Malware Analysis Report

2025-01-22 09:12

Sample ID 240705-kr4kkaxhqb
Target https://grabify.link/2AG3WO
Tags
redline discovery infostealer persistence privilege_escalation spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://grabify.link/2AG3WO was found to be: Known bad.

Malicious Activity Summary

redline discovery infostealer persistence privilege_escalation spyware

RedLine

RedLine payload

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 08:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 08:50

Reported

2024-07-05 09:17

Platform

win10v2004-20240704-en

Max time kernel

609s

Max time network

610s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://grabify.link/2AG3WO

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e5c92f1\winzip28-mf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e5c92f1\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\MicrosoftEdge_X64_126.0.2592.87.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e5d9de8\winzip28-mf.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\sk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_lo.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\copilot_provider_msix\copilot_provider_neutral.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\is.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\delegatedWebFeatures.sccd C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\MicrosoftEdge_X64_126.0.2592.87.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\elevation_service.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\icudtl.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_gd.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_fr-CA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\ug.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\show_third_party_software_licenses.bat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Mu\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\mt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\ja.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\msedge_proxy.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_cy.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_or.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\msedgeupdateres_ga.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\identity_proxy\win10\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "143" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID\ = "MicrosoftEdgeUpdate.CoreClass.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e5c92f1\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\winzip28-mf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e5d9de8\winzip28-mf.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1552 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1552 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://grabify.link/2AG3WO

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd43f5ab58,0x7ffd43f5ab68,0x7ffd43f5ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2712 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4836 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=936 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5088 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4976 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4212 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5076 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3260 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5148 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5344 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5568 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5856 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6416 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5716 --field-trial-handle=1716,i,14165640152040701843,3886405780746638493,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd43f5ab58,0x7ffd43f5ab68,0x7ffd43f5ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4668 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4892 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3076 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5288 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5496 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5628 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5008 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3500 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6344 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5024 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4188 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4772 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6320 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2736 --field-trial-handle=1748,i,13090621193370372882,800101953005795857,131072 /prefetch:8

C:\Users\Admin\Downloads\winzip28-mf.exe

"C:\Users\Admin\Downloads\winzip28-mf.exe"

C:\Users\Admin\AppData\Local\Temp\e5c92f1\winzip28-mf.exe

run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /install

C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUA0FA.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0E2MTQzNzEtRENCRS00QzJDLTkyNDMtQTYxRkIyMzVBQUJEfSIgdXNlcmlkPSJ7NENDN0QxNkYtRUI3OC00RjdFLTk2RjQtMjJFNjlDRkQ4MkIwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRTZDRkMyRC0yNURCLTQ1MDAtQThDQi03RjkzQUJDMDE4NzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny40MSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwODM1OTAwNDciIGluc3RhbGxfdGltZV9tcz0iNjI1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{7A614371-DCBE-4C2C-9243-A61FB235AABD}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0E2MTQzNzEtRENCRS00QzJDLTkyNDMtQTYxRkIyMzVBQUJEfSIgdXNlcmlkPSJ7NENDN0QxNkYtRUI3OC00RjdFLTk2RjQtMjJFNjlDRkQ4MkIwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QjVCNTE5MTMtN0U2NC00ODc0LTlFRDEtNjJDNzEwMTBERUE3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjAxMTIwMzciIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2NDU4NDI4MjQ4Mjc0MDgiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDkwNjIxNDIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\MicrosoftEdge_X64_126.0.2592.87.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF0539DA-9849-4847-830D-A3B86E56C87F}\EDGEMITMP_E4FAC.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x22c,0x230,0x234,0x1cc,0x238,0x7ff6b360aa40,0x7ff6b360aa4c,0x7ff6b360aa58

C:\Users\Admin\Downloads\winzip28-mf.exe

"C:\Users\Admin\Downloads\winzip28-mf.exe"

C:\Users\Admin\AppData\Local\Temp\e5d9de8\winzip28-mf.exe

run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0E2MTQzNzEtRENCRS00QzJDLTkyNDMtQTYxRkIyMzVBQUJEfSIgdXNlcmlkPSJ7NENDN0QxNkYtRUI3OC00RjdFLTk2RjQtMjJFNjlDRkQ4MkIwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMDM3RTYxMC1FODFCLTRBNjQtQjI1Qy0yMURCNjhDQzQ5NkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi44NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODEwNzgwOTcxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxMDc5NjUxNTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4Mzg2MDU4NDE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iZGU2NGY0Ny04ZmEzLTRmNmMtOGJjZS1kMjc0MjQxYjZhMmI_UDE9MTcyMDc3NTU1NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1KNUtzRk9XUXNOQTV4UlJ2V29WelI1S1EweXBXT0d1bmtubE9ERzRzUW9Qb05jd01va1loSG5MSUJZOVhmS09Dcm1vaWQ3UmUlMmZ0VW1OcXc3YzNrSnFRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczMDQxMjI0IiB0b3RhbD0iMTczMDQxMjI0IiBkb3dubG9hZF90aW1lX21zPSIyMTUxMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzODYyMTQ0NDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDAwNDMzNDEwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODM5OTU0MzUwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTA3OCIgZG93bmxvYWRfdGltZV9tcz0iMjc3OTQiIGRvd25sb2FkZWQ9IjE3MzA0MTIyNCIgdG90YWw9IjE3MzA0MTIyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDM5NTIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Valorant Hack\" -spe -an -ai#7zMap18838:88:7zEvent1129

C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe

"C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe

"C:\Users\Admin\Downloads\Valorant Hack\ValorantHack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault645d136dh81a6h4a43hba9dh4ab21ce0b1f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd343346f8,0x7ffd34334708,0x7ffd34334718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8403720138093649332,14358801204096525598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8403720138093649332,14358801204096525598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8403720138093649332,14358801204096525598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf914c80dhb93dh400bhbb4ah82e26b1bb312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd343346f8,0x7ffd34334708,0x7ffd34334718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18390648230666986664,4359142353541854987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,18390648230666986664,4359142353541854987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,18390648230666986664,4359142353541854987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3883055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 grabify.link udp
US 172.67.68.246:443 grabify.link tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:80 roblox.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
HU 52.84.106.10:443 static.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.12:443 js.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.59:443 css.rbxcdn.com tcp
US 8.8.8.8:53 4.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 10.106.84.52.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 12.242.172.18.in-addr.arpa udp
US 8.8.8.8:53 59.242.172.18.in-addr.arpa udp
FR 128.116.122.4:443 www.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
HU 52.84.106.30:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 88.221.134.235:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
HU 52.84.106.30:443 roblox-api.arkoselabs.com udp
HU 18.172.242.59:443 css.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
HU 18.172.242.126:443 images.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 30.106.84.52.in-addr.arpa udp
US 8.8.8.8:53 235.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 126.242.172.18.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
FR 128.116.122.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
FR 128.116.122.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.180.14:443 sites.google.com tcp
GB 142.250.180.14:443 sites.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.187.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.180.14:443 sites.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.22.74.216:443 btloader.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 172.217.169.78:443 translate.google.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
HU 18.172.242.4:443 cdn.amplitude.com tcp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 4.242.172.18.in-addr.arpa udp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
GB 142.250.178.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 130.211.23.194:443 api.btloader.com udp
US 52.43.141.4:443 api.amplitude.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 172.67.142.121:443 g.ezodn.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 104.21.87.79:443 bshr.ezodn.com tcp
HU 52.84.106.27:443 tags.crwdcntrl.net tcp
IE 52.50.240.62:443 ad.crwdcntrl.net tcp
IE 34.251.46.222:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 74.125.71.156:443 stats.g.doubleclick.net udp
US 104.21.87.79:443 bshr.ezodn.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 172.217.16.227:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.141.43.52.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 222.46.251.34.in-addr.arpa udp
US 8.8.8.8:53 27.106.84.52.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
FR 13.39.145.251:443 g.ezoic.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
DE 141.95.98.64:443 id5-sync.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
FR 99.86.95.82:443 cdn.prod.uidapi.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 oajs.openx.net udp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 82.95.86.99.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.smilewanted.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
DE 18.157.230.4:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 142.132.249.188:443 ghb.adtelligent.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
HU 52.84.106.117:443 hb.yellowblue.io tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 51155b6e37c6adbf78340959205f12c6.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 51155b6e37c6adbf78340959205f12c6.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 117.106.84.52.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 download2287.mediafire.com udp
US 104.16.52.110:443 otnolatrnup.com udp
US 199.91.155.28:443 download2287.mediafire.com tcp
US 199.91.155.28:443 download2287.mediafire.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
GB 142.250.178.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 bucket.cdnwebcloud.com udp
GB 142.250.187.230:443 s0.2mdn.net udp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
HU 52.84.106.123:443 bucket.cdnwebcloud.com tcp
GB 142.250.179.226:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 28.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 123.106.84.52.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
HU 18.239.255.56:443 woreppercomming.com tcp
GB 142.250.179.226:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 neural40.cdnwebcloud.com udp
IE 54.77.129.199:443 neural40.cdnwebcloud.com tcp
US 8.8.8.8:53 199.129.77.54.in-addr.arpa udp
US 8.8.8.8:53 56.255.239.18.in-addr.arpa udp
US 8.8.8.8:53 www.chancial.com udp
US 104.21.79.34:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 35.156.44.176:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 172.217.169.78:443 www.googleoptimize.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 34.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 176.44.156.35.in-addr.arpa udp
US 8.8.8.8:53 www-static.operacdn.com udp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 61.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
DE 35.156.44.176:443 www.opera.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.180.14:443 sites.google.com udp
GB 142.250.180.14:443 sites.google.com tcp
GB 142.250.187.225:443 lh5.googleusercontent.com udp
GB 142.250.187.225:443 lh5.googleusercontent.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 104.16.114.74:443 static.mediafire.com udp
US 104.22.74.216:443 btloader.com tcp
GB 172.217.169.78:443 www.googleoptimize.com udp
US 104.21.63.106:443 www.ezojs.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 54.71.186.72:443 api.amplitude.com tcp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 172.67.142.121:443 bshr.ezodn.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
IE 34.252.32.189:443 ad.crwdcntrl.net tcp
HU 52.84.106.104:443 tags.crwdcntrl.net tcp
GB 74.125.71.156:443 stats.g.doubleclick.net udp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 104.21.87.79:443 bshr.ezodn.com udp
US 8.8.8.8:53 189.32.252.34.in-addr.arpa udp
US 8.8.8.8:53 104.106.84.52.in-addr.arpa udp
GB 216.58.201.106:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 72.186.71.54.in-addr.arpa udp
DE 79.127.216.47:443 c3.a-mo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
HU 52.84.106.117:443 hb.yellowblue.io tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 prebid.cootlogix.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 206.189.233.111:443 prebid.cootlogix.com tcp
US 206.189.233.111:443 prebid.cootlogix.com tcp
US 206.189.233.111:443 prebid.cootlogix.com tcp
US 206.189.233.111:443 prebid.cootlogix.com tcp
US 206.189.233.111:443 prebid.cootlogix.com tcp
US 107.151.11.18:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
DE 51.89.9.254:443 onetag-sys.com tcp
GB 142.250.187.230:443 s0.2mdn.net udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.187.230:443 s0.2mdn.net tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.teads.tv udp
GB 2.18.109.35:443 sync.teads.tv tcp
US 35.244.159.8:443 us-u.openx.net tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
GB 142.250.187.230:443 s0.2mdn.net udp
GB 142.250.179.226:443 googleads4.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 2.18.109.35:443 sync.teads.tv tcp
US 8.8.8.8:53 322cd912eb67b935a54fc3865bf68412.safeframe.googlesyndication.com udp
GB 142.250.187.230:443 s0.2mdn.net tcp
GB 142.250.179.226:443 googleads4.g.doubleclick.net tcp
GB 142.250.180.1:443 322cd912eb67b935a54fc3865bf68412.safeframe.googlesyndication.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 111.233.189.206.in-addr.arpa udp
US 8.8.8.8:53 18.11.151.107.in-addr.arpa udp
US 8.8.8.8:53 35.109.18.2.in-addr.arpa udp
US 199.91.155.28:443 download2287.mediafire.com tcp
US 199.91.155.28:443 download2287.mediafire.com tcp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 track.wargaming-aff.com udp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
US 8.8.8.8:53 track.wg-aff.com udp
NL 35.204.130.99:443 track.wg-aff.com tcp
GB 142.250.178.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 trck.wargaming.net udp
GB 142.250.178.10:443 translate-pa.googleapis.com tcp
US 23.227.151.242:443 ghb.adtelligent.com tcp
LU 92.223.23.231:443 trck.wargaming.net tcp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
US 8.8.8.8:53 99.130.204.35.in-addr.arpa udp
US 8.8.8.8:53 231.23.223.92.in-addr.arpa udp
US 8.8.8.8:53 lms-static.wgcdn.co udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn2wotcom.gcdn.co udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
GB 93.123.11.62:443 lms-static.wgcdn.co tcp
NL 93.123.17.254:443 cdn2wotcom.gcdn.co tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 tenor.wargaming.net udp
US 8.8.8.8:53 163.51.223.92.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 254.17.123.93.in-addr.arpa udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
LU 92.223.21.16:443 tenor.wargaming.net tcp
LU 92.223.21.16:443 tenor.wargaming.net tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 16.21.223.92.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
IT 157.240.203.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.213.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
GB 216.58.213.2:443 ade.googlesyndication.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 store.winzip.com udp
US 104.16.243.229:443 store.winzip.com tcp
US 8.8.8.8:53 www.winzip.com udp
US 8.8.8.8:53 229.243.16.104.in-addr.arpa udp
GB 23.214.68.208:443 www.winzip.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.248.203:443 unpkg.com tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 installer.corel.com udp
US 8.8.8.8:53 download.winzip.com udp
US 8.8.8.8:53 208.68.214.23.in-addr.arpa udp
US 8.8.8.8:53 203.248.17.104.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 34.197.152.105:443 installer.corel.com tcp
GB 92.123.26.160:443 download.winzip.com tcp
GB 92.123.26.160:443 download.winzip.com tcp
US 8.8.8.8:53 www.corel.com udp
GB 23.214.68.208:443 www.corel.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 105.152.197.34.in-addr.arpa udp
US 8.8.8.8:53 160.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 cdn.optimizely.com udp
GB 23.44.64.144:443 cdn.optimizely.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 144.64.44.23.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 www.installportal.com udp
US 44.236.1.89:443 www.installportal.com tcp
US 8.8.8.8:53 89.1.236.44.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
CH 185.196.9.26:6302 tcp
US 8.8.8.8:53 26.9.196.185.in-addr.arpa udp
CH 185.196.9.26:6302 tcp

Files

\??\pipe\crashpad_1552_AYZUPJKDDQIAGYVL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b1fbbacb7b5ecdd4c66f9b6400623789
SHA1 ff689b2fbd2ea25a0a522e74b2951ba6d6bab8f6
SHA256 4f30c703cc0df1f0b57208be430f2dc4164a0169eb3030f5e28285c07698266b
SHA512 d067018cd74bfc885641bb9b1d3c4c1129f8e942826b8d51ddee95feeaa74994f7ef8f25ad00852de51de548b1f15d5c580e6b1362fe06d9a357590d2e3ad4d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 499b42713b194ca15279c89b27017473
SHA1 a3fdf6f6914cb2809c3536c1d4f9644bd360a3b7
SHA256 c5f959bda8fc60acf8bf1f7aa42ebc96c323a1b082ce425e32c8a769d2701a0b
SHA512 6c76b9ac533622e1bb24f7379013d76a2dcd7ab91c18183eb5a999c557580147cae2e1219f25d51b6f66620a1010c5af5c69c7719b7ca07c5b8957507d6b66d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95a1cababd411dd330e6ec332aca47c0
SHA1 b746a0bb3f003468e89a7d1c6628a86f4c34e96e
SHA256 a497382cd8d77fb2b921839cbb96c47ebccbc6c9265ad7609bcd31accdec5df1
SHA512 6cf2272c2e9017c3c94a6aa9cd017f0f6e7efd0da0815912e8123b996d596877a11d9650ef64403af602ade9651c03748159202e2e8a2777704ac02b4f6e1387

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8350b12d9fa096ca724a4276fb0e6ae6
SHA1 a2af4080cbdc19592faf3902368392f059967f57
SHA256 330bdb0155b0aa0b7632b99580e52683b7f5b8bcfaa505f195709dda722f482d
SHA512 6113b7d3a392bb5a59417a9e4845015b79bec4db88709bb3147ace646503a73c07a4693cbfecd078028b92f58435e6ea60089cfed14a6f5fd45a6d2c4d81071e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b39217014848c73bbfa01950cb115e3
SHA1 731519a35711d25763e550f836cd74195fa956a0
SHA256 33658a5ce7ec2c2efed3c05e89a57d419da4f41905fdacd3de93f39bb7137665
SHA512 0199c81c6a07b78dd607109d0f5545dd196d434fe70e889101c890f2966e5c17857b45f8ecf1fe16194d777ac79e62ba36b6264b5c107025dc71115e77ca1fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b8fd15ce40cfee715351730109dd488d
SHA1 96601f04d54b06abd406ece844bb17049ed42840
SHA256 8a94b9491b1c628d32ba004e12dadc34fd4d71d469de6f051f4eb430f60a53ff
SHA512 d89e48a896ed057390a73cc59386ee3b289683a1572b1733290b664d860b682bc12fd65605532ea2627b554030e901e3fb6b2378a3a750e5c7da7707c2fd54ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 72ba8f1e54faad31315613809ea26c80
SHA1 04740cf2d9ffb4f9453caee4fc0a210ea13af6d2
SHA256 fe3dc2457b90aafc58ac26ff197106a0d61f3f0562f0d5428572d44aa9cd8e9d
SHA512 2b4a47749e02683420e20f7947e5e1e50fd900f558e37c68e42af5441283f0235e82f33c8dfd56075b8bc348afddc243cdb58c72267e9438d45a313b42c1237d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48dfe88d7c2db1ac84b9cbfeb165fd20
SHA1 a07b74e0c2d509b0d73ae6784cbbb164c5dcd1aa
SHA256 954bb796b82389142362b6d82d1588d6c429646880a9a6ee927f52ac2d8481f8
SHA512 095b1195d3c09695d2e5479a0b487d9185f1c671222c16e20917ecdef21fda32bea0722f0b2b097c1c489c4590b3a6e6e9ad976adf072e18a51a756c57d96179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a4b44b250d24e2d55524b4d7a66d42ee
SHA1 f62120110ca80553ab1ec69f30fe7170baa7cdb3
SHA256 1cafd73c3b9f9e62cdc910f26b1b3127823ef71dc0f896091eca4b7135dc187a
SHA512 9a082e478f987cc46e3814c0dd427356d21dc84f5fdb547c17b1af32355c3ed42556bf7a8a4248ece7fe1bfa24e46554bf69e21244753d19a3a6ee6ed38b8475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae0a6c2fc70c3de37229571d64670750
SHA1 7d3e888aed386deb2a56ce6b49752806b1941223
SHA256 3b338b730dd2a029b9b3804e634f1d4d97a79c8adc9d30c44204b0e2795944ad
SHA512 46ad051df6b6530dd93de510b090ae32904a2d4d69a26e049bab7316d7f127ef6e579157406d7b8a5a74d1f6795db1546abe3b04c0d350b380c415598a77272f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ed9e78ca38fab223dccc8ca0339878a
SHA1 8775dbbd1a1494befc1dbb2b2a2a23a31894472e
SHA256 a093a0929e8d333db834bd6264858cb163c283ea0737e5b796c5e553c9e0268a
SHA512 5d44c0dd9036b58928d61d62f4251394e851320cc63138f381aa2c222678ed7758d7b9ca1f78f31074d184843433e22f43fb47699e55c927025173dd65d8b7ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 10e692cf6e5f06bcae63a20571ac86de
SHA1 545c7928becd1e9c6812dfc6fa860ab715764da9
SHA256 dfeb6e1665e1e5c2cb254664b6d3244ab2a616116d04533ee960ff7cdc450bdf
SHA512 e703e63cdf27f4dbc638a599e7c22146c35417c6e251143d3dde4ddbccc97f2a7defaa72390cd54ea618e5c0a0891e2a3fd438a305a7f2538f34a6cf5aa6bb4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2f386e4a6ec495fa26a95b22c6d7be44
SHA1 16145e8c55aa2823f2a9c2596dac7469e3d4b76c
SHA256 ee363961ffec0e4ea07ff4079890cd955d6db3832822c85cc9f1219d300491e1
SHA512 cc610fc6a38d0e84305e0777542742e350fe6c63e94a3374659456b5c263f39f3824a39ef2f1b077c1325e8cf7f42268decb7735075b1b57491ad9373133d455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b0ea2.TMP

MD5 f421dec1f32583199c5497e440a4935c
SHA1 d0e8fe96e37ea877fadb1d93747ed7a77b730917
SHA256 9416e1e202eafd66bba7eeabeabd8a0665836a5c8083553ff2d95ed749eacbd9
SHA512 597c99569bb233f527549b71ac1ae69e4f89d6055d4b84e66a079a82bb9433a2b7f3c5f64c9d4961d273d9a39a3cf663b8f46c67c303900d1a5a9766ae12f3d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3916404aed91fe2e4567e63f5a1d049d
SHA1 37d6c6609bc46af6ab9daeeb9fd6df80af978a6d
SHA256 c3f8325c42c39777d0af280e67335268403fa9e4b1303f4b7c15ec0cac229741
SHA512 0f47f8a7796ac77dfd6a4e253b08f5a7799ef38204ef16bc62f0dc166fd51e0ae8b10aa808881a90c25fd9c5b4e2b918901468be29d41a17f89a4f74d48c169c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e73c230869ffd1329db47fe833c67ce
SHA1 d8438ce3dcb9e27d2ef29462a2c16054f5f51420
SHA256 46f1994a780634ab3e3db8d7efc1fb26d9964e441300616f5b98e518de222107
SHA512 959ba21fc548fdaeaeec3eca6c7feb99aa8870f3d117d0b60406a396d783df7e626ae73e489ae9626401bef5c5f7657f2df9e2bb57c8eec41b58c8447f0bfd2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 39b7e0d992290c41da06068bfbfc7c77
SHA1 f6a4d0d93047d6cadf48b2bb752f89bc9bbf6806
SHA256 92d3d1073c33cb7ee8711bde6ac3c519b2b5f0044e5a2582aba96b14ccfef01d
SHA512 c67131ea3093c9863d3c7dffc37cf54d4b17bee7abae3fda9195535bb8a736ab19115fdd14591c7fd1966014891f9b140b8763695a80207756bf01c534388a1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 12ca6cd89247651b4da95e372c755f11
SHA1 7537a34cec87da4b3250927fd8eb45bc2ddfab6d
SHA256 a2aaa72a8c73d7e7c1202fa0e39b783dbe5b9f385ad9f4be732c1b0901beff88
SHA512 a1d972fa4d745a3fbd1c9eaae388c72094e61ba6d5f87947e5e1467a91e0edf4b083f4bce33f52371042664a21bfb9aa55e2019c954946c014144bfc45ab2c68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0de040121da60d9b0c30038e9e20417c
SHA1 670b738170908ff4ff1bfad9f62ee27f4a2306da
SHA256 efd26d9a7ba3cb1b6f36039a54644ba1ad1c4a5f3eac79cc59c33b9a7e8dda1a
SHA512 e888a9173cff6bf84ca7ef2a17ddd0f8fb03d8c42f18c2f6e4e47fdb552d04066e8409c28f184b1bdf74d96d31587b18937078b74c8cc8a1e896ece66e2e5943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 1030d0994c68044a5086bbd3f66d4b78
SHA1 aa71a5d7d0a72a86db91a185af0e7e148982d610
SHA256 9babedc60618dac0c649e687630a0a48f603932817a2282d8bd2dae6cd06bf98
SHA512 ed7a5fc22db88ce1c1be3c9d0c54e2da24c42f7b86ffdcb0174cadd0ade82d4084b91258420fc571bc0203e0595494cb9f61c339348103b9b92065d5ecc85772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d5bb2d6c6b23aab384936e679b70ee46
SHA1 99526134dd295878c3b67ce21e8203d5858c9a55
SHA256 6c92dd0478e51c6e13fdbca953d3f1f27c65a26518dbb73bcf8b2cc3e805a60c
SHA512 35a4548226dd4e797db6ac84fd57b42e88859824275d216a212bad9c89f8c3ce59d734b387267e3651ffcb84a66cf656c81c6f04f8a1871548b6518cf8a96590

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a2f4c28f37a70f2e1d3667b823a76b1
SHA1 41deb760c8eec5de3816726d62ae1526d3d41c2a
SHA256 f8927f70b541dcd5e4e990a8122d3b95a5cab8e16b1504f4f732561d6890251e
SHA512 e95fe36e44773ca386a6ea8683545788e04c841cebeb02cbda715f6b184ec8ae7911e775b5f25d03e28f2bad59ed653a60b7a90f0fb1b739d256ae1d8e634864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed03542523e052d6a423e9b8c6ea549f
SHA1 2565d4596831d23d60325dc360d1ac3637177d87
SHA256 ee83c7d4d5847ac41fc3bd9a4573d2201ae2e878d63852388bcd0ad8fe6cf232
SHA512 ef617e2600bfce7aeb576174812e189d841c47fe07311c65f94ecd25889d6d21b5110132b15af79ae8e9be77f4d35df10345446fb598951b6708505bfa1dfd26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bd0c585b8b08823292d05b7b7272bbc
SHA1 3cc49404a0ae432a60d9b07825da231822baad23
SHA256 ada7f73e28dd932c727949945e6a4b2e1131c107fbb21a961999641e7137a496
SHA512 0ec958adc3efd4d9c7765225a3e832520b435977e5e6816211478dd0993fb4e380bb405787c32cb806b1eb3d6f1fb3fae5d731c7c130eeeac8d2019af5afdc68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1f00019b776f64f6f3529173eae601f
SHA1 362ee8244ce3e4d18ea943322f917d2497f950fe
SHA256 7e4c73383b0a5c48d95a620322746655a622d21825b6382432a64bd7bd82ff5b
SHA512 843471e85a96b8da6a2aef1451e47262cabc854ae104266100273f2ee8f9293cd3408526ef49f20c68422978ad3138b85081fcd1e6fcfb182f2f2bcab0cfce67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 597e00505c4e1015728e802830d5730c
SHA1 ed0d810747153ccdb0b06da60c4844cb9424f4d4
SHA256 0e2f68618234720951bbb707df3b8dd6b5998790f8de21b8df81dc000882d0e4
SHA512 b847b573987d18c5e0da8b83ab2cb3154f2521e8e147e6617373a301c4abedae6d1eb7ed767d75b80580527b5fbbfba46f1e76bfa1ce798d4b268685d0d17219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 2343eb572cde3a8d722077838515af32
SHA1 fe311e96ec29bd581cc6c2c260e738940480a224
SHA256 301e5810b09d911e513f31fb97bb457eaf4451a3735f7ab3256be5b3877d7aa9
SHA512 375143065fbf537db09e7cab8353acc636cc7898f4b896b238be2310a879c0395b3784f68f0def2a907ec3234c497cdaa0a8fc6e5ae600e3b58a05bf206941d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 746ff580236c1a0c9b1757d9d1bf1a94
SHA1 49d504079fde6a43d797ee7fd079e6acc29560b0
SHA256 425dd31f2c2fce73f0800eeed2bf3fd7b07a050bacd1a8c86cca2d3038f2dff0
SHA512 91462dfea4676066f34c8b0fefc906630782bb4e10528c5d6381f00d796f0d6574aa6915e36eab5d237d7fc0a93c0ea2daedcb9a9b2ee46dad05c1f46e6dd6b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 60df02cbc9b6a531c2d3cf32025a4dc8
SHA1 71ce31d6e0f59f98855a01b3eb9a37a86352189f
SHA256 2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d
SHA512 cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 f1cad4800853bba09a023250de102801
SHA1 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6
SHA256 e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b
SHA512 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 a1852b5323e1e4948f64c40799dc605b
SHA1 45799a41d7d105ecf1f20ddec0b858f0023701b0
SHA256 3dd244b14869619ad7208852d0cc32ca2ba0440bca1ca593280710c91e40a2c5
SHA512 83ff1136339dc73e38444fc3f9e778b007245979c43d5e0bba0c4261489cd27004239b760fdd6ea462818b5a348c8f323b854df5a8116e1bcab23abab185d1b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 af433e6a65a18856a23c392ed1d896fb
SHA1 39fd3d21431fd1fbdceb96adc85866e7822bf4e3
SHA256 b145161eb8f4a58979e90ce9667e3ffe1d8690ce45235064d02dd8abe2848508
SHA512 af614f6722a26f5545da2987177cf5bd01b93d2b3db7193fe6d5b661a0cd710c3665d79103856c6bd6d46017cab6bfbdf2ab333a161f103cda7e32a748bcb9b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 d5ec7aa896024ba39e86a90a5b54ad21
SHA1 c71b571593089a5b3e0572a0a521e3403111a837
SHA256 d4cda58a844b6ca09fdfdcbf4b646799978192e60015855e1664630768ca02d4
SHA512 557ea062755137c20ff449e5426d2b689d0f6b53048e0980e8151fd4822c2ea3ba140567af86f88aab55dd2242bc24e44cb18872254392250d0d3c5adc70de02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 b4ee14c921b507ce30b95ed5b1fdde1c
SHA1 c1f398dc5590849bd9b1cb6f021227b4c7dbd0a7
SHA256 da989b8b56c7098cbb64507a143b2d7486b345782a2ce505ea0fbcd05fbbca9d
SHA512 f19413de7c30590e36b56e51d2c4c4dcde6be71478cacd539a0867ca50d4f994b8a5c394161a394628969581bd37de95c9e23974631d48817f2df0b1609d6180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 1b219ce0f6836215ca58355774a57582
SHA1 536b5def28120e8159d3ce8cedba50890c4ce0a9
SHA256 d67365e79c90c42da9380607ca24e97d988475a79cc5cc9fc7b779a0a600087c
SHA512 4858e922d299e7eb1740da5652287f2c70860d681346e46499e974f3cfd19e4148b7d14f215382bf9f14d405360730b825f9c3ff784d54c0de70e356f09f117f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 5856e4918f648815ec1e6b8139255ac9
SHA1 f8c0b6487381489915adcacdf47fc062fa2f9dfd
SHA256 2b8eb85228f25ff08fc65eb060c2825362543d0457e2ab4c1d4a5b793dba97d4
SHA512 3237a80b3566889831ebbd730a62230cb288a4bc30fded9a3553b9ea676cfda9d26ee9216b37a47ff3f863c2823cdeeeb54a1f5deeaa43ee0622db6593eb13a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 9e7ded318570177d564d0b009cc90497
SHA1 a403f4b48448c2ce208a354495a4813869498101
SHA256 ab6220f3c2c1b559928aaf11231d577b72cbc0697c912943b4f07b0563f33866
SHA512 810323258a33c18af7d7720e72e7ff323d4a088c37d7997d863d6895e4344b8e255cdec20104ad4e01166637a3955478273a97851e5a3c3bbf934f40e0795d04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 dd8f2b86cd2d7bd64ca691cb98fb3ac3
SHA1 3861f8ac1ed49812dcd430daff361aa77715840d
SHA256 00988b78bb1b7fc4c344747b8e4a2e802446f1b8b5efa8321704eeb23af11bf8
SHA512 339cf39bc769983286d28428aec0b009a98ffe04d04fea950cecaab177c6f2461de3d538113516ed7fd9cdd189909fe63ae02cf500eb3115953dd72935ba8452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 ce179f88287dd6a927a057013eea2afe
SHA1 ac4907f45c1567880a5e603b0a213811b8d9b508
SHA256 287b86a8c45c95034d1c6946b3376f8663da30b8b9a092ac645dbeeee0bc30af
SHA512 74faf89319642c89d84fd4d3815e039debf72cbe75d1a61678a567b8b989de260db774e26b483a06cd2337b9944cbbc36b310ce510fa8317aeb31d4fe26505b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 0064dee6b4410db6846614fc7c58a7b8
SHA1 6b71c405a47236ba3b0a333b747effeed8258997
SHA256 2681b7e8471e2522539e846bb105b03318875b9bf259b9161bc95d2b473c04e3
SHA512 0812d0df23ede29d571928f3a6a4e89bc5815960f52915fe5dae60be8fdd6167532dd12c344bf433d51c3cbebd8ae08a725a74ee4419b6804f527497f76ecb5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 24f08aeed58183c7a705990764bc92ce
SHA1 1b7801a43fa54668debeeac99d954bd6b6c0e66a
SHA256 0dfbebd47a5e9ea04463a34952ef735d6c89ecb4d1df329bdb75fcc7548cdf2f
SHA512 3b6145cc1f30c738f7d706fa18aefb7ab681a63134504dd8978d0000414e49e99e9812a4b340bba4fbb6b56afbe0630bdbd1dff38f3355b5ac9c760a433a3c63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 658d51b97922b7db113cc94345924b67
SHA1 70f18e617a981ddfc8cd9d3acee03d0f5d7df55b
SHA256 e73402dde8111a29dfb725ea97557954faa6a234a3b0a83cef52b9639f39c52a
SHA512 708502ba3610be85a89c7c5c2129cfb68ca97223cdb426e285c1de36741d48ea9a8969056380267dfe7e393317f435f7c5675f5599931129e4b0c69ce7af0dd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 67cde52688368fa7aba3e7804eea957c
SHA1 e9c16096c7dbc5637f6e72983d4f35d9eae8b9b8
SHA256 8aeb62da9a1ad3f3cb618ebaa6ccb4fe8ddec997edbf957b4993ab8ffcd1a3e9
SHA512 45a820e2f2a3619b97a939ac38786c059ee7098fe8ed8a4fa513cb6d6c9b93581c7589191ec3408d517290486dbc1675a5d412c1445b3675253a08d3c8296b45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 147e8e59dc4406a4e34f75aa67f10057
SHA1 d78fa3d76ee0eb96d1cc22c485406f9ee031729c
SHA256 c9deb6d571d71c587e2619d75f5a8baeef53808a2af074a0c6c8b45669106c95
SHA512 8b30cd178daab387f15aa14e8da52150ee6416b4bb38f3c641cbd727b0bf2219693587789e0372c71cd7b6f0c2dcdbdfae128c70a8ec6973882191d3840ad95d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 d729945824183c5f7ff4236efc7c8384
SHA1 381ea27f4b8df7a703ec959baa96fbfb3b7f5438
SHA256 4b87a3e20e875e2e20deedce5b8f05bc792a18913cde8235d469160ac5b875b4
SHA512 014155737de9a4e99730798b57a156392031a21fe35b8260954476f92c0ab5f3e68f714180b00c83013d6f4cb9e13836ddf1c179dee55109af97cd721d370cd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 810c29ee9722355064404b6c468b4cff
SHA1 1ffdf0a194054c33d480932dc369c9f611dcd239
SHA256 879e20dda53795123badb82d3d47e7bef7f62ebb7bcd95a98c46b1d9816234d0
SHA512 b7332d68f68acebe6c06d6bf97b19cf1efb0970f98bc556db73a3ef59178cd03b0e9b24f5660608447e645595cbbccec551d1030d58878651f8cacd7c3ca45c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 581d81c9653514a4acecf52cf82a344d
SHA1 a8b8adc450c084ed465a48a98eb5377d7997ad32
SHA256 7dbd828cbb8aa2cf0a280f91cf7ea02b216e315cb55a3d5ee9c49ff74e569538
SHA512 eb28bd33d9902a7adb25adedfec07291d9052698b033f83826f5aa9f416555cb27ca41e5d1ed88e28d5bf1629da952212566e765a11906470ed2d52b75d962da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 d15dd29a4d64d012bbe07fff6b6f9e16
SHA1 a9c04a3f688d672058aecd39e5f5b1e35dd464b6
SHA256 cf8bd1788c24d9e9bf2fee25f7851f082bf8856f643978a508258da26f4f90c6
SHA512 f9ef6baaeffd7a76fa14f4bb8c30293ec54cab9282b3310c7ea33a1ed7bbfdbe783f294394b4351255b4f2205a343c077b15ef2bc301e2d14ad2b8b813228340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 45f858c0bafd6dcf187c1338eb472b38
SHA1 7f3632239a4ea6b05df600ce27f01f11a812c627
SHA256 f839191be177079297b7a9282f3e5b486038af2498351929316a57ef1e209388
SHA512 30f5d3030180785e1184ad6bc37807001c0f5b4be5c189bf7a0d55d873e5cd1ef5d4e3f320ef95afbb550ce3b31f292c7f1a27bd166ae44caf5c9529411b92fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 9005886543ea7f6c08cfcd657335ef5b
SHA1 4539700a43863fa32b709dc26bf3e010819a291f
SHA256 07455f06a23e129495f65eaa08f0c23cfc968915a5dab029c133b7137d4e4b2b
SHA512 8c5b9f0032b6da17ba6c6597e2114878f6fbc9a83177d1216d2fe19b6cfe95ea0b320daeacf2376334d3df9487e4f1022c85a1d7b4fedb89f965bf2cfe7ab670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 d3afd167f2ab55f14d335ecd4e82b164
SHA1 d5de2d5c9e1ff8e0e18614a39a8804fd65c94727
SHA256 3cea90412d8dffba318c1448dd4d87f995889461c17363ccaa3b56b235e7d1dd
SHA512 b37e6f674db830d3687765a71e9a21ff0d817d6503f6f2e7993a85fdaa2f9c79b93fd26b628b0f8be8d6198ecf84099cb9a51a32de5ae6de15659c66f35c1d49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 135d99a3df668fd6c0f18e85837aa7f2
SHA1 02907814e4a289afe8beebfdfad878cc52273087
SHA256 662a2a582c10f5d5e66263ec823a1ff6a410e0ca5b9be4de56078ef34d776b7f
SHA512 7155b8bd91686b45d602c893ecae016bc7d8799a39c1a3628ff278a13dd96ad11ac15b40dd9479c8f911bdaa4b492aa349e0c2d4e4dd1f889b27fee45d6bb37d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 1138b1fd146eb99907a0ea3de1bf526e
SHA1 355e9bf3a2634b69b2d48dc3213ef9b0aa19baf8
SHA256 50ed95d37b06032c349bd3d1b6a4cbc92fd55291f44f88710b2ba2227d40e05b
SHA512 4e2722b3dd70a7f5d883166c9afe9b722bb0264e3619226734b829dcbb63fff95ae9758d9cbf97cf7acb82bee4f3cc6979a10f66536aaa373a22f4f37f60cb3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 f7b64746e0e9c7772d3c2e9d6c32b04c
SHA1 e43470c8eade85199ade11ba3c6d0c36c40ada89
SHA256 4b567e14fb8eacb736af19cd8c6e252373aa20ce44081059c17f1bc05ea250bb
SHA512 5286252974ec5a0f172c73b2998dc9b7375152a22d793ff1ca98bc0232427b6ef3238acdb54b2d76547f28bff560b68ff0b5e0a38e8bb10ef84bb9a5af1cb390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 7c617d44eb695e6946592cab67a42226
SHA1 52495252fb8cb763a39eea6fbc2d56b0fbc44fbd
SHA256 a437bb77af2c8118dcdc3f591edf68476835c0ee9a3e2c798f277d1d420accaa
SHA512 dfa84d285677c5d756cf408948c879f37e501ce558c7ee2065cc7169366147ad355b7004483ccdb2f4b1507711da397117ef513d2225d26fa2e6b710cc977f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 782212c15da0cbac1026141e3053f15d
SHA1 ffa8f95e9279c1299b45a67ff23bd9548ec99b54
SHA256 ffc92af9e7dddae40929728de1670ae8673a859cec3b0f7afd18dc7377fdb74e
SHA512 18c7836827d97c3033e4c5638a3a13fd91a0725547995441bfa1c9a9d1e60af49c27cf1ce34304b5aeeea694c98d26c543c0bc50593d62aebafbffda56a6650e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 6336c7a9ce3b76ba32c52c0b4b1b5e60
SHA1 2e5e43a894903b9df323cca3639590cf65fc4eec
SHA256 6fc5019a8e1dff3fa1644f73be6f2e8fa15e12c02e01e354e5e4a63eee181a27
SHA512 fa48e1e8f55f8e902f93d3dcb6e605fdf5f5e75a4def67cdcf2eb20463921fb05345d8a44f8ff08b020577d3069a7cfd6ba10015b7e52075b70939af49791dc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 754a2c1250f30bec13b590af9733d029
SHA1 ad819ff2781efeac28f97c020acce009ee969525
SHA256 6594f3b86937a69caf96943edca833904a9c7f732ab8411b80bfe1c5901909d5
SHA512 142d9aa66d28dd10c08bb2a4d2ffc3ce9f9866e99e50ff76d17f585d8f60b960e80fc0de8ae20ebc0cbe45c5967de26434c842987e685832b71f84b98a454756

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df6f28e36e8f8396274fdaf9b7624614
SHA1 ef7ff3b63e0fb8cb260b051931fbc20c03ea30e6
SHA256 0c7368868ab3ce012ca0fafd9a0843fd0ef6e714e1a7e4450ad88fe319ad6eb0
SHA512 c3faf436a8d090c73740d1193547628c157d096555dca93ee0c45c052ce52d3caa70b107dba9a7350946c2b1067e5cfdb435fbadc202abf5733da0f3f17af5d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34bb1161f023e642f44a72b1e2d383fa
SHA1 b0ce743c1370fd98bdbe142acff3bd825bc3520f
SHA256 bbf7334a0bade30384d5c16853662bd72dbb220567d1070481f60b356257d37c
SHA512 a113fe4ee811e125c6f21029e2e282698bc8a29ec0d7eef12f5bbb4b2375762557fef876c6047146901749d1b57986d84424f461f793bb38dbea1a74d647c83d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 72a9693a8a938192d190f4a98ade429b
SHA1 7a6225f3f2230733ce2f6d600d786ef06608d20d
SHA256 b8337f43ccf75e0831eb60f6bed655f347114d7cf02039c602e58140e1a5edb2
SHA512 8954e5beb442d3ea24e1b74aaa1fe826ed26dbd8d259c3fe413e11f7ab0aaf867d8281d152fe5770b506eb17de996727f36d3542d9f97b8be43206fcf1261c53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce65fbe75578175491cbda648336ec2c
SHA1 7fe1c679685335ddaec5261e0d9dd2580ea3c146
SHA256 36ae4abefc37f2d0d1a69caf30fd938cc224df5e238c6cfb2718004d3c1ef4e4
SHA512 e326855bd7eaac3ae9dea1014238538625ecadf44c3a16600762e8e09d9c168e622e14e72e61dc3fb7d55277ac668fde619477c6d8cafe29bdd897f91a011cc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 458a37137b3cc087d2f535ebcf251796
SHA1 1cbba5864380c9d6ae835b044047df20937df7d5
SHA256 8037a6799f4eea3a108d38b03702ad52926c609abe3ac659564766be496b2242
SHA512 ae13d05b8800565d69dc144642facc252a21253c6f51d05b7c8073a78c36da300b11156fb89385d83f62be261404260288f96e2f26719c113c883eb3099acd04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74abaaf01c985afab2a87778600add7d
SHA1 fd554490cad48a13da33a0b926c64009313a82cf
SHA256 5fdd7dafbd12a9d37f31d259463454e85e84253917f7b7b5b034e3eb299af7cf
SHA512 85992d5b0d39b75eab35dea353e1caba95c7d60a92c25553a1d556b026fec96d4bda50db7f5838dc0d340af4f862b12793efd79f488f821e2691d787e68aa754

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 81296e73be91b8990ef16b9900de26a1
SHA1 9442c8c9c7d0d22e75afb94fd4b65acc540d00ef
SHA256 16f44b6db39c6bfb990c3df5dbf856cd089fd581b8048328def96296f28459c1
SHA512 4b74ca6a5cdf65fa8a30d0d1ec501eab368fa56002270acc3940ad1d3c11430d55f261475775b948cabcd4d4229d75631edceb2b7985d0c2a1f694c7c2753405

C:\Users\Admin\Downloads\Unconfirmed 592054.crdownload

MD5 7f88c3ac069bd6f6a7134af19b2fa271
SHA1 4e834a0aed18e65e3b201ec60972d23dcd37193a
SHA256 b3996a0ae78cca5781ae2842d571afa51d79e04ed07e633973978d38e5b05b4a
SHA512 5300967dbea792920e65bd86a0bdab6aab7320dc934a76dce6b1276ffb26e68c53ddb1f43d1ee64cd8a527e1ac3f847a3917b460898bee978b2f88aae31b1871

C:\Users\Admin\Downloads\Unconfirmed 330978.crdownload

MD5 1228709ffb55277d3251c55ae0f131e8
SHA1 ab9ecf340385385686a33f434af7c1fbc9c91cf2
SHA256 d0aaa598eefb6d91c32670f99fdc7e4fd040fd6d40ffe0be173592fb8a3a3a39
SHA512 4b77aa0d5fb062c92be39c0eea80df2c31281480b88245db6ed8a8254e777987c6515f8b0091014e274c54832ec7dbcadbfaef3143fd0e517076e5c816d213cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7346f2273c58bc7796b6a113e535e6a5
SHA1 4a28e7ab04528ea466c4e349ac5135c55c14b4d2
SHA256 a687a6f0d0464c368ae6785276d302412d79a4ddfd31718747db8357378db1f6
SHA512 404bf3004a695b6da95ad6f7c848f2f5ec31d2929053b975051eecb5348c5b0ff2d248311788c1105112880067a2a6224e7f6e58c812c5edf2ad36134d157cee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e976da0cf1b139dbf1b51836afdb7907
SHA1 8c2a82892c4ad750099425c47f4c8f335a172bee
SHA256 dd65f71feaace33d469427822c6fc5f02de44ec71cd10d75d70b09c970042513
SHA512 1053e9386e19314528b9c36033c4aace3aad0411574d2424e3b3b50deafdedc9600d94973d715219b3e3c602a57401a375dda355c6e284e43329399e43f395fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c074b449e40803880acba1fbedfc30b5
SHA1 2ffb5681f048b6fa546c4a6a33f8430311852804
SHA256 413a09234ab2caa4451b7d67988eea7a4e3d68ee0fbca54ad988f72250d644bd
SHA512 b1b9dccf4f2c0365a8fae76ec778c6be77248d07d6024e586ed81976945b9fd8f4729c789472657982d809e281abe57757af2a28638271ba6a36d33bba2deb9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 332fc718111ec41c28ba3c9dbb304156
SHA1 a3b90ae1a1faf00bd8b0ff56742a7e99aa8d4ec4
SHA256 b5d5e36b07b8e00c3aec1213673aecd523bb5f67463c164a28cd5a556fed9fad
SHA512 b218e2f5a473cf574bcd4d6264482ba67357bfc39b31040d4251969f324cc14960cde7a7eb96082e1a6c4287db8601eca2c08933f22a22305789aef062df88b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0bf51c7e44cebd8a75691e875647a61e
SHA1 edd3c3d4ea90423f4a167e6c256c4592e3dbb414
SHA256 812ec265f71464a34871079486b623853f4baebb967d59589c700d3f6b585889
SHA512 52e3feff5e0579c3c7635ef60b4c4a7abe08180105db4dd74d22065945fcfdc590392bb0476d1384a8238386d2838d99c97131bb82564f2f7a1d55c201ae43c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0bc0f7f959cb5ccabff9b0c1f044975d
SHA1 29f8e49b00c6d69b9a03dec7ab4525e23028d43a
SHA256 ff666c9df0d61864304e18837762750e2d7d66e2ef493e539ea90fb6269979f5
SHA512 5b8a47b33539dd8db70bc057ed8adcf3769f138ed24a9c269e7a7f6e51e9f7ed5a1cf0654de9dc07a0625fb69f359a74413a37b440756ab2f423f353abf75a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 748c58296aeaffd9258d480ea18c3a4a
SHA1 ce4126806855b2fd414968541728bd5e62255e5e
SHA256 ad1bf35b6c8e32cde8c750f8aa66a14a961e4e1fc888e93051c065835e16232a
SHA512 a7132944c74e166ad9ef512053ea298d5e9386e4d8427a262e28af125f5cccb69595a160f8f3caaec180d95d9d35b87ed4dc25eee30dfd726e25ed76b0f57d53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b230c0fb639376d27cf74042c9c5e640
SHA1 9408d79f9a4b9f8b897309d0fa381724b2b920e0
SHA256 7e7e11985494a03f20bf5f16c350f4c66cf5e7fc567e0fabd5ac5c8891d65aaf
SHA512 8f0f658a03319189a9b79bdc48c4b65c26094af20cd41d27509fc8cc9077de6f6f58b48c7f18ec56c05a6ad07db5ba89f013deee1c4edf166a65a37bed1821e2

C:\Users\Admin\AppData\Local\Temp\e5c93fa\Load.html

MD5 1757c2d0841f85052f85d8d3cd03a827
SHA1 801b085330505bad85e7a5af69e6d15d962a7c3a
SHA256 3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35
SHA512 4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

C:\Users\Admin\AppData\Local\Temp\e5c93fa\common\js\jquery-1.11.2.min.js

MD5 5790ead7ad3ba27397aedfa3d263b867
SHA1 8130544c215fe5d1ec081d83461bf4a711e74882
SHA256 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
SHA512 781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

C:\Users\Admin\AppData\Local\Temp\e5c93fa\config\config.js

MD5 34f8eb4ea7d667d961dccfa7cfd8d194
SHA1 80ca002efed52a92daeed1477f40c437a6541a07
SHA256 30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d
SHA512 b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

C:\Users\Admin\AppData\Local\Temp\e5c93fa\common\js\external.js

MD5 140918feded87fe0a5563a4080071258
SHA1 9a45488c130eba3a9279393d27d4a81080d9b96a
SHA256 25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6
SHA512 56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

C:\Users\Admin\AppData\Local\Temp\e5c93fa\config\installparams.js

MD5 66c9d7ab7cbc6d7e675e7292d0d96aeb
SHA1 fe94c309a9d922a64fbee615fe6fa7108a356249
SHA256 87df84ea0794ab4df2ea424febb7eeeef55190e1368f7e148851a428d842344e
SHA512 885fc647279001d8c8d1b9b881842424082cb284310d3cb24efb04fba1006e399a7a9669c37c9b9d39e474abdfd5e00294477639cd4af8887f1e448df30028ec

C:\Users\Admin\AppData\Local\Temp\e5c93fa\config\stubparams.js

MD5 91f6304d426d676ec9365c3e1ff249d5
SHA1 05a3456160862fbaf5b4a96aeb43c722e0a148da
SHA256 823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b
SHA512 530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

C:\Users\Admin\AppData\Local\Temp\e5c93fa\common\js\common.js

MD5 87daf84c22986fa441a388490e2ed220
SHA1 4eede8fb28a52e124261d8f3b10e6a40e89e5543
SHA256 787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23
SHA512 af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 db7fb67fcec9f1c442de25f3ad59f50c
SHA1 b600aa26d1cded59760304c6d77f4ff75722eabd
SHA256 c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f
SHA512 c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 e3f7c1c2e2013558284331586ba2bbb2
SHA1 6ebf0601e1c667f8d0b681b0321a73e8f4e91fa3
SHA256 d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba
SHA512 7d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 c645ee53dc61e7217c8a1daff22dfc04
SHA1 f883d1447e9494431bd36a465a187b2007a94566
SHA256 e2b899528c6c8700c642186e592134982411b962c5551e4983682bb64a68eb99
SHA512 d3187878499b53b7b6f302f44a535d0e584aa3b0b4a7c76b1bfd1b682429e3d1c31e718e3cc2f4e6add64017cb107791557ea149f283cbca7cd72dac5277fb07

memory/4556-1741-0x0000000000670000-0x00000000006A5000-memory.dmp

memory/4556-1742-0x0000000070AC0000-0x0000000070CDF000-memory.dmp

memory/4556-1749-0x0000000070AC0000-0x0000000070CDF000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 ede9c95f180e8bba82a2229a594f14b5
SHA1 c6a713cab5f8639e205bee642ee559db9bacfaa7
SHA256 423f819911d8f13d7c36871e33c6feff5f3224a40b721cdbc81d1d0264cfdbd2
SHA512 3ee2a9462df4fb305dc320215fdac11ca3dee225a4ef0fe110ac8eb0aeb1c0e45f37dfff32fc8a44321fabb16a748ab8b870ad5c9c4329a03747e6863f1c0072

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Installer\setup.exe

MD5 44bab1ba8bbc80a6f11a59a921ade1fe
SHA1 71292aa421fc9cefd9eeade06fc5af52f71e8dc2
SHA256 a03c11b73af7ccf83f2a4bc1995f9083f8415174d1e8f6d6465e9192aabb542a
SHA512 fcb6f75c3367b91da92b3d866ae6b85428d8c2ef13499344e80ddd3bb30f47d1243120aa41eba519756bcb6ff5f9708e7fe7281265c4c32766231765aa8104e2

memory/1844-1815-0x0000000000A60000-0x0000000000AC4000-memory.dmp

memory/1844-1816-0x0000000002DD0000-0x0000000002DD6000-memory.dmp

memory/2868-1822-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2868-1824-0x0000000005900000-0x0000000005EA4000-memory.dmp

memory/2868-1825-0x0000000005350000-0x00000000053E2000-memory.dmp

memory/2868-1826-0x0000000005330000-0x000000000533A000-memory.dmp

memory/2868-1827-0x00000000064D0000-0x0000000006AE8000-memory.dmp

memory/2868-1828-0x00000000057C0000-0x00000000058CA000-memory.dmp

memory/2868-1829-0x00000000056F0000-0x0000000005702000-memory.dmp

memory/2868-1830-0x0000000005750000-0x000000000578C000-memory.dmp

memory/2868-1831-0x0000000005EB0000-0x0000000005EFC000-memory.dmp

C:\Users\Admin\AppData\Roaming\d3d9.dll

MD5 aabf88ca8b3c7a22e686ccd4d66d1fbf
SHA1 0155c60607e1b22ecc83f3258827b5285c2719a3
SHA256 6e610c03f9b3c785c678ff602e7a546ed2ed96cd1280081a6afdade0512a8f3c
SHA512 aedaaa57d4e8b1059555bbc8b465bf15f9c9f9e390cd7f7e64aacec8817b348f6ff9fbd608778b06984cdf4fe72ba9849bc9786426335e7bb4d2a4c3347d3a09

memory/2868-1837-0x0000000006000000-0x0000000006066000-memory.dmp

memory/2868-1838-0x0000000006DF0000-0x0000000006E40000-memory.dmp

memory/2868-1839-0x0000000007320000-0x00000000074E2000-memory.dmp

memory/2868-1840-0x0000000007A20000-0x0000000007F4C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f060e9a30a0dde4f5e3e80ae94cc7e8e
SHA1 3c0cc8c3a62c00d7210bb2c8f3748aec89009d17
SHA256 c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79
SHA512 af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

memory/4556-1853-0x0000000070AC0000-0x0000000070CDF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\695398f4-2d74-4197-8368-2de11a4d18b8.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93ada7b46ea53f1778d98593103334a5
SHA1 2d0873dcf29aa04195134aa086a8a0da28fd8b66
SHA256 df1d66518fc86b9f5a1e552fb4d155c62401a02241a520128b001cc2a6611d2c
SHA512 e10ca2bcda4c5f9f85c2f046dd4ab0df1fe0301365a84c9356af8efcae46724707188807cded419c8ff7f2b7890a7ff8304a66142c6d68b737eea4b0e55c4fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68e6e93f6866ddd66a854662b0781ee0
SHA1 a2cae126ae45fad305615f23ab9d88ad4217ddfd
SHA256 9259343169c1f3f4a6649c1614f7994bfe0bee10b1b64e1f26401d186bfd9989
SHA512 57fda9bf8b4aa8305d03830b84c5b56a538887490ec082dfe9ba81e7c75c9e33c465629e7a4863a5c0f0b4419a5f5dbb0226e820f580f2e7a8650d406fd0c3fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a27d8876d0de41d0d8ddfdc4f6fd4b15
SHA1 11f126f8b8bb7b63217f3525c20080f9e969eff3
SHA256 d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe
SHA512 8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

memory/2652-1968-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1970-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1969-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1976-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1980-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1979-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1978-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1977-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1975-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/2652-1974-0x00000213D1220000-0x00000213D1221000-memory.dmp

memory/4556-1982-0x0000000070AC0000-0x0000000070CDF000-memory.dmp