be67
SHA256 c56739e1c03d927516425f1e57ab075735fb08d83d36b84070322ab7922b256a
SHA512 3fe690c1ab0977feb310212b306d3aa1f034d9941d930788c47daab3883824a335483fb44383ac28560fdf44d58151e2847289d4c65af47a43493b58c97c89df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d72e185424f47bbf_0

MD5 97a1847ebbee55927ae1d730bc9e535c
SHA1 5b7127bd658b694e03ca3cbef9a8bb095289e9ba
SHA256 50a59b429f2aa1110d2c01ae716bf659e1e3216471a2c2bc911da2a42a37adb3
SHA512 99ef13478c0355d2f557575d542b3b4e4f550563eeccb81ca00e4226ad60df5d8551daf0dcdcb4d5caf7e61616732acd74f75c15946ce54798c25d70cd19cdf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 37654667075da84142678472da150427
SHA1 86eed8256fa5424af424a740bf6da14f4de767e4
SHA256 a01e4de136ea033259503cfb806d4a58374fafd8aa9173a8b2fddeab26120d3f
SHA512 743175ca9205fb0ce4c5bcef578d7dcbf8eb2566dff49473086f2fe8f3343c7ba47f87e2be2b9d348a757c1c7ecf163c18db1630ecd85bb4901000a347be5d4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718cc3a9e092869d_0

MD5 bda559bbeacd14024a770bbc8234a76e
SHA1 4b74449de02a79f21afc7b759dcd302a5a8b53f0
SHA256 4d536aec3a47a5931533676129680c55e5d4740766ebd94d705fe71b13bd49bb
SHA512 d1371d2a319a7a8146b1e57e29b1b0f77256cd1df91561dfb91ae809861c4d4b6ba1d20eb08d23a8c90fec35c506757144676efc1ef76a6ac1e68f6e5c2eb85d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 dd3358d97f1f3e3981ce14658d0f0b25
SHA1 258b28d2502023f118703d43e5098281678fa837
SHA256 9568eb80fde597aa5453d6692ebd2cbcd9ce4e6174836b2bac98b0b9b4e1bfaf
SHA512 2e2c4d064cdaea0342736f08db694ffa7902997ca78e3eac83903e8bf00cd8a6d7fb0c3ac70fcbac57f40004be32be8fad6db658516aa644500a62588c0b8129

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 c9bfd70a805b35234efa8f6790eb39a9
SHA1 1908a360649bee678b9d0eddbbe47c9e44897d8c
SHA256 3af08741fcd9bb5f22752e06eccb368ab03eb5755c7df58a36d19c55a3d99c47
SHA512 794a0e36d53365bf4335b5776ce18965e18dc9f3d78add2e5d263a70551726b4a4db9842aab2dc73a479b94b952dd2e961e27adaf04123ed85aeb594ca9f8d77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 253dce804946167dce138fff887877b0
SHA1 fcc35fba155f5cc14a4d33e281a49aeac8c07611
SHA256 73c26b276aacb10f4ca9ea27e82ff15a61105d3a143f93dfd9a991b21a741dfc
SHA512 423395c4f4a1fc43f706189e83e4cdc1c1901987c4e027b1b25422d72cf35b038f2ffb38ab2da5fc5d041e9e10855f90eefc295ad4b1239592cc5db2bf9b9063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ead25eaebd1fd4b6a4659f08a6993973
SHA1 9c96e6cc4d74ec1a79b44f302fdd8f55b9aca397
SHA256 59b8e8aad1c1906b387fb6fbd73e4e0d322b15de60f0a4df4009a8fa29c45a92
SHA512 cb55471c98c4d57d980db764658da3bb781760153a95a30a3802b1062cb0ac7269fb22af8055f9ea9d057db3442335e1b0d2361905a6d5a8e8561f6773996b69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a7debde82bd5d0b22370913a2f7aa03
SHA1 8d1c81784709be9d46d86437a441e11b1227d7df
SHA256 e3eb5c3ef856a9c0954c3c4a646a12058dde415f2e4825ce62a16527ee007539
SHA512 5d76707dc0e15ceffa31fdb9af3db86c55af25e54b27a67af67a77e377e1ef6b014d6d4f94505dd49d21c69b606422cd62eaec11a4e94d5fda5784d1b52b0df2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b472dd546ed3f1878d0037b8cae7e855
SHA1 d3a4ad791ea7c5f6635aebf36e621ab1245c1baf
SHA256 8b522a7d95979516a2b2323a777dee30025792e60b13b54a63bd81d8aa2734cf
SHA512 9f410729092525da2dbcbb0b1d620d96197a29dc94bcc115d4e2216dd6032318d3d5192f07db39fd3116412e10c6fb41d2e026a5ecb4eb76f662e06c8811aa8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20072ff35fb545c97c42eeef6de0ec50
SHA1 f36300b291c9e3881f7e3ce00de1760b026eac8e
SHA256 57c076251cbc318f63404c5b219476f0c3d1725dce0abba4c7ed1b1c7ee7ec88
SHA512 476b5594469e99af9df30e84f493f3fb9ea50a14b1729af30998d8000fa36cdcbf8ebe79c1e1475ab67e6bc78b3e9214b7f4e7efd71d060ec053fbe1f376dd9e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4d5416e686a2472c40588deac2f639d
SHA1 1c6f88ef06bb7b8fc3702b021c8dc1cf9c6768d4
SHA256 6eea32ca9021ea606c60e9e0692ef3cf420b6e027a44af42cc78dc8877cb9bc8
SHA512 4ef8c80714f739fdd7e6fed245f6668f0794c20cb22385192798fbaec48e71811dedf328ef0605ade342a5f240f206680735b9a82fc75d04fe316d8ede1709fc

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86bbb939994e3619ff1f21a0048e3631
SHA1 44c0ff3bdcb033ae7884f6a61622b7ec281b799c
SHA256 65ae1a13dae7f211e0f617075ce3b33685d0e0427f3072e882122823d7544a54
SHA512 3c79f7e6008f0cc6b7b387591157f88c0919f7b7b7b4417eadc01f8295f3b07d81d9ce09a781c78ae8108ddae38880f23c594d659d755bed0c48917895340ee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8ddeaf8f7e137eb32a9eb50d359c68a4
SHA1 bd902d6cee3dd000b82d9e36830f3c9e3fcdc795
SHA256 7679f244d215462a075ab53026299931e107f17ac1909f9d843e09077abf47a2
SHA512 8d1268ee0f6e6969e4456e569795eb067895ef9076a40af8770ca7b482e4f4e02002f2097241c953e18f33efe10fdaa6a894065c0ab01984c3769d43f73d599d

memory/5516-3858-0x00000000030E0000-0x00000000030E1000-memory.dmp

memory/3476-3860-0x000002605E140000-0x000002605E240000-memory.dmp

memory/3476-3864-0x000002605F0A0000-0x000002605F0C0000-memory.dmp

memory/3476-3874-0x000002605F060000-0x000002605F080000-memory.dmp

memory/3476-3859-0x000002605E140000-0x000002605E240000-memory.dmp

memory/3476-3895-0x000002605F680000-0x000002605F6A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133637076655182833.txt

MD5 ae97285a370c3476a19b87d2776a4934
SHA1 6030061a8728b938a915292a825d096659963f72
SHA256 6e2ba47a6f8f40bac861be6b87268e086ce5ab003e879e80f355faafdaf0c92a
SHA512 f677ea03758ed9dda350a095c346969f162a5efd39ef3d69329aab9568a3d5a6960ac255b3b4db84db4303fea4daf3a59a56a05899b704b9e8ccdde702001126

memory/3476-4007-0x000002585C460000-0x000002585DD8F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4cf03d1f26b071002a89f264e19336a4
SHA1 3ab1f73fbc0119ec1e98b4c995a7c883f25c966d
SHA256 348429b5498b8af4008edf28a98f65effa0443e3ecd30d59567a638870f5cecd
SHA512 e9135967553ea60d02d9a888d5cd2875ad4cf292e73375af326565e7f641afcf8961a1fa8ce81f98cfc5aff0409644fdea6b4e67a7ba98492713f7e1407cc1b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 693ca29ead803d6ea8348bf7e04f1c18
SHA1 b36c90a51df5709ca462623fb20a7c0fc26f36c9
SHA256 1913b6513a504151b5a646289771fed6ee42097b242df1abfb0d864472801696
SHA512 4f3fa29dc8afc0dfa8f5ab451a578a3046b8b8c15c0ea24a8ebfb7d6ebbc523e3b5cfea9dddd94e9930764361efc66b356c76928b8b85c450e8dc541407d7d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 781c859568391acc4d047dd6b78063fa
SHA1 b0dda2e1bafb583d049d07bc8b633bdf56fac2e2
SHA256 e49913824ab09752c6767cdc542aa5c703bee2e416cb01f37e7cda9ba1457b7e
SHA512 612d985bf0eebededb46fc03420bbde414009a06fdd87f74fff212c9350ee2b873bba1e2febd88119840b8f8df0b1f6bc0e089683211e2b59a468d52a9848882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 faad19c9dda0ec5371c5fd7913f9a1b9
SHA1 641201c6cc880f4c2b677f062c7b2bb8c6b5e4eb
SHA256 11ae3eea429ed260cd128f89b4cfaa3afca449c2104ca070bde739cebbd73dac
SHA512 c3558d6660ceb45cb00f52c322164cae16a58805989dac9cb1f214c11c76ef159fee9030b6c91e690c7fe02aa497794c8e488231ea0ce79e3bece2ff4989fe4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 beb83a6bb93225d999ecf0f2213bdec1
SHA1 0c07d85a0a286b1d9100bee8c0ce1dff9c76cf4c
SHA256 6feafc6c85fd75950a59c5062664c09f16709b7d4b1d179f83e93588fac2a23d
SHA512 c61f7086616f2b2f6d22b2f91610bbabec26873f5c363d32eff572bbc0fadfb1bbc2204380ab85e0960a360aea538d52367fa7a784f404512a6e2e02a39e553b

memory/6640-4164-0x0000000004C10000-0x0000000004C11000-memory.dmp

memory/2108-4165-0x00000165DCA30000-0x00000165DCB30000-memory.dmp

memory/2108-4170-0x00000165DDBA0000-0x00000165DDBC0000-memory.dmp

memory/2108-4167-0x00000165DCA30000-0x00000165DCB30000-memory.dmp

memory/2108-4201-0x00000165DDF70000-0x00000165DDF90000-memory.dmp

memory/2108-4181-0x00000165DDB60000-0x00000165DDB80000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5b0aedceeb29c97a2b5a9f94c5d24d33
SHA1 668b8ee6fe84e17929e3724b18dc34d222b36789
SHA256 5d8de79653c6f6ccc16394e4a06ba5ab7b8294c7e2c10d75fc59cf406b501166
SHA512 fe6bf437e32b629a1cc73cb036ff0286977fe5c3f307da9ec946dbf668e2ba83c8af32a7df97d85132e457df07ba1cb7e268d830f3ac091d731b74990e7e8887

memory/2108-4329-0x0000015DDB000000-0x0000015DDC92F000-memory.dmp

memory/3512-4397-0x0000000004A40000-0x0000000004A41000-memory.dmp

memory/3536-4403-0x000002A51F6D0000-0x000002A51F6F0000-memory.dmp

memory/3536-4423-0x000002A51FCA0000-0x000002A51FCC0000-memory.dmp

memory/3536-4409-0x000002A51F690000-0x000002A51F6B0000-memory.dmp

memory/3536-4399-0x000002A51E500000-0x000002A51E600000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\WSEA9K3C\microsoft.windows[1].xml

MD5 a10a5315af9b5ec3f167c7c4344ab6c6
SHA1 4e80fd779c1f21ecc2803b08447b0aafbf7eb04e
SHA256 378ae674b3bd38b758bfc3e454467425f2481eef9c527a912088e3b541e31bb0
SHA512 db214e86079aa7ce528a4846654428a2214f005859c0c5624417574cf299d6262c7046f0d2047484ac168ae155f6743679caf7556adbf96a83b554b7b26f2fed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67dfdf55347b220822e0e16a967b0e6d
SHA1 54b9f64ce794644461aefecb62399bca6b5ed2af
SHA256 8cc823fd0244d6c5e79f56b1ebd60c267d38ada3874ec8fe3becc03f3018cac2
SHA512 16c825e320cbc274f0d4521434a2208f3dbb9bc3521e49f76b6c01eef0fff1cea9fef27a51b7dd9f91bf2eb76654b7477474aa1e80414f310b814e03bac573a1

memory/3536-4687-0x0000029D1C800000-0x0000029D1E12F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9c6eb7279c538f7b8f3e7f7bc4de4001
SHA1 cb29c62322991a886abc757f82f6e5fec2ba069d
SHA256 2bd29fb96b8b9788ab9b39fedeb94497f942f71381f3f445907a4c1244d50002
SHA512 1ba9df1ce6c994a8d295c272139a03c28437c7d13f6b9c70e26b37c4519790b42ae55393b05c715209e4bd2deaab514e6ac4dc9a9593ca213ef2979c7ee87c2d

memory/6868-4699-0x0000000004920000-0x0000000004921000-memory.dmp

memory/4268-4705-0x000001FAACD20000-0x000001FAACD40000-memory.dmp

memory/4268-4736-0x000001FAAD0F0000-0x000001FAAD110000-memory.dmp

memory/4268-4735-0x000001FAAC9E0000-0x000001FAACA00000-memory.dmp

memory/4268-4839-0x000001F2AA200000-0x000001F2ABB2F000-memory.dmp

memory/4104-4850-0x0000000004D80000-0x0000000004D81000-memory.dmp

memory/5776-4853-0x00000240E5F00000-0x00000240E6000000-memory.dmp

memory/5776-4857-0x00000240E6E10000-0x00000240E6E30000-memory.dmp

memory/5776-4859-0x00000240E6DD0000-0x00000240E6DF0000-memory.dmp

memory/5776-4888-0x00000240E73E0000-0x00000240E7400000-memory.dmp

memory/5776-4852-0x00000240E5F00000-0x00000240E6000000-memory.dmp

memory/5776-4987-0x00000238E4200000-0x00000238E5B2F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 811e61caad84662f5f852b63a7b4ef6e
SHA1 ecd271138666927e28c541f1d25e9ab882a5583d
SHA256 dd11f9b036c991f1c89e90b0ec7d1714ad74b64fab7473dfbf6ec4e5d052f938
SHA512 bcf62934e70ad99d2d7143adb812e694354fa89ab702ef45884b9e7811db5c3699ed1ac0f4da990bd2734f357863cc2e972368a7f06f64fb71d74ebe27db248b

memory/3668-5000-0x00000000046D0000-0x00000000046D1000-memory.dmp

memory/1108-5007-0x00000204F1700000-0x00000204F1720000-memory.dmp

memory/1108-5003-0x00000204F0630000-0x00000204F0730000-memory.dmp

memory/1108-5035-0x00000204F1CC0000-0x00000204F1CE0000-memory.dmp

memory/1108-5022-0x00000204F13B0000-0x00000204F13D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

MD5 55fcb54ef7ab593d2ab04f45bc3ea2a6
SHA1 66152bc306c961ae61054ee98bbfca7401febe28
SHA256 c4aa0285711bf0d9c13f701ccf30c9162c049ca5337f7ded0e0c575c5928f80e
SHA512 9a530ccb4f99f725f703540e5d4cd263520a058f9fec5ae5cbd7c21ffdd8e50e294df3b312c14d8d06c3cec74c4ec8b9c9b02afc5cf1b8f1aee407b0e5edc3e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e4ab241046b01819488e0f7ea0decc5
SHA1 b36817bf8352653e591f7eb77cf59cc47f14ce43
SHA256 3fe1d4477936fc2cfe6b132fbf377d50bca8556b111903eec40adbe96c6c1640
SHA512 698b3cc797d93f373b2cc5af4fc6f29fdd3355200122775e0f7e455de6ea3d9ca2b24b1626050d8825a31682c6f40d3cad35c498692137698dffb3544e670a8c

memory/1108-5227-0x000001FCEEC00000-0x000001FCF052F000-memory.dmp

C:\Windows\System32\drivers\hitmanpro37.sys

MD5 34f05d9fc43ce675ba52a923e6cc1b9c
SHA1 f2b7a7fa9297f8a022b05c986571bfad3a678659
SHA256 f7469414cecc4ab0e7cf9cfd0fd8f73870cee0ac6ccfa0f7ee7ac27cfb980354
SHA512 c8cb1523480ce71363e0ea6228606725561d6d6bd0abe18ad5a167d5c44cb58f0b4df9c16ec8e2a337cb3fc6dd5491883e6cb1284bd271084004b97c16296d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46e5e03326bac6c037c1b9f4a8af08a7
SHA1 c986423338312b96dbe6720653c2fa1d958e78a4
SHA256 3b8fa950500a78250aa5e7d63d6363e1feb74cdaa89c1935d3f41d4df934405d
SHA512 1a3220576c0a80b2d7ffc54dc84a04e70f9e9241999308a12f755c1292393500608880052e6ed67a1fc55b5b324d91ca93ec37159386f932b39d3e9c48ffdf05

memory/5036-5266-0x00000226AA000000-0x00000226AA0A9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7aa6407cb534f4b39596bbb53f3f198f
SHA1 bb6e190605c151fefb5d03bacb440793965b7898
SHA256 b133bb54260a389b77eed0cf782d4ef61a7f5e9388b8e03d3fe3d078ddb6af4a
SHA512 2ff2813cf95bea60ca98959d54b0c237619a14f8b2094540dba85cc811dd0a53956514f1767058c8236550c3c6e4dd017634caf5607e49bfbf9f413976126e9f

memory/1108-5285-0x000001FCEEC00000-0x000001FCF052F000-memory.dmp