Malware Analysis Report

2024-11-16 12:57

Sample ID 240806-y2pq2szakn
Target windows-malware
SHA256 192a92a9b50998d7a9940218c9a3e98f854961034cc0d296b0bb17e6d9b8b79a
Tags
bootkit defense_evasion discovery exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

192a92a9b50998d7a9940218c9a3e98f854961034cc0d296b0bb17e6d9b8b79a

Threat Level: Likely malicious

The file windows-malware was found to be: Likely malicious.

Malicious Activity Summary

bootkit defense_evasion discovery exploit persistence privilege_escalation

Blocklisted process makes network request

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Possible privilege escalation attempt

Event Triggered Execution: AppInit DLLs

Loads dropped DLL

Modifies file permissions

Executes dropped EXE

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Network Share Discovery

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Enumerates physical storage devices

Access Token Manipulation: Create Process with Token

Program crash

Event Triggered Execution: Accessibility Features

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of UnmapMainImage

Kills process with taskkill

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy WMI provider

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-06 20:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-06 20:17

Reported

2024-08-06 20:47

Platform

win11-20240802-en

Max time kernel

1718s

Max time network

1821s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\windows-malware

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Downloads MZ/PE file

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\Desktop\Bonzify.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\control.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SETFCBD.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\SysWOW64\SETFCBD.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\msagent\SETFA1F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETFA30.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\SETFA1D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SETFCA8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SETFCAC.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETFA19.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SETFA20.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETFA1E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SETFA20.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\msagent\SETFA1A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETFA1C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETFA1D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SETFCA9.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SETFCAC.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\finalDestruction.bin C:\Users\Admin\Desktop\Bonzify.exe N/A
File created C:\Windows\msagent\SETFA1B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\fonts\SETFCAB.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\msagent\SETFA18.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETFA1B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETFA1E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SETFCAB.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\SETFA30.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SETFA31.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\RMActivate.exe C:\Windows\SysWOW64\Taskmgr.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\SETFA19.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\SETFA1F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\help\SETFA31.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\SETFCAA.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Desktop\Bonzify.exe N/A
File created C:\Windows\msagent\SETFA1C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SETFCA8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\help\SETFCAA.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\executables.bin C:\Users\Admin\Desktop\Bonzify.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\msagent\SETFA18.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETFA1A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SETFA32.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SETFCA9.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Bonzify.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\control.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000202\Target IME = 00000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\system32\dssvc.dll,-10003 = "Data Sharing Service" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\System32\drivers\scfilter.sys,-11 = "Smart card PnP Class Filter Driver" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\EventLabels\Minimize\ = "Minimize" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm4\.Current\ = "%SystemRoot%\\media[Alarm04.wav" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-20\Console\FontFamily = "0" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\PMDisplayName = "Restricted sites [Protected Mode]" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ = "ÿ" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices\appType = "app:system" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\EventLabels\WindowsUnlock\ = "Windows Unlock" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-19\Control Panel\Appearance\Schemes\@themeui.dll,-854 = 02000000f40100000100000010000000100000001200000012000000f5ffffff000000000000000000000000bc02000000000000000000005400610068006e006d006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0000000f000000f5ffffff000000000000000000000000bc02000000000000000000005400610068006f006d006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001200000012000000f5ffffff0000000000000000000000009001000000000000000000005400610068006f006d00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffff0000000000000000000000009001000000000000000000005400610068006f006d00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffff0000000000000000000000009001000000000000000001005400610068006f006d00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000f5ffffff0000000000000000000000009001000000000000000000ff5400610068006f006d00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4d0c8003a6ea5000a246a0080808000d4d0c800ffffff00000000000000000000000000ffffff00d4d0c800d4d0c800808080000a246a00ffffff00d4d0c800808081008080800000000000d4d0c800ffffff0040404000d4d0c8000000ff00ffffe100b5b5b50000008000a6caf000c0c0c000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm10\.Default\ = "%SystemRoot%\\media\\Alarm10.wav" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Control Panel\Desktop\Colors\ButtonLight = "212 208 200" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences\DisableAutoNavigateURL = "0" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IE5_UA_Backup_Flag = "5.0" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-20\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe\PopupColors = "243" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\.current\ = "%SystemRoot%\\media\\Speech Misrecognition.wav" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%systemroot%\system32\spectrum.exe,-101 = "Windows Perception Service" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\EventLabels\Notification.Proximity\DispFileName = "@mmres.dll,-5858" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\AppEvents\EventLabels\WindowsUnlock\ExcludeFromCPL = "1" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\Schemes\Apps\.Default\Notification.Looping.Call10\.Current\ = "%SystemRoot%\\media\\Ring11.wav" C:\Windows\SysWOW64\Taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Console\WindowAlpha = "255" C:\Windows\SysWOW64\Taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1200x144(1).bottom = "1024" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Server.2" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.acs\ = "Agent.Character2.2" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\shellex\PropertySheetHandlers\CharacterPage\ = "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA141FD0-AC7F-11d1-97A3-0060082730FF}\InprocServer32\ = "C:\\Windows\\lhsp\\tv\\tv_enua.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133670857060696842" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e007180000000000000000000005427636023c5624bb45c4172da0126190000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\DefaultIcon C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ = "IAgentCtlRequest" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\HELPDIR\ = "C:\\Windows\\msagent\\AgentSvr.exe\\" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\mslwvtts.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentPropertySheet" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ = "IAgentEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCtlCommandsWindow" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0\win32\ = "C:\\Windows\\msagent\\AgtCtl15.tlb" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" C:\Windows\msagent\AgentSvr.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties" C:\Windows\msagent\AgentSvr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 225018.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 840113.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 476049.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Desktop\geometry dash auto speedhack.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2972 wrote to memory of 4588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 4588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2972 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\windows-malware

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8ef4cc40,0x7ffb8ef4cc4c,0x7ffb8ef4cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,12679082747063903829,6399962478123712093,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8136 /prefetch:2

C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe

"C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe" --app -channel production

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x00000000000004C0

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe" --app -channel production

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe" --app -channel production

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8140 /prefetch:8

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.exe" --app -channel production

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8456 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x00000000000004C0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12160743086049197255,12458324992647482309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe"

C:\Users\Admin\Desktop\Bonzify.exe

"C:\Users\Admin\Desktop\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Desktop\geometry dash auto speedhack.exe

"C:\Users\Admin\Desktop\geometry dash auto speedhack.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 180 -ip 180

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3160 -ip 3160

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x104,0x130,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,13992291861422209922,8090513043656583422,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3681280626882984997,16784909347508677085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 916 -ip 916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1871964140690975895,4628029101552770976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Users\Admin\Desktop\Bonzify.exe

"C:\Users\Admin\Desktop\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2096 -ip 2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb8f573cb8,0x7ffb8f573cc8,0x7ffb8f573cd8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 652

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe" /grant "everyone":(f)

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe"

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe" /grant "everyone":(f)

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12832680419650974648,16237058070484055049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\bfsvc.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\bfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\bfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Boot\PCAT\memtest.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Boot\PCAT\memtest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Boot\PCAT\memtest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\BrowserCore\BrowserCore.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\BrowserCore\BrowserCore.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\BrowserCore\BrowserCore.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\explorer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\explorer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\explorer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\HelpPane.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\HelpPane.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\HelpPane.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\hh.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\hh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\hh.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ImmersiveControlPanel\SystemSettings.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ImmersiveControlPanel\SystemSettings.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32Info.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32Info.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32Info.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe" /grant "everyone":(f)

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adelrcp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adelrcp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adelrcp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeCollabSync.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeCollabSync.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeCollabSync.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\eula.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\eula.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\eula.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logtransport2.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logtransport2.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logtransport2.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\rdrservicesupdater.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\rdrservicesupdater.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\rdrservicesupdater.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reader_sl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reader_sl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reader_sl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4bitmapibroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4bitmapibroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4bitmapibroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_32\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_32\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_32\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" /grant "everyone":(f)

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5132 -ip 5132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 1292

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\msagent\AgentSvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\msagent\AgentSvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\msagent\AgentSvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\notepad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\notepad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\notepad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\PrintDialog\PrintDialog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\PrintDialog\PrintDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\PrintDialog\PrintDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\regedit.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\regedit.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\regedit.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe" /grant "everyone":(f)

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
GB 2.18.66.162:443 tcp
GB 2.18.66.162:443 tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.101.88:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
DE 2.16.101.88:443 www.bing.com tcp
DE 2.16.100.49:443 www.bing.com tcp
DE 2.16.100.49:443 www.bing.com tcp
BE 23.41.178.128:443 th.bing.com tcp
BE 23.41.178.128:443 th.bing.com tcp
US 8.8.8.8:53 128.178.41.23.in-addr.arpa udp
US 13.107.21.200:443 bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 128.116.119.4:80 www.roblox.com tcp
GB 128.116.119.4:80 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
PL 77.73.129.44:443 solaraexecutor.app tcp
PL 77.73.129.44:443 solaraexecutor.app tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 104.21.79.23:443 solaraexec.cc tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
US 104.17.247.203:443 unpkg.com tcp
US 8.8.8.8:53 23.79.21.104.in-addr.arpa udp
GB 2.18.190.78:443 static.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
US 104.17.247.203:443 unpkg.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
US 104.17.247.203:443 unpkg.com tcp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 65.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
GB 128.116.119.4:443 apis.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 96.155.244.18.in-addr.arpa udp
GB 128.116.119.4:443 auth.roblox.com udp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
GB 128.116.119.4:443 auth.roblox.com udp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.219.240.231:443 www.microsoft.com tcp
BE 23.219.240.231:443 www.microsoft.com tcp
AU 20.70.246.20:443 xbox.com tcp
AU 20.70.246.20:443 xbox.com tcp
US 8.8.8.8:53 assetgame.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
GB 128.116.119.4:443 ncs.roblox.com udp
US 8.8.8.8:53 th.bing.com udp
BE 23.41.178.122:443 th.bing.com tcp
US 8.8.8.8:53 122.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
GB 2.18.190.81:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.74:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 23.41.178.67:443 r.bing.com tcp
US 8.8.8.8:53 67.178.41.23.in-addr.arpa udp
US 104.21.66.13:443 kiwix.dev tcp
US 104.21.66.13:443 kiwix.dev tcp
US 8.8.8.8:53 13.66.21.104.in-addr.arpa udp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly tcp
US 172.67.149.138:443 filesilo.cloud tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 138.149.67.172.in-addr.arpa udp
IE 63.32.42.62:443 save.enabledstats.com tcp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 62.42.32.63.in-addr.arpa udp
SE 194.54.164.123:80 glovedinosaurs.website tcp
SE 194.54.164.123:80 glovedinosaurs.website tcp
DE 51.195.68.163:443 www.win-rar.com tcp
NL 172.217.23.206:443 google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
NL 172.217.23.206:443 google.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
DE 2.16.100.51:443 www.bing.com tcp
GB 2.18.66.162:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 52.168.117.170:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
GB 2.18.190.72:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.53:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 72.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 53.242.165.18.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.18.190.72:443 setup.rbxcdn.com tcp
GB 18.165.242.53:443 clientsettingscdn.roblox.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 23.41.178.105:443 th.bing.com tcp
US 8.8.8.8:53 105.178.41.23.in-addr.arpa udp
US 52.167.30.171:443 fpt2.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
BE 23.41.178.114:443 r.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 8.8.8.8:53 114.178.41.23.in-addr.arpa udp
US 104.18.239.210:443 www.crazygames.com tcp
US 104.18.239.210:443 www.crazygames.com tcp
US 8.8.8.8:53 images.crazygames.com udp
US 8.8.8.8:53 workers.crazygames.com udp
US 8.8.8.8:53 builds.crazygames.com udp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 104.18.239.210:443 model.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 192.124.249.36:80 certificates.starfieldtech.com tcp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
GB 108.156.39.76:443 rumcdn.geoedge.be tcp
GB 18.244.179.121:443 cdn.privacy-mgmt.com tcp
GB 18.244.179.121:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 121.179.244.18.in-addr.arpa udp
BE 23.41.178.105:443 th.bing.com tcp
BE 23.41.178.105:443 th.bing.com tcp
US 8.8.8.8:53 totaladblock.com udp
US 34.160.40.40:443 totaladblock.com tcp
US 34.160.40.40:443 totaladblock.com tcp
US 8.8.8.8:53 www.totaladblock.com udp
US 8.8.8.8:53 40.40.160.34.in-addr.arpa udp
US 34.160.40.40:443 www.totaladblock.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 analytics.crazygames.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 151.101.193.44:443 trc.taboola.com tcp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 204.79.197.237:443 bat.bing.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 t-ring-s2.msedge.net udp
GB 2.18.66.162:443 tcp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
US 8.8.8.8:53 254.213.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 23.41.178.57:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 57.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
GB 2.18.66.162:443 tcp
US 8.8.8.8:53 teams-ring.msedge.net udp
GB 2.18.66.162:443 tcp
US 8.8.8.8:53 ow1.res.office365.com udp
US 52.113.196.254:443 teams-ring.msedge.net tcp
BE 2.17.197.81:443 ow1.res.office365.com tcp
US 8.8.8.8:53 254.196.113.52.in-addr.arpa udp
US 8.8.8.8:53 81.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 23.41.178.106:443 www.bing.com tcp
US 8.8.8.8:53 106.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 2.18.190.72:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.crazygames.com udp
GB 2.22.228.81:443 www.bing.com tcp
GB 2.22.228.81:443 www.bing.com tcp
US 8.8.8.8:53 81.228.22.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.140:443 aefd.nelreports.net udp
GB 2.18.190.140:443 aefd.nelreports.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk udp
GB 88.221.87.168:443 www.bing.com tcp
GB 88.221.87.168:443 www.bing.com tcp
GB 2.18.190.140:443 aefd.nelreports.net udp
GB 88.221.87.168:443 www.bing.com tcp
GB 2.18.190.140:443 aefd.nelreports.net tcp
US 8.8.8.8:53 168.87.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.87.169:443 r.bing.com tcp
GB 88.221.87.169:443 r.bing.com tcp
GB 2.22.228.106:443 th.bing.com tcp
GB 2.22.228.106:443 th.bing.com tcp
US 8.8.8.8:53 106.228.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 88.221.87.169:443 r.bing.com tcp
GB 2.22.228.106:443 th.bing.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 2.22.228.138:443 th.bing.com tcp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 2.22.228.138:443 th.bing.com tcp
US 8.8.8.8:53 www.skidrowreloaded.com udp
US 104.26.8.45:443 www.skidrowreloaded.com tcp
US 104.26.8.45:443 www.skidrowreloaded.com tcp
US 8.8.8.8:53 xbuycgcae.com udp
US 8.8.8.8:53 ktpcsqnij.com udp
US 104.21.91.188:443 youradexchange.com tcp
US 104.21.92.134:443 ktpcsqnij.com tcp
US 192.0.77.48:443 s.w.org tcp
US 104.21.8.108:443 pubtrky.com tcp
DE 168.119.149.123:443 avd-1.genuinesystemtraffic.com tcp
DE 168.119.149.123:443 avd-1.genuinesystemtraffic.com tcp
US 172.67.195.215:443 targetchain-flow.com tcp
US 104.17.166.186:443 c.adsco.re tcp
US 104.17.166.186:443 c.adsco.re tcp
US 8.8.8.8:53 6.adsco.re udp
US 162.252.214.5:443 adsco.re tcp
US 162.252.214.5:2087 adsco.re tcp
US 162.252.214.5:443 adsco.re tcp
US 104.17.167.186:443 6.adsco.re tcp
US 104.17.167.186:2087 6.adsco.re tcp
GB 185.200.118.51:443 ilwifx3x8v8m.l4.adsco.re tcp
US 38.132.109.186:3478 udp
SG 185.200.116.90:3478 udp
GB 185.200.118.90:3478 udp
US 38.132.109.115:443 ilwifx3x8v8m.n4.adsco.re tcp
US 38.132.109.115:443 ilwifx3x8v8m.n4.adsco.re tcp
SG 185.200.116.51:443 ilwifx3x8v8m.s4.adsco.re tcp
US 162.252.214.5:443 adsco.re tcp
SG 185.200.116.51:443 ilwifx3x8v8m.s4.adsco.re tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 115.109.132.38.in-addr.arpa udp
US 8.8.8.8:53 51.116.200.185.in-addr.arpa udp
US 104.18.239.210:443 workers.crazygames.com tcp
US 104.18.239.210:443 workers.crazygames.com tcp
US 104.17.240.158:443 workers.crazygames.com tcp
US 151.101.194.208:443 images.crazygames.com tcp
US 8.8.8.8:53 208.194.101.151.in-addr.arpa udp
GB 18.172.89.123:443 rumcdn.geoedge.be tcp
US 104.18.239.210:443 model.crazygames.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 104.18.239.210:443 model.crazygames.com tcp
US 104.18.239.210:443 model.crazygames.com tcp
US 104.18.239.210:443 model.crazygames.com tcp
US 8.8.8.8:53 123.89.172.18.in-addr.arpa udp
GB 18.165.160.7:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 trc.taboola.com udp
US 151.101.193.44:443 trc.taboola.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 analytics.crazygames.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 104.18.10.136:443 user-agent.trafficdecisions.com tcp
US 104.18.10.136:443 user-agent.trafficdecisions.com tcp
US 104.18.15.14:443 go.c0nect.com tcp
US 64.225.91.73:80 zioncentral.org tcp
US 64.225.91.73:80 zioncentral.org tcp
US 104.18.26.45:443 domaincntrol.com tcp
DE 64.190.63.136:80 ww2.zioncentral.org tcp
DE 64.190.63.136:80 ww2.zioncentral.org tcp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 45.26.18.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NO 2.20.161.47:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 47.161.20.2.in-addr.arpa udp
NL 2.16.106.200:443 www.bing.com tcp
NL 2.16.106.200:443 www.bing.com tcp
NL 2.16.106.200:443 www.bing.com tcp
US 8.8.8.8:53 200.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 pafvertizing.crazygames.com udp
US 104.17.240.158:443 pafvertizing.crazygames.com tcp
US 8.8.8.8:53 rafvertizing.crazygames.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
NL 172.217.168.246:443 i.ytimg.com tcp
US 8.8.8.8:53 google.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 172.217.23.206:443 google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
NL 172.217.23.206:443 google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 files.crazygames.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
NL 172.217.23.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
GB 13.224.84.18:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 172.240.45.73:443 gov.aniview.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 18.84.224.13.in-addr.arpa udp
GB 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 64.162.199.18.in-addr.arpa udp
US 8.8.8.8:53 8.79.64.18.in-addr.arpa udp
DE 18.64.119.108:443 config.aps.amazon-adsystem.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
NO 2.20.166.89:443 secure.cdn.fastclick.net tcp
NO 2.20.166.89:443 secure.cdn.fastclick.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
GB 13.224.81.88:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
IE 34.252.81.219:443 bcp.crwdcntrl.net tcp
NL 172.217.23.202:443 imasdk.googleapis.com udp
NL 142.251.36.6:443 s0.2mdn.net tcp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 73.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 108.119.64.18.in-addr.arpa udp
US 8.8.8.8:53 89.166.20.2.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
NL 142.250.179.193:443 ed20a114b270f0004571886501fdc14b.safeframe.googlesyndication.com tcp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 34.120.135.53:443 oajs.openx.net udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.36.6:443 s0.2mdn.net udp
US 143.244.180.136:443 bloxd.io tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
US 143.244.180.136:443 bloxd.io tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 15.197.193.217:443 match.adsrvr.org tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 172.217.168.226:443 cm.g.doubleclick.net tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
IE 52.215.251.212:443 ad.360yield.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 35.244.159.8:443 u.openx.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 212.251.215.52.in-addr.arpa udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
NL 172.217.168.226:443 cm.g.doubleclick.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 142.251.39.99:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-if-v6exp3-v4.metric.gstatic.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 142.251.39.99:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-if-v6exp3-v4.metric.gstatic.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
NL 23.200.189.62:443 eus.rubiconproject.com tcp
NL 216.58.208.106:443 ajax.googleapis.com tcp
NL 216.58.208.106:443 ajax.googleapis.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
DE 18.64.79.83:443 rumcdn.geoedge.be tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 83.79.64.18.in-addr.arpa udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:443 www.facebook.com tcp
NL 142.251.39.99:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-if-v6exp3-v4.metric.gstatic.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 172.217.168.202:443 firebase.googleapis.com tcp
NL 172.217.168.202:443 firebase.googleapis.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
NL 172.217.23.194:443 ade.googlesyndication.com tcp
NL 172.217.23.194:443 ade.googlesyndication.com tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 64.23.224.165:443 static3.bloxd.io tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 165.224.23.64.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
NL 172.217.23.194:443 ade.googlesyndication.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 172.217.168.195:443 www.google.co.uk udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.251.36.18:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-238934-i1-v6exp3.ds.metric.gstatic.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 8.8.8.8:53 43066004379497f89f73d6d747eb5848.safeframe.googlesyndication.com udp
US 8.8.8.8:53 a692.casalemedia.com udp
NL 172.217.168.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 cs.lkqd.net udp
CA 85.91.47.63:443 a692.casalemedia.com tcp
NL 142.251.36.18:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-238934-i1-v6exp3.ds.metric.gstatic.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
NL 142.250.179.193:443 43066004379497f89f73d6d747eb5848.safeframe.googlesyndication.com tcp
NL 142.250.179.178:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-238934-i2-v6exp3.v4.metric.gstatic.com tcp
US 8.8.8.8:53 18.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 147.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 178.179.250.142.in-addr.arpa udp
NL 172.217.168.226:443 cm.g.doubleclick.net udp
NL 172.217.168.226:443 cm.g.doubleclick.net udp
NL 142.251.36.6:443 s0.2mdn.net udp
US 172.64.145.251:443 impssl.constantcontact.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 35.244.159.8:443 us-u.openx.net tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 23.53.245.94:443 sync.teads.tv tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 143.244.180.136:443 bloxd.io tcp
NL 23.53.245.94:443 sync.teads.tv tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 143.244.180.136:443 bloxd.io tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 143.244.180.136:443 bloxd.io tcp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
DE 18.199.162.64:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.240.45.73:443 gov.aniview.com tcp
US 104.17.240.158:443 sdk.crazygames.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
IE 54.194.254.146:443 id.crwdcntrl.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 146.254.194.54.in-addr.arpa udp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 matchmaking.bloxd.io udp
US 164.92.122.81:443 matchmaking.bloxd.io tcp
US 8.8.8.8:53 81.122.92.164.in-addr.arpa udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 52.204.227.150:443 api.gameanalytics.com tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
US 104.17.240.158:443 sdk.crazygames.com tcp
US 146.190.39.167:443 gs-oneblock-8r1vuyttg6ckygzbl7ssy.doodlecube.io tcp
US 146.190.39.167:443 gs-oneblock-8r1vuyttg6ckygzbl7ssy.doodlecube.io tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
DE 18.64.79.29:443 hb.yellowblue.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 29.79.64.18.in-addr.arpa udp
NL 142.251.36.35:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-238934-s1-v6exp3-v4.metric.gstatic.com tcp
NL 142.251.36.35:443 p4-d2pvvupfril4g-na4mur7flkdk6pzh-238934-s1-v6exp3-v4.metric.gstatic.com tcp
US 143.244.180.136:443 bloxd.io tcp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
US 172.64.145.251:443 impssl.constantcontact.com tcp
NL 172.217.168.226:443 www.googletagservices.com udp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 104.209.135.5.in-addr.arpa udp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 google.com udp
NL 172.217.23.206:443 google.com udp
NL 172.217.23.206:443 google.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.237:443 bat.bing.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 246.160.158.35.in-addr.arpa udp
US 172.240.45.73:443 gov.aniview.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 172.240.45.73:443 gov.aniview.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 23.220.113.69:443 tags.bluekai.com tcp
NL 23.220.113.69:443 tags.bluekai.com tcp
IE 63.32.135.176:443 bcp.crwdcntrl.net tcp
IE 63.32.135.176:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 176.135.32.63.in-addr.arpa udp
US 8.8.8.8:53 groundcontrol.sharethrough.com udp
US 8.8.8.8:53 b.sharethrough.com udp
DE 18.64.103.116:443 b.sharethrough.com tcp
GB 54.230.10.71:443 groundcontrol.sharethrough.com tcp
US 8.8.8.8:53 116.103.64.18.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
NO 23.44.47.187:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 pxl.iqm.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 84.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 187.47.44.23.in-addr.arpa udp
US 34.193.171.116:443 pxl.iqm.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
NL 23.200.189.62:443 eus.rubiconproject.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
FR 5.135.209.104:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 192.132.33.68:443 bttrack.com tcp
NL 23.220.113.51:80 x2.i.lencr.org tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 54.157.168.221:443 sync.srv.stackadapt.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 35.244.159.8:443 us-u.openx.net udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 63.215.202.169:443 stx-match.dotomi.com tcp
IE 52.31.57.205:443 ad.360yield.com tcp
US 8.8.8.8:53 67.143.249.34.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
NL 63.215.202.169:443 stx-match.dotomi.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
IE 52.31.57.205:443 ad.360yield.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
US 8.8.8.8:53 x.dlx.addthis.com udp
NL 23.220.113.69:443 x.dlx.addthis.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 i.liadm.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 3.226.96.179:443 i.liadm.com tcp
DE 18.64.103.116:443 b.sharethrough.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 8.8.8.8:53 221.168.157.54.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 205.57.31.52.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 179.96.226.3.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 152.144.173.69.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 104.17.240.158:443 www.crazygames.com tcp
DE 18.64.79.29:443 hb.yellowblue.io tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
US 204.79.197.237:443 bat.bing.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
GB 54.230.10.71:443 groundcontrol.sharethrough.com tcp
IE 52.214.234.91:443 ap.lijit.com tcp
IE 34.254.143.3:443 loadm.exelator.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
IE 54.229.131.172:443 ads.yieldmo.com tcp
IE 54.229.131.172:443 ads.yieldmo.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
US 35.227.201.97:443 cookie-sync.api.soundcast.fm tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 97.201.227.35.in-addr.arpa udp
NL 35.214.170.195:443 csync.loopme.me tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 54.157.168.221:443 sync.srv.stackadapt.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 34.96.105.8:443 tr.blismedia.com udp
IE 54.154.106.181:443 pr-bh.ybp.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 104.17.240.158:443 analytics.crazygames.com tcp
DE 18.64.79.29:443 hb.yellowblue.io tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
DE 18.64.103.116:443 b.sharethrough.com tcp
DE 18.64.103.116:443 b.sharethrough.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
US 164.92.122.81:443 matchmaking.bloxd.io tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
US 164.92.122.81:443 matchmaking.bloxd.io tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
GB 54.230.10.71:443 groundcontrol.sharethrough.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 146.190.55.78:443 gs-oneblock-hy7jatftdroznbrc1egy6.doodlecube.io tcp
US 146.190.55.78:443 gs-oneblock-hy7jatftdroznbrc1egy6.doodlecube.io tcp
US 8.8.8.8:53 api.gameanalytics.com udp
US 184.73.195.155:443 api.gameanalytics.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 146.190.55.78:443 gs-oneblock-hy7jatftdroznbrc1egy6.doodlecube.io tcp
US 8.8.8.8:53 155.195.73.184.in-addr.arpa udp
DE 18.64.103.116:443 b.sharethrough.com tcp
US 143.244.180.136:443 bloxd.io tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
GB 54.230.10.71:443 groundcontrol.sharethrough.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 54.157.168.221:443 sync.srv.stackadapt.com tcp
NL 63.215.202.169:443 stx-match.dotomi.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
IE 52.31.57.205:443 ad.360yield.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 54.154.106.181:443 pr-bh.ybp.yahoo.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 3.226.96.179:443 i.liadm.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
IE 3.255.217.67:443 s.update.sharethru.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
IE 52.31.57.205:443 ad.360yield.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 3.255.217.67:443 s.update.sharethru.com tcp
US 104.18.22.145:443 cadmus2.script.ac tcp
IE 3.255.217.67:443 s.update.sharethru.com tcp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
US 104.17.240.158:443 analytics.crazygames.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
IE 3.255.217.67:443 s.update.sharethru.com tcp
IE 3.255.217.67:443 s.update.sharethru.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
DE 18.66.2.64:443 gw.geoedge.be tcp
GB 54.230.10.71:443 groundcontrol.sharethrough.com tcp
DE 18.64.103.116:443 b.sharethrough.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 192.132.33.68:443 bttrack.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 52.31.57.205:443 ad.360yield.com tcp
US 54.157.168.221:443 sync.srv.stackadapt.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
NL 63.215.202.169:443 stx-match.dotomi.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
IE 54.154.106.181:443 pr-bh.ybp.yahoo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 3.226.96.179:443 i.liadm.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 116.202.167.133:443 inv-nets.admixer.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 18.64.103.116:443 b.sharethrough.com tcp
US 13.107.21.237:443 bat.bing.com tcp
US 104.17.240.158:443 analytics.crazygames.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 23.197.141.223:80 answers.microsoft.com tcp
DE 23.197.141.223:80 answers.microsoft.com tcp
DE 23.197.141.223:443 answers.microsoft.com tcp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
NL 23.200.189.225:443 www.microsoft.com tcp
US 13.107.246.64:443 consentdeliveryfd.azurefd.net tcp
US 13.107.246.64:443 consentdeliveryfd.azurefd.net tcp
US 13.107.246.64:443 consentdeliveryfd.azurefd.net tcp
US 13.107.246.64:443 consentdeliveryfd.azurefd.net tcp
US 13.107.246.64:443 consentdeliveryfd.azurefd.net tcp
NL 23.200.189.225:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
NL 89.207.16.204:443 tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
DE 18.66.2.79:443 gw.geoedge.be tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
DE 3.160.39.90:443 groundcontrol.sharethrough.com tcp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 3.160.39.90:443 groundcontrol.sharethrough.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
CA 85.91.47.140:443 a1869.casalemedia.com tcp
DE 18.64.103.102:443 b.sharethrough.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
DE 18.64.103.102:443 b.sharethrough.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 102.103.64.18.in-addr.arpa udp
US 8.8.8.8:53 140.47.91.85.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
DE 157.240.27.35:443 www.facebook.com tcp
US 164.92.122.81:443 matchmaking.bloxd.io tcp
US 184.73.195.155:443 api.gameanalytics.com tcp
US 8.8.8.8:53 gs-classic-wf2cwlfeorztxe8ec3eyb.bloxd.io udp
US 64.23.155.214:443 gs-classic-wf2cwlfeorztxe8ec3eyb.bloxd.io tcp
US 64.23.155.214:443 gs-classic-wf2cwlfeorztxe8ec3eyb.bloxd.io tcp
US 13.107.21.237:443 bat.bing.com tcp
US 184.73.195.155:443 api.gameanalytics.com tcp
DE 18.66.2.79:443 gw.geoedge.be tcp
US 64.23.155.214:443 gs-classic-wf2cwlfeorztxe8ec3eyb.bloxd.io tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
DE 18.64.103.102:443 b.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
DE 3.71.91.116:443 match.sharethrough.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
NL 172.217.168.226:443 www.googletagservices.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 104.17.240.158:443 builds.crazygames.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
DE 18.64.79.8:443 hb.yellowblue.io tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
DE 18.66.2.79:443 gw.geoedge.be tcp
GB 2.18.190.133:443 cdn.doubleverify.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
DE 3.160.39.90:443 groundcontrol.sharethrough.com tcp
DE 18.64.103.102:443 b.sharethrough.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
DE 3.71.91.116:443 match.sharethrough.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 50.31.142.127:443 b1sync.zemanta.com tcp
US 35.244.159.8:443 us-u.openx.net udp
US 8.8.8.8:53 cms.quantserve.com udp
US 34.96.105.8:443 tr.blismedia.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 54.160.252.88:443 sync.srv.stackadapt.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 34.238.98.116:443 i.liadm.com tcp
IE 54.171.171.31:443 pr-bh.ybp.yahoo.com tcp
IE 54.171.44.102:443 ad.360yield.com tcp
DE 3.160.39.3:443 s.ad.smaato.net tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
DE 3.160.39.3:443 s.ad.smaato.net tcp
IE 54.171.44.102:443 ad.360yield.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
IE 54.171.171.31:443 pr-bh.ybp.yahoo.com tcp
US 34.238.98.116:443 i.liadm.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
NL 63.215.202.140:443 stx-match.dotomi.com tcp
US 8.8.8.8:53 31.171.171.54.in-addr.arpa udp
US 8.8.8.8:53 102.44.171.54.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 116.98.238.34.in-addr.arpa udp
US 8.8.8.8:53 3.39.160.3.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
DE 3.71.91.116:443 match.sharethrough.com tcp
DE 18.64.103.102:443 b.sharethrough.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
FR 149.202.238.105:443 rtb-csync.smartadserver.com tcp
US 13.107.21.237:443 bat.bing.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
GB 2.18.190.132:443 identity.nel.measure.office.net tcp
US 104.17.240.158:443 videos.crazygames.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
DE 18.64.79.29:443 hb.yellowblue.io tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
DE 18.197.60.108:443 btlr.sharethrough.com tcp
DE 18.197.60.108:443 btlr.sharethrough.com tcp
US 104.18.239.210:443 videos.crazygames.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 151.101.194.208:443 images.crazygames.com tcp
US 104.17.240.158:443 videos.crazygames.com tcp
US 104.18.239.210:443 videos.crazygames.com tcp
NL 172.217.23.206:443 google.com udp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
GB 2.18.190.132:443 identity.nel.measure.office.net tcp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.168.246:443 i.ytimg.com udp
US 104.17.240.158:443 videos.crazygames.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 172.217.23.206:443 google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 18.64.79.28:443 hb.yellowblue.io tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 172.240.45.73:443 gov.aniview.com tcp
DE 3.162.86.128:443 c.amazon-adsystem.com tcp
DE 3.162.86.128:443 c.amazon-adsystem.com tcp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
DE 18.66.2.56:443 gw.geoedge.be tcp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
NL 172.217.168.226:443 www.googletagservices.com udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
CA 85.91.47.117:443 a1846.casalemedia.com tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
CA 85.91.47.117:443 a1846.casalemedia.com tcp
BR 142.251.129.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 servedby.flashtalking.com udp
BR 142.251.129.227:443 csi.gstatic.com tcp
DE 23.197.128.137:443 servedby.flashtalking.com tcp
GB 2.18.190.133:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 227.129.251.142.in-addr.arpa udp
US 8.8.8.8:53 117.47.91.85.in-addr.arpa udp
US 104.17.240.158:443 ragdoll-archers.game-files.crazygames.com tcp
NL 2.16.6.6:443 ajs-assets.ftstatic.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
DE 18.64.119.103:443 agen-assets.ftstatic.com tcp
DE 18.64.119.103:443 agen-assets.ftstatic.com tcp
BR 142.251.129.227:443 csi.gstatic.com udp
US 8.8.8.8:53 d9.flashtalking.com udp
IE 52.17.202.108:443 d9.flashtalking.com tcp
IE 52.17.202.108:443 d9.flashtalking.com tcp
US 8.8.8.8:53 js.ad-score.com udp
US 8.8.8.8:53 cdn.flashtalking.com udp
NL 142.251.39.100:80 google.co.ck tcp
DE 18.64.119.7:443 js.ad-score.com tcp
NL 23.200.188.48:443 cdn.flashtalking.com tcp
NL 23.200.188.48:443 cdn.flashtalking.com tcp
NL 23.200.188.48:443 cdn.flashtalking.com tcp
DE 18.64.119.7:443 js.ad-score.com tcp
NL 23.200.188.48:443 cdn.flashtalking.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
NL 64.158.223.137:443 stx-match.dotomi.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
IE 54.171.171.31:443 pr-bh.ybp.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 64.158.223.137:443 stx-match.dotomi.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
IE 54.171.171.31:443 pr-bh.ybp.yahoo.com tcp
DE 18.64.119.7:443 js.ad-score.com tcp
DE 23.197.128.137:443 servedby.flashtalking.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
GB 13.42.124.218:443 ad-events.flashtalking.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 35.156.61.253:443 match.sharethrough.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
NL 23.200.188.48:443 stat.flashtalking.com tcp
US 104.18.239.210:443 ragdoll-archers.game-files.crazygames.com tcp
US 13.107.21.237:443 bat.bing.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.240.45.73:443 gov.aniview.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 18.64.79.28:443 hb.yellowblue.io tcp
US 130.211.115.4:443 data.ad-score.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.64.95.121:443 aax.amazon-adsystem.com tcp
NL 142.250.179.193:443 ed20a114b270f0004571886501fdc14b.safeframe.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
GB 2.18.190.133:443 cdn.doubleverify.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 18.185.127.61:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 b.sharethrough.com udp
DE 18.64.103.20:443 b.sharethrough.com tcp
DE 3.160.39.104:443 groundcontrol.sharethrough.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 18.66.2.56:443 gw.geoedge.be tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:443 www.softonic.com tcp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
DE 18.66.2.51:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 51.2.66.18.in-addr.arpa udp
US 151.101.193.91:443 images.sftcdn.net udp
US 151.101.129.91:443 images.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
DE 3.160.39.27:443 api.privacy-center.org tcp
NL 2.16.106.196:443 r.bing.com tcp
FR 51.178.195.213:443 ssbsync.smartadserver.com tcp
NL 2.16.106.200:443 r.bing.com tcp
NL 2.16.106.200:443 r.bing.com tcp
NL 2.16.106.200:443 r.bing.com tcp
NL 2.16.106.200:443 r.bing.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
IE 34.249.143.67:443 match.prod.bidr.io tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
NL 2.16.106.196:443 r.bing.com tcp
DE 57.129.18.111:443 wt.rqtrk.eu tcp
DE 3.160.39.83:443 s.ad.smaato.net tcp
NL 46.228.174.117:443 usermatch.targeting.unrulymedia.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 18.66.2.99:443 gw.geoedge.be tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
DE 18.64.103.20:443 b.sharethrough.com tcp
NL 69.173.156.131:443 beacon-ams3.rubiconproject.com tcp
GB 2.18.190.133:443 cdn.doubleverify.com tcp
DE 69.173.144.152:443 beacon-fra2.rubiconproject.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 172.217.23.194:443 googleads4.g.doubleclick.net udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 2.18.190.141:443 identity.nel.measure.office.net tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 142.251.39.100:80 google.co.ck tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 151.101.1.91:443 images.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
DE 18.66.2.107:443 sdk.privacy-center.org tcp
US 151.101.193.91:443 images.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
DE 3.160.39.68:443 api.privacy-center.org tcp
NL 2.16.106.200:443 r.bing.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
NL 2.16.106.200:443 r.bing.com tcp
US 20.44.10.122:443 browser.pipe.aria.microsoft.com tcp
NL 2.16.106.200:443 r.bing.com tcp
NL 2.16.106.200:443 r.bing.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp

Files

\??\pipe\crashpad_2972_NWMECVAHBRYEAFVZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b94adb74debdfd82f95835caf41d3cc
SHA1 fa743ee8fbde2a9ea2a2398e478491ac2d0dfaf2
SHA256 c782d3e6bc610ea9a0cbcea767668fee5725dfca21789da35768d7d7cc9ee83d
SHA512 420fe3266df926c66f53feddee08b099474e50a76e7a2efde1144ae6d64381e7c5650cc5d7f10c800ca953731d057b122214747f1bd8d126dfa6bd2234d3843b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 14325fba0798509afbda44298b228b55
SHA1 173dcb9622af709ef5d53d6864708ee39a92489f
SHA256 139e42abe472f2ffe483a38341d405ede2bfea34a1f7d808857a6b44a1afbd16
SHA512 19ae9d89d3757151c267144dca499ddee66499cbc05760a842414470e35e9fe9784d13bfb1fcfdb53f866da374609d9b654dcfa17902c140b07cde0de30fc744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f658197002c5847e7cafcec44c911de
SHA1 78591397143c6da06879a253f9c5a30e6b879b6f
SHA256 6ed28e7728c3c9c85186228a84d8cd9918f90b1a2fa1754d521a938283429766
SHA512 c58ede4738899e39b7ab829dd88e8718ea6c01c883b96d272ba7290e9b967a1e9a7dfc4f31b532c72e764a3d43356c291159ecc50ea9197733b122770af6c528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 87df0f2eaddef5681900fdfa81f01f0d
SHA1 57fad48e55bdf5a5011cd0b59097588c9242244e
SHA256 9133416035fbbde392ed25080e94f9e47da238aeeb40d266df2ec7522d448999
SHA512 a3b9bbbdd2b6af352f2b948a8d8103a096ab36ae1ac9fcafa8115bff880015bfecd9a946b93f12bc5a8e824f7850a885e2d6150f66679605a74d5ec3258c4e89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e8115549491cca16e7bfdfec9db7f89a
SHA1 d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256 dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e2612636cf368bc811fdc8db09e037d
SHA1 d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA256 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512 b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94ff8976c76a3aef40d85c9b5936e550
SHA1 f0acfc0bd32e194c15e6ec65ed068bd7db451155
SHA256 4a91d943d2b8f21d557e72e6b985fedc76ebf1c27adc42b1fa5b1a0d8c7d2804
SHA512 96a4d67831180545a38c584d22b0f82cfbb6a67c19cedb924f49679ab6ce3d739b47c02476b0ae7a3a3a7da28fa63d67721d7253a80559fb1b093765d804beec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7eccc9e0e7ce7926960884d732286622
SHA1 4814cda27637c68432471f98a578164d3ff5c316
SHA256 079bb84af62458b71a89ac82f6bc93caa4aa0d2c928ca70014c138671c2bb0c2
SHA512 c8487589895daa40f68c865b7a959c5b29a5ed41860af1318f5b613b40fbedda75069f05ee460a5900399ee349e32374ebe9b14c0394d39afd3414051d09c0c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c1b16c68c203a1d311ef877751752bf
SHA1 a2cc0d144845e9391de67f78a0e41c8353e315d7
SHA256 b9f29f260da734888007f06114ff321ef805b88b8fd80e5642b4227c97437c14
SHA512 af4bb152d73b9b8e239e42d2660ef17cd3161be0c0bdfc2499eb35a82c9d8c0806bbfa7346004898b8715b85873f0f67a0c4c65a0698b5be7a08c28f34b5cc82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 24a806fccb1d271a0e884e1897f2c1bc
SHA1 11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a
SHA256 e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85
SHA512 33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 cc6a7af85ef808b23fb0d7856ed6aafb
SHA1 9c32e7d7b33e9769211fbce53001a17848d546b5
SHA256 0d8b4860b16e4ee74beff0e2034bd195352dba61a455efdeb35d6ede7c4c7391
SHA512 d9e9086a0d6827ba073028b67a73e8d0936ff9813238075af53dd75af0f7417b56dc4642417ced05af36ec9e66bac671ab8ed9d0f73dd7b84a6695026ba2abf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 027a77a637cb439865b2008d68867e99
SHA1 ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA256 6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA512 66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52f131654936ff7761674ab8ae3fe4c7
SHA1 97cb9e4a134bfaad7f359278225db41fb4d21a85
SHA256 0e821a80d26e642c7e067cf39b8d53cde727cca5594f348cd1286152761be70a
SHA512 13a1920ae91fbbef851e721e001fb26c908b2d7ef9af0459b09e429177d9a7d439078a832221768a40fce3119fb599bb07c8aa2a44cdb99b5f80b02e14e1d78c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21aca0c262f7f992ab3f9a14102059b3
SHA1 c51892250895636dae7a8ed449799594a35efe1f
SHA256 72e2779becb0ca31b9e4a8dbba0652a7b0e0e71788c9b050408e39fa54f69a1c
SHA512 1f86e0af2c98372471a3b5cddaf331f8ab7407c09a423fe51f6f2fd280c0980737a744242015c2783f489d0a6fb931a80a99c4d7a432bd7420a94c7da8d8cd68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f6f26d0cbae6609ab1eecdc3358719d8
SHA1 fb71597a7edf6ad5a292b7bba64b57b0a71548ee
SHA256 7b0acbd6790a6d14141eac769777a3809e589eaf70928233f361cb927f7643cb
SHA512 d7f618fafb79b483f8f2895f2797c7cee4f6456150c9422e6bac502e62aaec37bede2f81f6eb0025a5ad6e472702b61eb96cd8e4e9f696e1b26cdce9620d6610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58729b.TMP

MD5 ad3ffc4d857a045461da9abc342abb2a
SHA1 af64828e53557f11d384faef38500cf339c66797
SHA256 14d16bade63523c68b94f7a0e2940bea6a9d8f98943c464b2c77819ef53575d9
SHA512 b0c710121506556b5710b97ae00c4c2a93003911c21d540ead2a12b3365b78e6fe151aae20cd81f62d090f1e28d86fec5f1fc991d67db5fec16dae831d7dc2ec

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db3115e9edbf3fd3701a969d280045fc
SHA1 eba3af7431e9c2f54427490e16d172958ff36ab6
SHA256 9d3fbe95a77d15d105c1670e06acb91a02cf9a1db46542987830fa70fbe4e717
SHA512 8ac82911c962307df9d6239bd7dd0aeab0b3de6dd598d8e4139410cb8b2020a5f7d247045bf6116ad4b7d5f632af8601c74ae31c1ae213364a0310842faad0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e30bc56d3efdc345b8ac2450fbed7a5
SHA1 ea880a84e579dfa6a1480c797d2ba95ae9e39f20
SHA256 2f23d445c711c5d4d4751515c33d991ba124b08e6e61e0448b13d2b028f99797
SHA512 f87737bf37712e159cad999c3d74a72da7c4464e99a75c51ad63f3301991ddd3e71dbbc4cacbccbfdd614e7abbff7cddbd8b1a8ff897dcccb2a8b465b269e4f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e171ebd4da5e32ba92cc6985c794a581
SHA1 32ea0e8bdb2239281af1ccbe329f407e94f824da
SHA256 00a99b834a3dfa2cd5b80bccffda8be20b6dc0f5798e668ce457133cdbf86ee8
SHA512 3de8fe3792a6e653063e07fb541d335cb855296e13a61f2c497a1beb129f688de03387072dc9ae7b02d186204305641fa93131b934ec2bcb1a8dcb5a470aeae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5606465b797991e4ee80a0998f00ffe6
SHA1 362add007ba9e96322c173436851066e86db110c
SHA256 e138d0d9256f15f33ad4546da551a01eaf2e58fa0ac22e586e48362ded319263
SHA512 4ec1bb0d4e287369bf01e17d3e181b446024640196d192f0df9f37b5a76460286603ee5f944381923e7f70df59f2968ddddbaa820f9a98ed193fbfa84ab13305

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21b68d54bcb2bcdf6c20fba75d794932
SHA1 69b35518c0d2640c82da72396ca3729be947be4e
SHA256 55803c67d0d29e2056eb9ca07eed75f44a408534970260b7432643439b2b0487
SHA512 a45baf512bf0228f73cf797ac05117ac443943adbbaa9afa53d3a415e3637da31d91bd33582bb4ccbae1eec323a849d40093c0d335c2d701d78aaed05f5d8060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f37c14d03a29aab7b73c39ca40701f7
SHA1 ba88af7714f45ff839dfae3c1b60df82d4176308
SHA256 fc1fc1b662ef2acb444dcb5741c1a5d6218b6f3b468e1784866387b4d1794af7
SHA512 e21c188ad7943f7ffe9fd7903eacf978947973da83111859d0cfb2425cea3ba29d5f83803151da73ad74860d3d2309375ba392d53ec29c6f25156edd0063775f

C:\Users\Admin\Downloads\Solara.zip

MD5 a7b8a9578e28cf1efb2af79f23c63a53
SHA1 d6ccaa3bd3adf465de03e2a1f57e80fc8d638fb5
SHA256 498ef5db7fae596a321995ea4f8ebffd123e44f3385874188c656841e852617d
SHA512 7ca1e56dff5ec9df09d4fb9317bd2fc9221c6c7852b6b60f75fd2b0b349485fa658b6685337836f8650aaad9253903c308e8713211212519db10dfe5eb6b452a

C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 972d293cfef39cb72162121a6a9e3b68
SHA1 695811b74098f679854cea6679e75a45649de7cb
SHA256 989350a657ab697552f271fbc0941ac12eaac540d18eaceb9dc7729915c24817
SHA512 4b864a6d92eacfcadfc8c2eb1a3399e7a6998647f4ac79a6344e407a2920d4e79f24cd344c5e3cc0ba4d060603350767e17d00cd83814e9dbe4b47b8134e529f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 fe5c3a25f9a893056adb192204b79953
SHA1 9bf5a4bbac741d7c6eabb8c60a5ef13cdcffeea3
SHA256 3668947c73800a169033761ae2e0809f4c43198910b7355eb3b2bfd29e4a7f9b
SHA512 f836f476e7c16822ea96416fd8901a7235213c1d3474eef76ac431aebdaf1740f1f9073b2c487261555546d7062aab3d93e72f4d29aeec586b7dd49ea4ec8ab1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5d5eb2f94e494e8442fc72baa16e60b7
SHA1 370723e1f78548659d0b74ed6db075ea75979afb
SHA256 1e8b48502c17575b663e297a050ec71aee6a27aafc79e6dc5cfa965231575adb
SHA512 644e86e5945c9b972f854fa468b173ba40ac9f2890900f2a168de06ba20de86f045d736c8240e707c062b217c29a7a8d8363537d155fb6b951ba1461e5930a55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 031b71a62a2fdeccb9b4450c1a5a45da
SHA1 8981f4cf618982ae302602d372bc0a6555e819a0
SHA256 5320537fdaf7d045cd03d60122c2d46e094381a5f07dd300870452269d171f7b
SHA512 9036453262feecd339e19e9b2ebed9a15ff517d88167c06b8ed3067e25855bdf391a7e7751fdf17ee2a9a420076281f4f8e85cc66e8f6e3d0e5e28228059e49f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c5846456d937d0c32621b48395e32129
SHA1 081dacf51cae024670b5d0f11ced3be71202b34a
SHA256 5dfa267f57520836dae09c64d86d4e9a8996d6b3e1784782917cd39145f7093b
SHA512 d1e3cca2e42e779b6f6cb177edd3eb342c38e8e75b7fe6b32a1ff63f451e4e2cb0b70d503042e3304268a2ab77a23d661dce50888b82bea58d8dc0bc6df46a5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 d9b427d32109a7367b92e57dae471874
SHA1 ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39
SHA256 9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3
SHA512 dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7b1524d79a31482b14285be0c7431b4
SHA1 7574b7bf4e62509466a631ff5842c33762c8de98
SHA256 ca6c683d9577fb4f157fa11c70e0225fecb3499ace8589bb88064499679e30d6
SHA512 56fda4bd86c5ccb67363ea91e02a3496bb9043755cc8eded5f450fb6cc9a7f970338fa29d822f584607b7e898ceb15519e94314f4c037e59419a7be89b2ce1d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93d51ffaae0d8877d9502a5c234b274f
SHA1 0c081405301dd5624bbb94320749c8bac077fb87
SHA256 28281c28075d4f420823f5895b621ac190fa23ae5ea5c1b525adaf25065ec7be
SHA512 2105585307c23b6af675f7735571d102be019245f7cef4582bcc9774c2ee116f2a513039d1111db452974a9721ab820e593dde25448561fc16d8c7e4c8c205d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 97420e675f21bf80113281efca55fee5
SHA1 cab02267b2a406c07394b6ce3c002d32102b9a11
SHA256 6c583564bbc053b9aeb72ed351e16c91aec4c139adb6f132f7d258466af149b7
SHA512 3db2b28dede2207c863b6ca0a7fccdccab78dac65fc118c54ecb9c6ef8f008fbbebf1bea8e7706ab080111f0d583fb476d348599703fd5eafe542774b880e712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e971d3377c7522da9900ba19530a5066
SHA1 c1f20c0dc60801236f5fe196bc0363c84f36b217
SHA256 e3b2705f38dd2bf21256f3ab2f7b09b6426c3671eecf3a185fa6d18ed254b95a
SHA512 5845134f3f656cd08a8704e1a104aeac862a27c8f8144307cecbc49124c3f3633e37b2a483c8b3980acbd9f9160db1a7270b026e295a3ede34138d110b2f3540

C:\Users\Admin\Downloads\Unconfirmed 476049.crdownload

MD5 2c752edef5b0aa0962a3e01c4c82a2fa
SHA1 9c3afd1c63f2b0dbdc2dc487709471222d2cb81e
SHA256 891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8
SHA512 04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 adb945117477402f17b88cd20052f59f
SHA1 79a3e12453fa22cefa91af7651c4d4bed3afbc4a
SHA256 fc9f7842a31716adc4699f2b43ba1a19ca30fdbda73686726532514c33e577c5
SHA512 8236c5b1ca91b5af8cac6d762bff8c405103e3973eeab641ed5fcdd1010c06c783ee531cea5be34ab44bdfbe9e8c504807875d713791fab01d3c38ef52c8b09b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8009648aa07a3a4976a4f5d126276bc4
SHA1 7aee579257bed0b62f83e068fcd6d2d7f3586bb8
SHA256 1ac6b64c2507b2232f94a96212a819786a13915e835a96a6d6c00f9d69995230
SHA512 3ab0140695e3ae7c96c19dbb00c618f9de1f0f481e0dfb479438c66b18ebb42f64e7d8bb234bf105b2f36456e7433e6b50806689821ff13c066273e4a11da6aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02213a20d030164c5d98dca1c14779e9
SHA1 822b7db529de523ddc3e3c4ab754dd40a653c7af
SHA256 658decd9270d9cae43d0ebd40e058173b4ac48b6d6919cef5400fc65b128a1d7
SHA512 55f1a28f6c9cd3a150ed0b30440878c3232882d0471c539b2ef29cd1c363e387634b8f52916fa5e8efbe555e05d0829576db1fafa7b0394cfe53bf3bee2de29c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a06db0dcf1fba3156a7645a0e2c6e18b
SHA1 123318bec224261a47dbbe4b3603fe584d33db4d
SHA256 d39211a326662dfce1940fed5d3af0a17b9a641f0697227cd0a763376b86b0e8
SHA512 7aef6ceaa371c26edfbb80c87438ff3153e607147fb2132a5bfda9529778709e261385819bbdaf964574a207408f5f3a329d5cb7069d136b8d226fc3ca35cdc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa290da03c2c208c3a2c5814fe25975c
SHA1 b03e8403e65e271826b8002b0e86b75329635cb4
SHA256 02b8f58bd5c4e30b27ee1196d8e5960ce904b9ef8361018d209009ebc2ffdb39
SHA512 d4ed9d00a41bd5a7e4729cca58edb1d540077f00d9d17b774429f7010b012043ab70d7fc83fe87d99182621c7926d971f50e8aacd3c8362a5a81de8f06cccc46

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d022604b2cc08cfdb9b67a0c78412ca4
SHA1 8e607dab326bfbe07627f8008939d0726116633d
SHA256 ad5a1f789d87794cf82b7cc0250302e60da1a5c83244d1f4b48f76b032076464
SHA512 f0a4fd736affe87e4207d80c43a6a18bbda126718bb95480f85a1e256b26b3714382d6eafcb02111741c2651deb4deec595d9e66bc23953a45de87873e81f95a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0304094992765996d11dfa0fdd48f6da
SHA1 43bb8d60e2296e15283fb22bff2fe583b0280e0d
SHA256 21687e4d769bdae929a153ec239b75e952291d233937463a3f94420117a011e3
SHA512 ca9c8b5bbafbcec180d18f20da6cb55d854943393cf98edc824de9b4a9aec04d1d85f097fabb3ac10ed86d6afddeac2b34eec6d7063e4b0bc5d82afcb98b3f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42319a3f6bb7a0231a56ab8e68ef9abb
SHA1 b995411a7746c92dd3d61615710afb37c1f758a2
SHA256 00c14bfcf001113ee1744545bbae86df79b27176e637e258582efd6d23d7d9c4
SHA512 810dbed5f138bd6a918412b06f58c855707387bf4138d735565b0f08a6da5067ad94b73c90b7cef1c30ffa019864445f7fab87412cd7b5ab78a2175bed84a40a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27a702681074d6733af69688fe8280d7
SHA1 e7f5cb4b5c2f4f2599e97dbdeb496df12b6c5977
SHA256 09b82a159d980abc4a8d1b19e00f3e67b14e566ca0e82a8b0a7d03a14113d536
SHA512 a60b3292050c0e914acb2b02cfb5901acf0b11d9ab3d4e37e9142e25bf91c096afa57216e5f17ffd7dbda35b5f79f2c1a9e1b525279b3f92cb98f22ed9d2ad1f

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\content\sounds\ouch.ogg

MD5 9404c52d6f311da02d65d4320bfebb59
SHA1 0b5b5c2e7c631894953d5828fec06bdf6adba55f
SHA256 c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317
SHA512 22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

MD5 eab6dcc312473d43c2fa8cc41280d79c
SHA1 b4e9ec7e579d06dfcaa5ac616de2751308a153c3
SHA256 0a27d3c9100ab7ab6f03c45daeb0f0cd586f3aeb59daf7986e853f9614e954fe
SHA512 1ce0fdc237110d644bcc8238f184554f25813ccf7142fd312ce96fbb6659081db677b04485bf66d52100136da6bb9688e48b1287455725c7b4950153aa2a4595

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-01a570a3cd0a46f2\RobloxPlayerBeta.dll

MD5 bcb2661dc6144c57b01993b000c43a48
SHA1 7f3449a83580f62ee56a84bd3cf971cb913ababc
SHA256 6c15c616cf1f17896260a0aa8a30fa4ae177f323878e964291773b00545b7238
SHA512 13d17601234c111098c56bbf70155e0dcf759aeca7a76c0edc13d4e26aa06de9fb64aee920c20387037f4c81d260d6d0b2e4a26cb0da85edf83282f1807eac65

memory/5464-5009-0x00007FFB9E8C0000-0x00007FFB9E8C9000-memory.dmp

memory/5464-5008-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5007-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5006-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5005-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5014-0x00007FFB9E470000-0x00007FFB9E490000-memory.dmp

memory/5464-5019-0x00007FFB9E560000-0x00007FFB9E56C000-memory.dmp

memory/5464-5017-0x00007FFB9E470000-0x00007FFB9E490000-memory.dmp

memory/5464-5018-0x00007FFB9E470000-0x00007FFB9E490000-memory.dmp

memory/5464-5016-0x00007FFB9E470000-0x00007FFB9E490000-memory.dmp

memory/5464-5015-0x00007FFB9E470000-0x00007FFB9E490000-memory.dmp

memory/5464-5013-0x00007FFB9E450000-0x00007FFB9E460000-memory.dmp

memory/5464-5012-0x00007FFB9E450000-0x00007FFB9E460000-memory.dmp

memory/5464-5011-0x00007FFB9E3C0000-0x00007FFB9E3D0000-memory.dmp

memory/5464-5010-0x00007FFB9E3C0000-0x00007FFB9E3D0000-memory.dmp

memory/5464-5029-0x00007FFB9C480000-0x00007FFB9C490000-memory.dmp

memory/5464-5028-0x00007FFB9C480000-0x00007FFB9C490000-memory.dmp

memory/5464-5027-0x00007FFB9C480000-0x00007FFB9C490000-memory.dmp

memory/5464-5026-0x00007FFB9C460000-0x00007FFB9C470000-memory.dmp

memory/5464-5038-0x00007FFB9D2F0000-0x00007FFB9D2FD000-memory.dmp

memory/5464-5054-0x00007FFB9BCF0000-0x00007FFB9BD10000-memory.dmp

memory/5464-5053-0x00007FFB9BCF0000-0x00007FFB9BD10000-memory.dmp

memory/5464-5052-0x00007FFB9BCF0000-0x00007FFB9BD10000-memory.dmp

memory/5464-5051-0x00007FFB9BCF0000-0x00007FFB9BD10000-memory.dmp

memory/5464-5050-0x00007FFB9BCC0000-0x00007FFB9BCD0000-memory.dmp

memory/5464-5049-0x00007FFB9BCC0000-0x00007FFB9BCD0000-memory.dmp

memory/5464-5048-0x00007FFB9BBB0000-0x00007FFB9BBC0000-memory.dmp

memory/5464-5047-0x00007FFB9BBB0000-0x00007FFB9BBC0000-memory.dmp

memory/5464-5063-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5062-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5061-0x00007FFB9E6B0000-0x00007FFB9E6B1000-memory.dmp

memory/5464-5060-0x00007FFB9BF30000-0x00007FFB9BF56000-memory.dmp

memory/5464-5059-0x00007FFB9BF30000-0x00007FFB9BF56000-memory.dmp

memory/5464-5058-0x00007FFB9BF30000-0x00007FFB9BF56000-memory.dmp

memory/5464-5057-0x00007FFB9BF30000-0x00007FFB9BF56000-memory.dmp

memory/5464-5056-0x00007FFB9BF30000-0x00007FFB9BF56000-memory.dmp

memory/5464-5055-0x00007FFB9BCF0000-0x00007FFB9BD10000-memory.dmp

memory/5464-5046-0x00007FFB9C6A0000-0x00007FFB9C6A9000-memory.dmp

memory/5464-5045-0x00007FFB9C6A0000-0x00007FFB9C6A9000-memory.dmp

memory/5464-5044-0x00007FFB9C6A0000-0x00007FFB9C6A9000-memory.dmp

memory/5464-5043-0x00007FFB9C6A0000-0x00007FFB9C6A9000-memory.dmp

memory/5464-5042-0x00007FFB9C6A0000-0x00007FFB9C6A9000-memory.dmp

memory/5464-5041-0x00007FFB9C680000-0x00007FFB9C690000-memory.dmp

memory/5464-5040-0x00007FFB9C680000-0x00007FFB9C690000-memory.dmp

memory/5464-5039-0x00007FFB9C680000-0x00007FFB9C690000-memory.dmp

memory/5464-5037-0x00007FFB9D2F0000-0x00007FFB9D2FD000-memory.dmp

memory/5464-5036-0x00007FFB9D2F0000-0x00007FFB9D2FD000-memory.dmp

memory/5464-5035-0x00007FFB9D2F0000-0x00007FFB9D2FD000-memory.dmp

memory/5464-5034-0x00007FFB9D2F0000-0x00007FFB9D2FD000-memory.dmp

memory/5464-5033-0x00007FFB9D2B0000-0x00007FFB9D2C0000-memory.dmp

memory/5464-5032-0x00007FFB9D2B0000-0x00007FFB9D2C0000-memory.dmp

memory/5464-5031-0x00007FFB9D240000-0x00007FFB9D250000-memory.dmp

memory/5464-5030-0x00007FFB9D240000-0x00007FFB9D250000-memory.dmp

memory/5464-5025-0x00007FFB9C460000-0x00007FFB9C470000-memory.dmp

memory/5464-5024-0x00007FFB9C460000-0x00007FFB9C470000-memory.dmp

memory/5464-5023-0x00007FFB9C2B0000-0x00007FFB9C2C0000-memory.dmp

memory/5464-5022-0x00007FFB9C2B0000-0x00007FFB9C2C0000-memory.dmp

memory/5464-5021-0x00007FFB9C140000-0x00007FFB9C150000-memory.dmp

memory/5464-5020-0x00007FFB9C140000-0x00007FFB9C150000-memory.dmp

memory/5464-5004-0x00007FFB9E830000-0x00007FFB9E860000-memory.dmp

memory/5464-5003-0x00007FFB9E7E0000-0x00007FFB9E7F0000-memory.dmp

memory/5464-5001-0x00007FFB9E6C0000-0x00007FFB9E6D0000-memory.dmp

memory/5464-5000-0x00007FFB9E6C0000-0x00007FFB9E6D0000-memory.dmp

memory/5464-5002-0x00007FFB9E7E0000-0x00007FFB9E7F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38a12ae06ca11fde0db97277ac2b644a
SHA1 fce2a9385e2677b4d13c0a8323576013fafdc99a
SHA256 3a52e2b6ca9fc27d971759c0a0be1e57e106060b8d70352c8efaed3d983bd73f
SHA512 39df652018de1d970742bf62ac1f16c6bf2843b19bf8e8b0f50e517d1bb05f9752f57963e322125aa1b40fad707b9e2f61999f798ffc6976cd918d1f96aa0d26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cbd683902f3337e90c8bc4793f82e6d6
SHA1 f9b9249a21620374cd1056b9df15d1b94f045f35
SHA256 4c8b68fa6c27df93218fe73dcb166506575b37cab2cb07a73226b099a1020274
SHA512 e5e58df7c022c2b1d21846cae931f540ea88670180560a7cc1408473bac94256fb73b03c56f3932cc095904562c6bd909e7b92ec384e7b1843307c448ecbc66f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4ea389fc42f23400886133523966e02
SHA1 429b84ab16c82302af85075da9c239f854e0954c
SHA256 e771794c8d3413d8c17c00a6fa147d1458dc2a550b8489ac5365c53bb363a570
SHA512 70ac4f61d409b67ad446f1d1cf033044726c13921ca82971f5c8a3d4c40125a10015dc9f44f7e660929572aef18bfbe49e694d643e05377165c516ac6cc933d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8bb6f536b5c0e0521d0cc530887143fd
SHA1 d24edc58236f5e69881330848e99e14afeb941b9
SHA256 cbebbb23394a57eb01ec2079d5822a5064eb0c51a0538898124c47da5e8b6688
SHA512 ac3f8cb40056a14eea82e87d12199172b3ce3b95456ddccbe32bdb19715d560133f6d344be4befc8487d08b32de07631b9c0da5bdc40685eac8de702a47ddc4a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f46dd9f3201a27c7b3459aa9512fb82e
SHA1 a7d093e8a34038c2ad9cd13a1946eda988a0c332
SHA256 ae35c4067b24d38d77730628e492117bae5398df4d026cc568086eccb007011a
SHA512 495925df89c30ec1dd4f6f7d11c220d9eb5bc81f6195ca774de0b99a4283a95dab7e5746dc6af9c4d7f4ac284b3e14412388cf0e792e81b86849b17c81316f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ead9843ab90b741fc21527d122b70e88
SHA1 6330c023a55df58b81d7666d3e1d0d2571d1969e
SHA256 22fe5f1fbd04e1b2f84fd185dc348af9307e28642baf6e80b8ea69db52cd2e14
SHA512 3ba9f58ea7564145ebc54661fcf969ab2dcaec0e71d0ce25c1776a0ff010a52d1d10a1f40048fd2576452cf0d27e4252449f84faa51a2a59bd80237068dc70af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 888c5fa4504182a0224b264a1fda0e73
SHA1 65f058a7dead59a8063362241865526eb0148f16
SHA256 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA512 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9724dbb8dcd43210457661391a1b9d6d
SHA1 617d1be16b6709785e0b61ae95e34aa4412a94c5
SHA256 d74d4f00853b766f1dc32898d3750dc64adbfe787fd13d02f2898ec693655e6c
SHA512 2617dd13d56247c75597d366fb358db10b57c1447a1df792ca561777f8d57765f309ea6293c948a140b42a2d1581aaf6a68fc8f8331ca3323e52c90c810bc6df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea9b8918ad020319_0

MD5 080db41ffcef35562fced7ad050e2043
SHA1 bfc6cb961f770eafddd1d912a8630900c62d1a77
SHA256 253bd653fc171a8578899d72cc2a29e68125702c8b84a508d98e929d2c15bbe2
SHA512 b1b2e1136003bb14288f89255d978ae260b0be6f199f5492b5f45eb07489005310b92fca0cbfffea963b5db26e88af9e51b8098b04a62c2c5390dda54cae90e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a3a80e24ba73b16_0

MD5 e58376439974a4110b25faa8fb9d1118
SHA1 9a2ac3ebff9c7318e358963c7c06c7376654b763
SHA256 f67fa7055224e7ccd0f0c026f3906d9e57bfc79e883ac68a2899b4f739ccfd8d
SHA512 83649da000d5ac1dff9f957f461d36a895b0dfd2bfc856c8b9fc93d19614345b87eb83fbc8bb8a68cd5b869bbf8d347bb0c6d95e7707e7b9d8472fce5a5f9361

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b650d47f3dfd2d75178b0af252bcfabf
SHA1 db2bf13618047c94caea0ca477cf9c8e6204752c
SHA256 15eac0e2d054a43f85caac0bb6c2ea759f874ae6eea8cccfd93077f62f70bff7
SHA512 d73fa7ad56b28c5846e605252983595cbcce6235d7a42034a0dca33818d82ab62d4118affe16e1909f68b3ae5be26d9546656d6cd025f33157382901eb60a077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98de60ab4b3ad18f8af1c6d7afe707f5
SHA1 73b04db0b8c43671698d2ba5d18d4e1131556a8a
SHA256 50c4439966e4374d6f8dd9e3237d5b5028b011d05c46a8441a5de0b021b03a23
SHA512 9fbfe80586e4c12d48c11fdd82a93389eac72ee905be8ea345a83f658ba5a3abee372d64881525a891590a7e20da9ba3201b8838847062831873465d926f9a73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6a2e48cf46bf9e410d5f53e47e700482
SHA1 81364269689c36a74660defea3fd165ee073d53c
SHA256 f204b07b3755c5bc22642f9a6d55f90455c44986479d3e8e99c5536615c6cefc
SHA512 2e6c911471a6e9d2fe5358668045a8760d9d8dc7786c425cd8511768de0942d8832521db25a92082f167cbf4088c4a84675ae7e76a78e1b9729d804d00b20fbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8763a723da00288e06ad6ee18c050592
SHA1 b84ec931dd9e7d5a1125fad934f0cc077f8f56ee
SHA256 38c5cc3f8c4900c68c04d746c769313755f341044affcdf68bbb5a72315beab7
SHA512 c891ef28879dcb508a62705c9af193ee9234c93cd1f7396cdf2431ad832105eb150a1871a553df54d6a386ad270815bddbec4395e5ea5cbe4db4e9dc5d24650b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24b52fd36488d166828c03c8926e3843
SHA1 06ec6b4ec81965a30acd916745e585812bcfc3da
SHA256 bf2fd362477a1c53e323982f83159d64551912535b175bb85ff2df7bd11c3c25
SHA512 8a1a700c7c77d3faa8f46b8670559dd8d4d3dd427bf8815cb85fa7605d9e099b828adad8aceb9257aec3f1a28a31de2f17dd4451110362d2b0d5d6e1b5943b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3fbab1a16bb3adb104dedf7e50089c13
SHA1 d23836d863a72fb71c34103668360486a56da3f6
SHA256 be1d00e5b5b6d5d227d46a745e2a13c9833b850cbcaafc8a4a640e4170d28754
SHA512 6308a3c5196f3a9c6745ff86d01ea4c088be2b23b5b6d55ee852c34c1c6ae9518e9e3a862550260bd9a67066f0144be5cb8a9f218bcd6726656304f3114d2e79

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 467c77939bc0c698b8cc93206333bf37
SHA1 1d4ecedf7919685a2cd5677183c52d9a4cca595f
SHA256 aa469c98692d9424c4e1c27d71b2940cb09597d04876acab5bddbacbfe776d45
SHA512 42384a625d79c99ffaeb3bebea9e21151b57c8127f8a7bfcd92f86db551672167416c09f6b609e712c248e501b6d9c38dbd0e76202eac70947fbc9245cb938a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7916218271138b7d5f87c463983fb880
SHA1 6b96c7d820479106b70d822232f46023f6c46cb1
SHA256 ae124431c02566a265ca9988ab203802acfc200f0e09260571fc4cf25bb6b64f
SHA512 3585675b0d5a8a7fb2de54b30571a7335371859f21b6c29796f499df5c4aaa642042a1468c2a6deee12b4472bf1b957641c8da00c971bb6c62fddffc081bb8d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4384637ddacf994_0

MD5 b6489e2591e68a00f351a16e2177c5b7
SHA1 5f766cdaa4a6f6af7e03ff44774cc053060ae955
SHA256 c3e436554473c1a7324e7e1f2f88d80c251e0cd910fffeab614eebc753abe416
SHA512 1e36565a9f3141fd5fb2c36ce5914a1c6bc90a702d62cc96a025ec8bbb4eb81dd3c82d2082192a9a44c43742e405822bac7c4f34ee0706f281079964f49e426e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

MD5 fc499a14bfd3627d99eadff22288a301
SHA1 c2762dcb325aebd4e539a6aa7f6fa1aeb908f75c
SHA256 05573c4cfeca82eb64293902c7e07ff9158d794f28b114d26d47a8cdcb931ee8
SHA512 0d974bc3f40306594c77dbad4f659bd4fb358a3e55afb73f6cf237840c5bc6b48afbcb1fb64081ef15460160df5069ec199059901da39352ca6882e2eb4d7cf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 2fe27f8463a40af25fae45b06e3e668a
SHA1 3407ed7a67ee11f67b9c5536b389e8ea6448f183
SHA256 9526bb3260b8e7e5b7d6df31169a1dcabe680a03957d59f3cd3572c800ee19a2
SHA512 a11ee4946c19b933ea8ce7664816fceefa243a11180fd25f58bafa457aa60d852165ae6f85c1d3bd3b4c3dde2ba374c912bce764df1f96be7daa70127e10fcbd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f568daf23c9370659989aa4ab1cf389f
SHA1 d1ec0c76a6925d8b17f9b8827ac68be451005c25
SHA256 97a169132f5f77454251d89175af1d1d82e3eae0aa1fd3c408cfac9a1fe7a405
SHA512 87a6c5fb8194725ca813bd90dba0ba8e7ce32cbabdb195f9f358a7465c3729fdcdc4e0a938a8716f73e1f2b64fb0e3a1ed89c50f20590840a999810c47373bf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 879994f76eeb799a1df7f845703f3697
SHA1 e6cd7a0b43ed3052fccadf8be45d502be6835623
SHA256 368838ad64e530e06e3ca15b5c352dbd21f17e37fe0ea0deec419f1ebe1818e6
SHA512 b62640a184c131504306d7dd5f8405cb59662a62ac6364e22eaca64279b0fe762cfdc654eb6ee9ca468cfe144e7c380df5449e72207991bb36ba65037aca100d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

MD5 f3f5203e6eab68a5c2d6670cb699e98c
SHA1 987c746d7c52094cb0ce599422b368d1a0bc9424
SHA256 2da5adce1ef28533a7155c3b18f66d7cd02f7917ef0500bc455e3b10d758d67b
SHA512 f51f142a6b6b177d3b1a1c78686f408d25812f011623b105538f32c7aa42115a0dadf060951fa3f6228787cfe53b07b4a2c3c8fdea4110b341fdd1161fc370fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 2ace437bb110ff5a55c97f359e00b81b
SHA1 53f5d212d4f350db0dcc0efb48c7026bb1570bad
SHA256 c1ad5cb24177c918ed1709c67234d767772720f537019affdbe21098069fd1d4
SHA512 3056f710b8831491f6d71fb45cc36a6efd4c787df1c8334eb4ef4d5601a5b31c20851f7d162b80fd1de287f614776410e147ead3ca364717bb30b506fac8feb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 85c0d946a4165bf18f4f42cdbf8e988f
SHA1 03823a5dffcf192f9ec2f4638f657097d9a08f57
SHA256 143b393af450e725e78eb07e267db083dd7cb319ab574c4146f429e0a4e9bc6d
SHA512 da56b1fc38452636cf9c8235cb6b0a495690df2f64ae7830ffde84737941cb4beefc3b15eb8e33ea64ee37df331ddf21f0ba0b63b2777ecf708bcbe328422282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 2e66071f90e5f0700aec513bee734b9d
SHA1 8ab88e1c931c6d3a6761bfe0a54be5d8aebdd40b
SHA256 8afa6b73bd494635c8b71f940d720046ee2e70c42517c8acb1f4bdec3b6ca064
SHA512 9b86c6549cc0eb967299200ee42808d53be766fa0f15d847fb8ae55b15e216de3e1790c4d4d69a5577124754cea3282b7017f150ec45b2bd4697e3bba6396341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90a3024039060f37_0

MD5 34da317565c2ced9dbec9ced837e4d9c
SHA1 b084362d43255f38753af37d8bee98747da1b290
SHA256 c0d5bd92a11d582d1bb0e8ae3279ef9d50e3a5952508b3dc0ccebac11c1a38b9
SHA512 96f0f103d089f261969c878e5dcf29a9dadaa4cfd3517d6eac8c6d64420bbee1073e26e5f1185953103e29282efd76a9b20353bae72997fb728b63a84c600b4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 198aabf2dc57111af3ce1f5b321b1612
SHA1 ce026a176c34618004e59c548ebd7d3071372b0a
SHA256 fc9b17bbc0ca0f23316fcb4dccd3447b6ecf901a44a14de6538ea0c464317643
SHA512 72242389451c87e515b900698e27aa4394cbfc82df895435e798402092b0d6a975ddf2cae45fd1cab37e06b30ccd481e455d336698c19ae6ff06b0d19f1fde1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a614899219c1f2bb_0

MD5 1fa68c8e0298fa5b490f54bb9a466a95
SHA1 a7b71618dd13b142f3d11f6eeaa46d4b0301d0a3
SHA256 70853d11ed7a10ee101ba63f8a096d76747324065084d300b37c283602d067ae
SHA512 7563be3e066d70cc8692275bef2f1b589e87d361c294089ed22acdad2f9aa82a8a99f1980f305422b0850098ac8d6e15b0130c148e39190b2b615ef643f6a37b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 cc311dca82bcf1cb2c6e0ddb2f2f05db
SHA1 5745c125aac0686f24f61702c6989e11fb6fa0c6
SHA256 9e8e1c9f39105b0193848cb17aa7a3e3cb10e590906a50bac56e515d74d79eea
SHA512 e05251e3a7d2d5e1023cf63fbdd1735018487420daa02cf4364eaa38ef949db785860aed9cd19ed24bd6279fcac0653d654b18b57d88fa2001d764ad1f104154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c8ebabdf2ca951b6_0

MD5 7b1b9dc862fa338134198a1fd087e76a
SHA1 a13c6f35f9d866d451df9d0523504b5786040157
SHA256 9cfa27a21469f47d3e0a4fb7970d5ed15b8bd23331de6090bb70cdbd5a67b25e
SHA512 5271d8a33fe45f53ab528857e651c2857f24ac23d57b6e926130535ab5dc9c9c666af40ce30b7274d966b490a36537fe0b94042a5c0ad47473fc0f717337fa80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

MD5 7c471d9d0a7feafc503204e7e5589d6f
SHA1 e8117056b56b5a086506d615f7ea8342ba27bbeb
SHA256 9f57b64e4698706fe006889f87d27e3afd01c0fc044a23084fe450b7dc18ae32
SHA512 dc24ab0ae30703ad4500a152a02e0a25ce2c8b5f65fe55824ac0572cde39cc4779c5987f0bdb2ebfba31f3066bb6ed40f36e590e3439fed153189bf560ea9f9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 1ed5a2270bbfa74819a2c7c4a539410b
SHA1 10ff3260fc683461fe27a8e029f8beee70d6b271
SHA256 27e5d8e05082532eb2f84749e52dd0a61b823312fb0495dabc2da42654f4d47e
SHA512 2d31111a494495174a96340f0af5ec8901a81a595777b8062226307758ae62e83952a0888e28aac573f5ff2977cee8a40e19fe4a4020fb40aa9b5f8023d57eac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 bc1cb46b7571ef3fd865d551826ceeaa
SHA1 449272f09532cdf087f6ba31c29d2c25798a9ccd
SHA256 ee45fd1ed45e68ad9f53f57c46c7bf901293e0115c0d729c87bc675aad4cfb13
SHA512 349683bc02ad907f24da6c20b383fb23e869f9b89dbd6865139e066e154aa9cfaca07dab434ae8314d14ab53b47dbc8cbe625a61ec95ea5359276395e37f8b46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 0da865fd46d508736944fbcb39769e91
SHA1 c25d74305226205468c1f51b20bdcdab236d7189
SHA256 5d36883628eabb28aa54669bfc71d29ae2c59e4fc7e5da1d0a1f8841f466975f
SHA512 24f209908cd91c61e932c06b09c5c58410ee0d170d9c49de68e8ebb428c50331334c0b06fb6793cb3c51eb71bfd9a6f6216919bc62688390f369b5e08c6539fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 94ade34dc9803b0ce4b55b9d49306a90
SHA1 9e10c5d93ab54e22414bbe3445f872ef483f0db7
SHA256 7280a3ff515b67121133f2375cb4fd31229abb62678f91051d7d5cce5b501734
SHA512 1297c5764cafa75a4f051aeab9cb1a418a101efd3b740724a7fa929b29e38c78b1f2916882b41835e1d7068cebc9668aed9a2f49aa1190d739b36e8e10ae7cae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 c446a3e8b97bebad5a6e0e40e8ffbcce
SHA1 716298fa4f1616b3b2d37d58b53b5f3d23e4453e
SHA256 db582f1e25592be39005527e233b674caf29eab1603b0693db672d6158483102
SHA512 818e73f1a5317fcd39634f3d4484247e2e8993f90ee8b49e9cf0018b771aafbd3b4dc400b8518628317ffcef478fd7f33c917c56d798855a0ffe6543c5eae3dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 39252f8813948fe71e97d33b96913244
SHA1 fc87584bd4c6bb183c9dfeb65f0e96f5cfcda838
SHA256 800fe83b6e93d91c73c57b8c697190eacd322680bb8b133ff47d2da6aa0cf0f5
SHA512 70732ee00035f7c90c60ed121837affb398f06c351e53f1f45cdab09262c687d9053dd9332eeb7da0c845fbd7a51454aff068f7cc9998cad85dcf7ae710e1840

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0

MD5 ae9f1ed1a226a472e241e00643f64012
SHA1 26504f8fb7a0a47a5e16c3b876741fd7719289a1
SHA256 7af36d33336c441a278644d8fb794758e1ce5394bf67c7c0226ea20a71c8fc79
SHA512 03722ac7da6e4f2e6b08151fbb1a789a658d14cba40ad5d8d8901d1d3300ef125c4579a711141baced40276f92e8a5389f320747999c881e7fca847db8b07487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

MD5 f53da65ec373335072e06d79d14003fd
SHA1 44ed770e8f9cf61f6cabcb191bbff939ba90175f
SHA256 1f3169a185120ab74d0320156f1c9f1658fc16f858d36d5f3c085b80b9c78d45
SHA512 bdb6d042a41359f3848751d29b502e9b97b426d818d365c0acd5e736804b09ff1aa598b162a2804fb006d5d759a8e026d4e1dce4c700509e7a4d1c2ad77d0a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 ad397a7ccab7c1d647e2a33436ccc37d
SHA1 ddb5ca2079aa70787cc267c1a4e5b3cc6360ae1b
SHA256 9eedd3bb796fbb3272c4ccdc675d6a243831a9eea608eda371f06396e13ff88a
SHA512 66b57aca426c8fbe0da51bb4b86a22751fa4ee3833d11a05271dd569fbe9815cb8ef15a03fcbce70fce6b63a6a614cf247540196018a17243f79a67d7898d150

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 a331dea1afceec58f7ee0f91285902aa
SHA1 0946cfac937205155dd050fdd30d4621cc042d5b
SHA256 2dfbfb0421bbbd97bd0e9a4cc4dcb93644b174af534d46a5d0e6ec3255915b0b
SHA512 2abd8ed40741a35376853d5ff4570a77c5c512a7f955ce85dcc3e1ce679fa707bb30013452dee6a465e941916cb47ee0ef8faf6a67acbf37088176f1a4ad263c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 033e0129c351a07cbe81f17a3af4e1f3
SHA1 3e82811a2fb2634fdc133bb5a6974d001563f33a
SHA256 1faa23406797177a74750daf3940b7a3537c557bd95375c1024aa72073959a6f
SHA512 e1f9d2e4da85e4194bad0dfea0cc53e99b995b900c644c01b0172ea5466e188bba72dc6c7da513bfeeef939ff7d33e8b5cbe050f1f976ce57ae97fe2d49e50b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 41f902e2c95dbc07c8eebcf208095613
SHA1 426d6d99f13f9764ae738477485ba03152a8ea5f
SHA256 07e73cc69c82835056a1339f5e7f4ad4840509fcb3686e330ab705e3d7136371
SHA512 e9d66cd260b3d0e2cd074a6378d12f0d09a7966b61280b223afbea059cced63254bd1c6e8449853bcee26c43e47fb8572cb5ae4f133914c56e78b780d14bdbed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fa2fcf4fc0765ae_0

MD5 81709bae8cafb9ec5d8dc69ef8ee273a
SHA1 54ca4ad4213d9d199f544e2b0ede2271fbaa4b4f
SHA256 05b415067854365b5b292eee58d35c5d04bd2bb90ada7b1865beafb9b9656e82
SHA512 ec5d2a8df671c78197f4f13597e0447b58fa7c3239792f87cf259c348a9f29f692f6699841864788662ed91db51f1e4601cc350cca2d2a2401e9143af19f8ae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 26763dd168bf647c857bd00aa142c237
SHA1 b551385f407f299b7c73dcb53c6e7199882e2881
SHA256 b25172a94befd4f1a1e6a95f3d16454eb7e9475126ad241e89a7687787ba1be8
SHA512 aaa3f8f069a2f90801078aebcbcfd5c18b03be3f093be0a3df7cde6c50586252082ab01bd3ae0e2feb8ca83a33060f7c183f95516356c4770a467e84b5ab6c36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 53da3bf0a740b919b0c85bd14dafabf4
SHA1 437234c3f1c86da8f0f25e6d089be15ec239c112
SHA256 dd480194df6d03c3cc61d0c921aa7a046160babf79b617bfe4a168ae7e63e69f
SHA512 81ad5cab9b6cd532f3cf2c52191c575036c7d6f13a4756d9afd73050c989950f87e942ce0aeb146e14435cc488be28e70c62c9de0219f7e83d4c23f82ad8e4be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 53c72f0b273b11161849d4085382771f
SHA1 177d3ac0e94fd36004aaa9428105131d9dc7a3f6
SHA256 b5643f6939142de287fa51c5358b1c2d39b85853e1ff23680787724ba877defb
SHA512 6c16f5a18443a2e37d2c9df43cadcb6e7d93d52af0fc6fa3a0904ef5c18c656604e6080832cd1a68fc198caf543903ad324646360bf365467124faf75bd5772f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 4d0eb2537e4997b1684860c6b62d2e6e
SHA1 d6f46748d5ac616247d0054caf10cea7b9fb74c7
SHA256 8630f38e9d25b96d192149f649a6abc928f19b3736009f1747afe18fa2add403
SHA512 00432c8290a6c5169a8212d0dfe856409d88b420c8b2eece59f2d6c7def6af6668ce2587c08a3ad4e33a82ebd5e8fdc361055da4dd245869645524d2fee88eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 3ceb5dbe8947f88be424e65bdcf3d445
SHA1 ce56b5bd56a7b6dc7e5f31c4e70f6f04b0732233
SHA256 de1cb9ba1abfa4ebf4dbce6172278fc8a7a5ca610bc19d69fd22cf31b8468868
SHA512 277c54019bc9d6c8b14a526fad6086ad713b2059e3d939d7c6c6d81355793f85c8dd744e33db5a4b07826121c6441bf14685700dafc58820fd036ea1e34fa2c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0

MD5 dd4671a31f1558b5b5d2c1e4cc6083a6
SHA1 38e8592af41206bb292e0119d874b2ab5ab47a2c
SHA256 1cff9edf7cf1b5e296241c5a2ec319f80307f963363e0105e3afc5a5b2a61ce1
SHA512 7259e152bf9f7c24c20779cd61f937a4b629af0c3d4be856ecc498e1bc858bf09f55450a0f248aee26d5f755debd03363434cb337aaa3bfcc5af9fab044e00be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 aec3e63e4b3f064cf494d382569c22ed
SHA1 78c49640dda7a4b50faeb6e667f4d3253ccd258a
SHA256 48d0685d9f0a5c480d5d1eb6ba7b4145fc05650909789ad1bc4ff7c0b80cea9f
SHA512 f300073daa87fd1fde5127288d550e7b7cb8f04b1be7e051cc62e916003cf1f5dc4eac4d2d10c777167c476af86b000b98154433e10675a3ec7aa2f96c92281d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 58727053b85b77dbc4366fa7539509e5
SHA1 eba37b20cd2672245f8be4510de2e8d86be1957c
SHA256 c626be64f8f0fc7b6f69a4797ee3258b0dea845447694f67afe944c35203d455
SHA512 b302e7dcd79528f9228f9bad095d823bc85e2917608acbefe7dc358b85dbec3e5a10409745b2e9fdbb828b3fd061f6ab552c174d114570446ae52c3f9a7b918e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e894f22602acda27_0

MD5 e4cbbefd585054e899e68fd1d8ef7a35
SHA1 a43aebbccf7eaa2e64aff2bc04947eb74e82c786
SHA256 dc15b2d47ddffa5567cc823431ff18eeaf9e5d5ccabda8fa52c618c548a6ed04
SHA512 695644073d2ba83eba4c05cb9bf8a876b0d61ae0ac0b7680ef6a57d70baf82154c26ae2e4483d99889759d53d52fcd5c9347aadcc40c25cfac96108e07cfd29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4cd1d1d887caff0_0

MD5 6832113eb2182b2edf68b09dfb58ac20
SHA1 4fe6d8610bc8b16e9e24e0672d6a9a64c28a9837
SHA256 b9567079ef8cf6047aa81e4f50cb5af8be6863150b4c973edad00f0fb3bfcea1
SHA512 004596c2d2e6bcc2a7bbaa44bf49670e60513bb5a96e6ef9e7674f81d4f419ed8f9f11abd9dd968d88f0ec0eecbc0fd014372b79d0cda63e5647d1740774d35a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85ad01aaacdcd7209a7985992fb60690
SHA1 3b953ef536ff67dc255af5b1e4cdeedff7cff9f3
SHA256 7e815b13f47fbb415113e248c8d761c8b140da4c63dbfed36f1b78f78d5fea38
SHA512 ce3e9b6a674ca06e83e7ac4a589c2adfeae6fc5daa4f9fe0cdc9535ae8befad74e478baba2b6aafacd0ebe7e1bc493e62ea33c2f0e87c838f38f6da545c2c545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 040aafb8a95130ddfc32ca3d5f136900
SHA1 4ac6d718e135b344b7187554f50a81a393603174
SHA256 b14f7a3aad12b4fdca2c93a084df4424717a049f9000c03bd4a42e1ff6229fe8
SHA512 68f39e1a127aa267a813c6e2724e10ffaef48e52174eecd8e5eb8708c8e1250392c3d1f0f6edf17f7a2d533d6881603c4f76dab6508535a39223002d3c446125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6c247c9608c35b7_0

MD5 7a14b6c871470f67ce591cc34a860f12
SHA1 0dd67c078c21017b06301acb3abcf933c6d157b2
SHA256 c345c118117d8f0d1a79f2c6cafbb84047e18cdf9aeb16703283938aacb2ac31
SHA512 36b9ce93cbd4d916764e83d00c2e36d207e46e568f99ae9b77c85a141bfb3083cb95e93f515f1022a5bb42e966ed7937dbd1c10c784438cb58cac351d4cf2c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 4e98df39a0dd7fc679fe8a6afb7a606f
SHA1 116d87da074e5c7f7e381293f652c8ad698c47bf
SHA256 d9975233aca89290be1efc6da37feb4720a5ecc61878d4943af52d546cfb0f1a
SHA512 135394319a4438d4c2888225f3910ad5a5c79ad515ea8ee1ecc0a95974ce87d349e0f716102d4ce47625fa2acf89ea20c9039733ffff0751ebeacd40f0239df2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 79a9cb2a5292a4d04899bccd329cd31e
SHA1 4b5c45ca1614af365a4990877502f0304ae9e540
SHA256 7d7e77faa18ea8d54ba375e34abff4573e3ca0f52e027244818d8d0e9dc3568c
SHA512 a596b2ef4beae222f27663d24611b56725de5e9972a3f868f1a62a45ece765b4af88d13b5466721396f7769187a410ec6446a425a032d54c3303e2c0f1b26b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88a4573f8814656c_0

MD5 beb8938810014aa38c426411c11ccbe7
SHA1 c713bc095686e610d45d47b646a503f280cd93cb
SHA256 b5f6c08754f6cd68314917ee6bbe33ffd82ae0212ebc1b612882d2810b90ac3d
SHA512 ec9c2cbbb3002fc87ccce868d336e7bd1f2ff9556a534eef10d653d069dded4a6292e65e3b78f45d6b8354f70fd4a01c906bbcba9675e1aada13325019ba2434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0

MD5 5e1a496cb4637d90873fcb82b09bd2b4
SHA1 9cf17687dcb665f9558ad92e4c2ecc69e0bcac9b
SHA256 fb1d3d84b0bfe606e4213429ad0812e8df288b5c213906906b03ca4c16f99a6e
SHA512 03b85a1f6760e2b671083d21f37a8251ee07d3d9870c9d641627cee8a3b6fc9dd9289b3bf7596d99097d766b6f22cf60cf06999f425f38dce5dc0fa56ee3c8dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\853a29087a6885da_0

MD5 b1466b37c1d93fa14eef48bef69d5a00
SHA1 068a3884e38b49eb4d1f8b4277c53a0603bb4aca
SHA256 496b2356b237dd8645565215d347e2fb90fb7d1832d7a3f5fa1f1f056168080d
SHA512 8d218a5f29bcc1a43a4b521bef0df0eedeedfbcf4fea9b7bbb2869ed27a2ccd53dcc8b1c57dd9f622b5dbdd04b0206abf84d0b614058c6bcdf4bb0ef20980b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 0b8c488a230422d120a526d8ff2335eb
SHA1 1f42b48c050f1ea7cb06dc2aca0d59a83417cd65
SHA256 28b6c6a1f02218314da7f1dec60e3c83ec8addb798da185a768f6f2620ed1b4e
SHA512 87c3a5d29b6918fcfaf744c8efb2bfff1000e917bcefe66d9f124331061e3b5733e9de37545914ffade398735dbb6400fd202c340362478735d252e0cfa93fe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

MD5 448e154359bff432f939fa59dcfaffcf
SHA1 521a5e3f5067385f02c98bc48aff101a00d2d992
SHA256 37daf57d06f0b8f9330bdbee00472154e5beeb16c3600d4ba045df510197981e
SHA512 6e39407e686648cd16d4ef166a811b274ed429b1707ac1ecdeb9f4449717cf3fcb3c17829fd9565a4d5a7a573516dd8f631b16b74764e5a92f447b74df961c50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 ba806c576a3e413064de899767363d75
SHA1 3d2847dd020bf1e77ffa3e893df424b9bd802509
SHA256 f48154afd2b7339005b5d1ee7d060c72ef6d140f6717f48272e3408f5a85b29d
SHA512 96a94f6b97edec188ade610c88415a20fbde890f429025ea85a13ddc6a2ea3b3ab58994725f169985c3582986a960ed7ed4caddafd416fed9e7de489ebffbac0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 a90602e3c7d98b0a0a1b1d04d9edc410
SHA1 6a6e2bb6ba896be1839a4ee588d910a17f2f860b
SHA256 6c58ea4923d58a9963722e7f6e778e1319295bb771be954d10309b997a5f5a93
SHA512 54d3e57736ee289417fce93ebf27dd59285cdd270c7f76a1a26f79f8b1c87b123c5e04fe89604236480fb0a0befe4e5ff549932e61377b223a994c66b992de4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

MD5 ca6fa8ad3a43508f04d4a76c5fcac93d
SHA1 8ebf3eacdf3ae7390af234b0a969158edc62fc08
SHA256 e82ad8581ef1facd56c39c8a7314345a9e4ea22eff3dd047ae3bd452a797bbab
SHA512 d4b0674981d5bc9d9edb45a06d9d701967cf069e5dbedd6f1ac8abe486075584e0a437c476d9abc120ea4dda62e324d723a8a5dde2710fc7cfff102c027e8c23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 d465812cd62f03ea9fd8dd7f39f0e006
SHA1 549e8d31b00ec84db7316d72d993f0e424d0f18a
SHA256 208a0567660a0c5de666eac92f02327a92c16098a5a937d70be2b06fd9564f13
SHA512 ff2cd671b2842a24829fa36d62177391b9708a8d3c3bd69049193001b39827cf814fdfa66004bf4e9d7ff13e02e9479c027836a87679df82cfa29c5831aaa903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 da18627bcb9ea609eb0f39765492cee9
SHA1 cfa72310757bc9ea846935e5bc0727e2709f6977
SHA256 f26917879853fca582a79078d9d702ca680328c3d093690bf3787983cfaf1104
SHA512 b8624da8b8f87ae2285ffabd21f40480176be6e94c6c9a803e2dbdc7fdd3a89a7adb8bf179bb9117faf42aa87475cea5b21c29a457a40be24cab8184cad86d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 6d5a7765628d0ef89232db725eb416d9
SHA1 ea55f498233e15730ff49bcb7476ebc5c44fb8ba
SHA256 df8bc348b3696ddc01ea640060c34ab86048e62c80a402c3088536629ef40174
SHA512 feee312b9dc75286ae620259d9c769e98af99aca02ab2a89196a8b75eb33a6cf9dbc9c0211c0ee009a3a0bef82ade7d3e022d28683497612ba90a5c890434c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 532953e758b1fc98eebec79e50e13fb7
SHA1 ea5e129ea61a6357b5d8470cc02771500a01ae4f
SHA256 f440b525a7cefa2b5c51fdcb3b87a33a6c5e512e20aac21cc72dc7fcd393b80a
SHA512 8b431827280ae0d94dd9c3273132297f0e00621e922edb209560f259547bbb0b803f22aae84f8c589f67060c36cb89246be3cded882a21c78fb62d436d47f821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c33e264ced11fdf7_0

MD5 d95df7cedbb8203decfd1fbe24801a70
SHA1 d3b5ba50c3367d766ce50fc2dde8d83f7f2db6f6
SHA256 43b86f2afc48822f72b8d1d08c471dd3c040d0fdeeb49313f8281dce5020b208
SHA512 f9114ac80b7e3800475293b330db8737e43657478481eec5981ddb0adeaca3199909b31e1be091943ddd8e7bb059d225637f5ce637c7274270d1911ed93af9d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 eaed2a2b65dc8d88fe9a75418c742ca7
SHA1 c38fa9eaedf6cc91b441d9809452757a5d61bf39
SHA256 f6f47dc08ba3303fc7bcc3e4f6095bc713279a7e0189ad49e5a4e0e4e630be1e
SHA512 1b8269c190c262d6ba130244696e3376ef902b3ab6195a8ec68c737188cdada7731aba940452b5ddf3cc77bdbe77d0d15d9767131e7a84072618695466c3320a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 0432f111b14da4e6c8f78fb4d43315ad
SHA1 26e4f6b72610b8c431c44a8f21cba74138186f71
SHA256 901516fb74ff238c7b280d32f0c1bef3722afa8ffa603579aa826bd6569dfe96
SHA512 26e3ecc5159145b7102213276a60750128a25f2492e9920fe752de5bbab91abb141dcf2109d813cba2154acd2cb8e540bb24db0545f91ba600382223ad7c6011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9af4bacc442d47e_0

MD5 f6facccca87cb243d8cb3600d2a977de
SHA1 38bfdd406e40c133d012fbe58318a6740a1b93e0
SHA256 7c4340ac1d5d4ed05e98825f48fa1e88d94e6946ecf315086155d1a333e60c68
SHA512 946e5823088608cee06cc4dc08dc620546728da95a7186b8573147718ac91440bc95d694efc4cc6611303abce71156b1827b3dadff37694173f73ad75d403104

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 223ac7947db852bd204250ab9f5a8635
SHA1 ea083c9749f9cc8adba4d934c3cc773944b6293e
SHA256 ae680141df4e18decec2020cc3a2c20ec2237e4c72784416bbb4a8611e076ab6
SHA512 8a2d36b41e9a7912f51b97f4cfc8a496b569344235fad4fa9127c6053780d72826a9dda02f142baa860092fb583c77afab5f315634cd7543a5c86061ff9868c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1860851168a17773_0

MD5 11b3ee343fc7c66c3a5e2667cb6126ce
SHA1 22cdc67c6be6decf02d4ef6ab610ca76ca616f13
SHA256 ea4446d25b934c48ce76761bdf3b41a37644951d94341a959a932b2ff01c9042
SHA512 1d190520e0760d4c1e0bb3996f98288eade4570a9e59cba92b0c56b8d927fde0e1d58a88ba1f358b2100045a802393a9ba60ef683e3e5dbfea796eb1b99870bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 0fad7dde185e994093efe72bf8b391e0
SHA1 744d11b5c842945ea9e9b89be2f52c91541c0bfb
SHA256 efd0aabfc33dace017029c4824c11ef59c638e3189c5c3f861dafa392a372bfc
SHA512 868c69541e11ef84a35258832d7be0641ed82b457f907b74eaa6d131d59f1bd0f27616d4ab527f17489adb4ad7ac464581054f1b23f6d961bdfcfc9911640148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 a06a428b15f2015e98d230aaca84eee2
SHA1 6e10564ce69225dd0885edd41f237792692e1e87
SHA256 62bff18e024bd4241162ddfc1ede312584b5115b6199d64c25b260aadc8ac7ab
SHA512 21a657926ebb78ee9f8627916bdb4aa258ef836af6cfa57b77634407fec4f9efaa757f5bdeb282bdeec98ee234e7dd4439524c280adafc6ce55ce882ced06534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 88db0c6df0e45c9c96b67652da0c3d1e
SHA1 2192291b5304cd276011f7f38dfaaaea4d260dd0
SHA256 4efaf352302b2200209185dc8d61f7090711641bdd121c3466a3898cc16e3b5b
SHA512 c61792bac45214a7d59936c6d4910576e8e01c0b188b5d2426cff99e627faf09579033292fb49fb9cae3eafe1154b4903b7bddad9bbd33f27e3b86ed211a4046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\395a4188-a414-42e8-9db5-cba320412ca4.tmp

MD5 a36e9e4606a1a5ee16ea8104cf1a5c7b
SHA1 e9fdbd0d5e058441e42da0a9443c10b08b4501a1
SHA256 226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b
SHA512 12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cd75592b5b3696b9b96c276c1c6fc4a1
SHA1 0075dd8e6698ad2f9a67330882da73c8d8b5b6d1
SHA256 e55e554895fa1366318e69ee91d15b3bc8f315c3d03bfa90ae054130b096c32e
SHA512 edd8d28fc896c616c7128d9c05afeac5e24993e0238ddde61007ec7b3159512d04059a0420b71c05a5facac28124f9c273d981b784ad97c9c1038efc16c23ba5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4bac6bc85c99fbb72f0d50165a5c6d10
SHA1 ba836d5acb0092ccda5fc32e42991c999bbc0cef
SHA256 39f91f74b3a7a46f355fffd3ed87131adf1482d29c4fd42fb21b4023d3f32fd9
SHA512 db5a60035c6568d9c7cb8ca9089954d737489a8a644d0525904c49183b2dd580233257f43c3ff4e4f4553c5c430697247cb61473ad9edf4e1fada92b60244e28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87faceefb2f66bfc91237202913f0e5a
SHA1 dd1fc64c7b9335583575678c44c93f17a09bbbdf
SHA256 95f580a46b67402d3d842dbe09269741eff157b0ca0a7de4cf0535a635318ae4
SHA512 67e60c45d4ff3fa292c6a7a77d1fee6f4f053acc5f9eecf3c871f7cef68c406e29a3130b21560cfc72a30c42146c238afee2ab7568e6107aefa4c8ce6e403c9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fe6d9497e3f8ed259e9c49e670893248
SHA1 3cfa59252edf787cbf1ae76589ed357b544079aa
SHA256 66641cc388c8114c8e425cd3ef56ef07ce21dbdace38e4dd37e8fcbdc8ec54f0
SHA512 49fa9e98aaa27db57130325498f80c41a55203b0b15a3db1fe97676856041173921484a196fde7f87f4ed73432af073fe0f575851f9f589d04a372496d5d862e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5da5e7.TMP

MD5 fb7a85d6b9432debf622134cd52e496a
SHA1 834bb4a5af84457d380e899e7678abdae20d8643
SHA256 154e7b0138f257c1f98f65cd4e1b87144ce7d6b53426768869ddcc908eae81ac
SHA512 5629e20c3e1429bb7641ceefe3dde90ebaa519d6a0956550d9e289b4430f92e16de1da7c108d5989a1908c90f0c4c8a26acca6ab4c55b47d13bc20b1670bcd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\615f5a6e-71ba-4bbf-9d70-9ae0e04b31b5\index-dir\the-real-index

MD5 ccc0588dbf70a779e8e190abac35a521
SHA1 48431573d4f769585a1fdbbced8e5e1b269b6420
SHA256 92fb928cbd4bcfe41479e95931df38c11a884497de218d5a2503389c1c58b84d
SHA512 c445824d9a5825561c61750af00851a5270faa0bc0555c017fa300962e0ce09eaf883aac1b507b2e5a6c694e76448e3405eedc202d07313509438f06964bd6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\615f5a6e-71ba-4bbf-9d70-9ae0e04b31b5\index-dir\the-real-index~RFe5da616.TMP

MD5 23475d16e4440247902f7db0728716de
SHA1 c7e64b5788a13da937746eec7b37daf173abf3ba
SHA256 8f34870aa81d91ec8e7b70e8d5f62d370c6fd8ff694f96f8b53b6a50a05a12c7
SHA512 3a9461f53bf595a0aec78fc891bf843cd33d3c32a6c893903ba2b474759350e1c93000a51f324d4bb99dd9fbf66b0b0053fb4d9eb076ea39c6cda92f8c2a86f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\index.txt

MD5 9866c0b2e9e4ba024f41ce78ad863c68
SHA1 120d113e439073b190ab6d3dc7f5a4c882a615f8
SHA256 41a6297c97868c294302f65ebb0d1ca3cd446edd6d99e3bf5750357025594f59
SHA512 4519a4d3ce10f190e0c83774e9fe275e98254a573204e975d0db117f148632273605a648958d960148ad4e45b37cebc2a4f0fb76a6d90dd0b87920c853f6b572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\index.txt~RFe5da655.TMP

MD5 61e2ec6e01365c022a544c538b9703f9
SHA1 e13519eb91522c41c8e32b667c3dc538e7fd5d94
SHA256 a3d65b88b218c9a0fc9935f10585dfe812ad5adb7c01b13d7c3791f792b76461
SHA512 17fbb02a9ba510344936026c1977f2d5719f8debdeb2735a40d11d48083d37d3d57ae993068385000ab034f1b39e2a6322ab090f305e81dbf3d395281c45ff21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5b7fe8d79737b8af6f3aae1d1b876e8
SHA1 95bfa61638bad593c1072614383014dc6e351e23
SHA256 cb6d46775e4fda5263d83b50ff881a574fe1c4a80e6a672b87e6e387fc331bf2
SHA512 d125ee543cc35542af87d2af76aeea88d00b039e10df0a1bf169c55bcb52ec9fe5893c91aba827516804664f30b069e46566fea378652f092a22865eb4ef63eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef078505-0d1c-4a38-8c81-6896658e63e1.tmp

MD5 e0ed4d41e5e93249ea9dd3bb56348a89
SHA1 e1b1ed246069536f2e1cf83459c58da0e8019773
SHA256 3e47ffced851e3bf8e2cefed446abec2e51ea22f0f5f8d88acefd93f55b00e0d
SHA512 90aebe635d502c574524bba1c6636cee92c89965c41fe667ad735699e36977ea330c85ef986091f64b0aac8fbdcfb4e90124e7ed12115f8b482790e50eac5283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd63bf70c1d7883a86625a1c1cbe9d9a
SHA1 fa12663b17965bac09077dc0c97f47d5a2ef35c5
SHA256 7f9dab5f0e5a4b4971a74c9dacf4f8b3d5d12c84a5911c33cb73d575358a874b
SHA512 97b79baf74bf8132a1271cec46489dc73bccec0ec224a49ade0fbad5e659acbfe42205a9e08e65256293f74ddd0b4ab7b5ecbb7f0a8a6689bf8b0776d678ac35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 365d4877f1fdcf524324222158c0d2db
SHA1 51a9dd8ba36d713826fc4b089db05efa367f306e
SHA256 2faebe402648d270388d32ce64b86cb863696905fe38a959a8dc8ad9cfcf4538
SHA512 6189b3056a1f8a0938718ba45fd6d2d638ca7be65adeb602ccdbb94ecca63957552d5ee4f1422c47c5520934ae50ec482719801228a20174b63effbcec939e5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 3a706435cff5c428f63b62c01ee6fc4e
SHA1 867ea02f762a24ca6890b927c7ca8a57d3f52c27
SHA256 8b22ab0b756c132ef0ec13a723b710bead3aa614fea1eb7024ced3f7649b2396
SHA512 e81045ee39c54a948c741afe116faaf9e0b4712369eedd930ae0e5d164024f4751bf97d8db814aed2a7568ce7c05c99afa101436c85669e807741abfeab35f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 8e1639f35865be918b41e64b90fce71c
SHA1 60e222d164bf5029ba0ce3822777896a6116d469
SHA256 37fd5075be381d05cef872360790ff648e49374e5711beb36e36598ea6a83cc8
SHA512 c20c834b20c9c7520c334c9e81e5e5b022e22b770a54ebd87df1b2d4151091618400fb2909836293b5bd5a56ec6c43a66b7a027e0b0e023b1a7d18477e5c9e4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 11f853098792a1d0af0edae4979b8b19
SHA1 09215a0755ef2bae91f8a5038da2e0f6dcaf763b
SHA256 f516d1278a82d075b3fd0229afa1a990b708901c9a2cfcba125b028f140659e1
SHA512 2feece23e197650277ba8bd7ea0e24f05cac6b4706f3ed0652bf9060701ca742e12fe2237bb8f287f9c5b226f06babcc7436e3196eba03c852675963f97b6919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

MD5 5033597bec51b56e6e624b0a66cdc9fe
SHA1 dfd8fd287d9f082e543c36d413bacb479ecbf922
SHA256 d30043ab0b4a34e3bdfda8e6a8dc567620f9cc99355c9a8c145efce83af3a320
SHA512 0af95d1e8e69ab9144c11dd6e2d755f198f6f1f66fb78069b1736b4d32667d181ca32a58e6103ec0a1868512bf6dbd992e04833d3785a56df6e11ad8f9fc28ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 24cb5bc75c825b95042e4a1cb2ae5307
SHA1 e4ce43a9f97d8639bdf4189364ec52213abb71a1
SHA256 63840f4639e3e51698cb7060e0277260cd7b5c1ac192f8d07fffef89a49e9478
SHA512 f24f7b8d7b26e7322aca783db4a21aaa1ede2a46e9ab1317aba68f958ba6e2da3cd328bbaccad276f8ae4187427069ae6e2fdbfd01267fb4b162842df633011c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2a1dd0e7b50b8201a935ac033350821b
SHA1 cd9292601d8ee8ab65d6003f1178a331fd7749e5
SHA256 67568a2a60441bd98762daae657f11a62fe1303042a5e8e04e6fc68950f60cec
SHA512 2c5de9c0209b43343fed19d7933103b34ccfa7b63d862d038af1882a2cfb2910ed4401bcae476548f4ab9106eeedad0b01297ae75f987bb14769887456188bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc6e86bdaf43b8336ffbbe87eea4de59
SHA1 fc70189cdcb71b4a53367dcfc933eddd172e5166
SHA256 fa9cdf66cdc9842c709f44cadf67b52c3500b60eeb2149031008de132306ef09
SHA512 408e9c9f814a06852d9455f5b5fc005e16ab02454df90fe580127774dc735c266f250ff6f1f8e9031ed86a94bdd9c5002b4708de521e55cf881cc1596ae374ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ab01b9d9a38c8cce9986607a93efc5e
SHA1 18d675d1796969c43377e56e55a3d0b9f97e7ca9
SHA256 860de2ef592d4b745fd5e4b4914d6d9fd2d86bf209c0ea86445bc749ebfd42ad
SHA512 b3debba2c4d79c8ae94e426f634167e3f43f17d92d441f494c5c7befa458ac975cb56d93e482a588f29318daee94011f9f1dcb9a16d30fd312a404554c7a5134

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51fbfad50d04810ef27a0afd10d36a6f
SHA1 197d409069db4e14211034532ced7be0139bcf3c
SHA256 e84db68f80de00469c7e86512f929ac715e2a75067f4a9faae1a920f65ffa9a2
SHA512 1e03cd69c50e04b012c2e18b5f3fa6502d7cd41897d6c4e8457e5b6e0ae3af39a56982923b3b3dfca64611b967e60ed33a7bde0a5b11d28450826af3a789dc71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26e5a9c13731561cc5d7e0ea8a7861e7
SHA1 c248873360ac975e00c4013c56ca8a29e3e36e61
SHA256 9b5f1501396ff583ea19297569fe840c0b59007124948d52809f45e15cc510a6
SHA512 6eb7cf38475073332ca590a66a621ce6c76aaf0e9ebd02e7571f278aedb93e8626a6606822c1ec4d4103657bdb772b4c9a80d1f068199ed90a88e4c3ea2647bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 695b70761cfdb595bcd4ece340499623
SHA1 a71c599c9dc4cef47c8218f7a8b62c4ef2a2ed55
SHA256 583cdf7bb306aba0327a620d7ae7eab420dcfec2aa58c6b6f6267a00e2c9a245
SHA512 3233878fdea03831d3512280f67db2d991446fd6bd88b8e5ca02355cd6d4078402de9981167e3ca666028b2aea8bb52a215ee998ad71b8ac11c50fc4357e0a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 8f9edb2a27595c0943b27d8a92ca3062
SHA1 1b9246c3ed672c02d48f35f96957583bdd7567b4
SHA256 480c0fcd38d992ac596ea343f19be72998ef005e4a78fdb7a2812f611c3477ca
SHA512 3eb40da6c35b1089c70e7e442a5758dfc797150b4d7318ba229b74075e4f56097245bc147b37bbf71e822f808875789465490f52b829cbb5d4f0eafabaf7ddd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 90ffc4d1fcc52a98a7203a0970eb01c4
SHA1 858777963f39e2050f4d9d4f5efe4a4beec50111
SHA256 9d3a48fa351d5516c9cfe7f681c7b5ab4b03757b5ba15b82ee91c7cb96084ca0
SHA512 2667bb8433678d6e00bba5af41fdaf63b8d57a49a44224e141d841613df642b6f679260e8db45496f7428b07015cd144bf2623ef6f021de0ae03c21e11754b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

MD5 80e4fbd2edab2b18c8a1ebdb8c3af4da
SHA1 7f6e2fe0da422cfa2fb241559c3e80500a6760d9
SHA256 8eea464c459f6840bd67118e9d64302db1af9830cfa64259ac00558b3862933f
SHA512 ea3fd97c13c9aa4c17ade6d81878cfffaf32f4e3f3e6d584191bd0cb920fa899be3e174940e971abc8c5deaf626baac6c444edc09bf7803312ee82ab445527e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 645056f87d15834b6139c5edcfe665a0
SHA1 d9c7969263b133464be0496ad812d30a4a0cbad3
SHA256 7d69bc20908da8e7061fd5b108e300d9f3a36da9de4b7a7010755734c9f7beff
SHA512 1e9824e31309e7e211ff09d714cf3c89b69dc482124b739e00874ffa635602596848579a830d6c18619b54e6cf01a584feeb0e5ef74f52f71b9edd5e86d58867

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24360874c99b2368_0

MD5 b4bb387825f634cf6a66def418991c03
SHA1 c00e996ee3a24487aa96ff2e566daec1081b3094
SHA256 2c302d2848a168ef6cb9bb58b4667d8c6b55d45e82e9b2c71be3374e0c682f30
SHA512 b9cf1a5660833fb0274fc0af07c2a4b04ab3f9a1cc5a0516768b139db8967ea157523e7f9583d36e3e0e6239cbe8fec3b11ea7f3d2ccf40c2c656b4745eb10e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 959a5a3cf183fd2f416a740ceed383d2
SHA1 7e242f2f9e1c42dbda616aa835f07904dac24856
SHA256 8d864016cd3366ee5fa3db197e09f00008fe55c9ed9185b28f834856535d707a
SHA512 4860171a972a0365a27c4505eeaf97c6e2b4169a32b0e2ce9de889628e139e8305874a836d8319fe2836a62246ee018a13eb72ffd4a4b412a557ac4b8b6a8642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6aff3ba91a6a45de089e1b03b2706fb3
SHA1 f47ceaf14aa950776da9361d2d928bb1a2dd0b1e
SHA256 27de6b6194d221605017b8a2399f3d15111b07ea5fd254973c43591f1f1c3150
SHA512 7b776baa968aeb88a059ce075691fca267af59f42733ec89bc3b5004ff0917e9ec1cfb2102c75dc8a5509bb03773f43a073e92dcb4b1a390ba272e99ec5451a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb738fafcabea2c5ceb1878f01c52f9c
SHA1 e83203cbc06cd2e93093a36782f425fa3e21c657
SHA256 4ea5391423e79896f4dca812ea46770e5b117278a5cde60af748896384f151c3
SHA512 3805d2b2730aa495330085509e7f8be021d083117b8112be17d25c9e4dd583685cf17ff2ddd6a9edb30a2bdaab6424ea8c1494b30b3f0fafebf5ce2df1310c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 68c21bec81296bcbaf1242063ca04a8b
SHA1 11190b3d9fb000ea376276e199d47f0013646ddf
SHA256 c21f09024a8915342d13164e1dd2c072b7c35e1f44fcaa3c00fd6e04a1c34666
SHA512 167bfa5b5fe715888fa335f540caafa82916de409dd2baa060b873bfb90126d65f6b6e62ed25b955b4da98d2472583f1cfe92b727acdd61ec8958a3c2b3bc8f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de4c72853047d621c2bea7c2da897822
SHA1 fa6c320076cfa16e772578f307f577d9d0835357
SHA256 f768b8db3627b021282fd1d5eb2dcb775b36118b251aa1842c868991a96281f5
SHA512 a8786b9222dc2c8840607be25fe403f7511c0cdde21537c2602aa3861a1c92605f7aa1e7744e1098c9599e8b374cf17fc29b8e3c10fee60b32128145c96dd43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d5fcf56cd650bf958abb0badd8a1c04
SHA1 d34e7931d835ac0842b577d75f20eb3e95053e3f
SHA256 b3346d01e431f0994930e473b0c3f07513af45564cea79961ccf49be762bb19a
SHA512 2469cd8cdfbb1f6ca4c37fd28cb7e987e7f618acb8f850f311a61064846cdcd66e73673cabd95c4585c5feb09af38cc85f5be8fcb0d7c3ce996d217f6d802ec5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aae1a22e13ea1aaae316e65851cd8418
SHA1 ffb272044c582d82094f91b53eadc1882ad3de12
SHA256 d66258db6c42f2d4d324c63d3b2154827d63e669a87be1bf15b4555e898bad19
SHA512 85b29f830bec06795ee71830a456d168c33eeeceea481eaec361d4a04b25a57a78c74eacfd18f833b1fb600b45cd6e3f874ccadc9cc9a647978a4840762f525a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b95dd4fc0c61f497443966957719db3
SHA1 1b66d06e20b98bcacb03510d50d9039b4d36d2f5
SHA256 a8f0e28502a0adcab1e4ff21bea8c2653cc33ac7598820bdc9a15aa60b2c5ee7
SHA512 d3f0e50673cae7a3e5f0e802fc69e3c24c05d7a8c3c92e6a2365fa2e469149eb406bd069dd5dd06c3769e1410cef5dce08e4a048639ae3cdc7957ceab90601c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cf48ffcd7caae5550f735410b552d16
SHA1 8dd658575e8192db92f8c3e34be95b0d63ec2789
SHA256 e010b2a0b95d7b053d394f5ab080e895f84063dec8ee14b91e78e3c926003a24
SHA512 50d11a90796d1c4b4c0df0d9a9b30d754e7020b34e10b4e8f48370301c05cfe6ae3ae3968a79456348f63bd81c7fb602e0b0a342c578a85a9a9ef3bb0e0074f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3bc8373165e77d7e26dc344cf425d35
SHA1 3f9e1df5bf7ce4162b5d5f07fd6627f90bfd526d
SHA256 5f519bfb88b80925b0a8013331ffe34ce5d082e99ddf996556dadf6b843c854a
SHA512 2265b95d56463d5aa0a8b6b402adc884c1f3951496fa5cda4d4d4789e996011ebf84fa4fb3d4743c12dea70c2ee1c3de3c2ec1766bc736c5c77020f37b58c936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a94e1c97413aa18e41c12bc8f64c02f
SHA1 d5fed07f638ff5348b660c907fb312c4d3624d25
SHA256 097c298665a12befbfd449b08e9db0c16ded5f16fb86b102ea592760ad7168e6
SHA512 dacfde1877a5e50526f9f415632d1305d7d0436a8ce5aa648811caa87c27a4624eab0ecc227fb73acd5e08db21fa7b2607a80bfb60dd26aaf4a49249d34a34ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b517269656ce1d4475a5eb4282543a69
SHA1 1ae2a18a9677ee4efc434528fb1f8bc7ac0c6219
SHA256 bdf3f3872c1686118df0834f78b5dbbdff295ed791d7cf1c174f841741e98090
SHA512 403d533949cc826d3f979a17d423b36fb63c3868be43a6b4421f5b0d1c047a95375dbb01fc83e9a506b2be339a45df7b0102ec0ea264837d282e890b025290fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06b00b91eca59276e958bc6dc5023d51
SHA1 cc333ea6afd91c7c408af915aa2417f1e55b1848
SHA256 b1bc36bd5e69601512d5ed56a3aeaec21c2b519e1d96f28c21906e7a5a951864
SHA512 4aa5b85b743d948736ebd2c6f0fe01be07d3c8566841a03dcb2cd6ebe89d704fe49f7dfa529cb3a19138821bd8c679c903616505cb215e549f0ed7e98f15cc2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb062edbeeabd790e29cfc438a5ec576
SHA1 458112df577300e81deb8d39387437480e2c29ab
SHA256 1236d67a76463908ff57e743d2d905a2f8f8a0102aaa54ca13bc1e9663dda66c
SHA512 57734f29726f3ebd8a970c8c5f3b1cdb20d9182118b0ecece6860bfe0ceb7baa079828401fa982960a8d6f5cbf68146f892d397b6a9e9b67dd8143794635f51c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a24243c37fce56421ad62953827ed0cd
SHA1 47389e5c18a934ae6f009cf3e0f18c96459589de
SHA256 a7914043b25f2016f7def8299414abf6fbaa0ac3ca51b8f6b817d4140bb15fd2
SHA512 093292dd19afceea4c3ac69eceeeae227016fa2beb92de3eb0981509aa282afd19121f7752fb2c1ab72065ecf874c9a73f8a00991aa28f66974983d0e2fd37fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fff9e847c5e1bafebfd426946726ba7c
SHA1 6b2690cd27482c325c0ec743de7d9de67395ff0f
SHA256 073b3f3ed11fdc3b16ce4e9a0e5bb517d5262ed751277c21939a528a7d0b0196
SHA512 5d5806da3b695063ca84c56f8e5a63a25ff81820cafb9d8dbe1a1af092ea1cfdd8115e3db6c3d2615114815585ad05456fad6c349f480288ee1f8d06f843bb07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 267f22ed3617d97fee55b66d89b1afa1
SHA1 cc24bf17bee0e1a962f2880e0d199947eb558dab
SHA256 daeaaf7511ecf9b4172aa5725975a62c32891ff912a599627a29e945543cf30b
SHA512 d5afb7bc3c7e95556a8274d25922bb64d595495d6259e9b2590348068cdfbee17c836b2cbea1c89a148f10fb8bfcf62a707ffb94cba5eaefb0b5e105f8319181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e8abc94e1049e9f89cdc9c218275ad8
SHA1 8fe7a7fd5884b9a024f5004b9d96ad8de1ae8775
SHA256 48daa29d65b790e05acc5ab0892d1c3688b8114aa585713d05f6c7aef355278a
SHA512 438d50aab58478d716923879e5ca7c976e9659f27a9534e0b154c6171c2e9a195ea489a045d0060122a36c3fd296a0cb6301de9b3f185ddf8097245b6621f56f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eaf82f39dcfab39cf3af0e0247069f61
SHA1 7172188e483fbb75722c9da6192db3c7ec12ce79
SHA256 774253915e1793009d6e587ff4f5cc5940f173276876e8823578b08b9fc3297a
SHA512 90cdec6ae9ed43f0cf4f6871b4c625876b7a0d6bc30879f1ea11045ff3f6c0f447794d815aff0c49a311c0ac1f44ab5d067a2f11bd259237e53a2954776ef23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\f0a27b1a-9036-4721-bfff-d4a4aa50a7e5\4

MD5 898349c670416e28038f35bd972b39be
SHA1 52eafadbe3b3193e5586803251488aafb8ec6e83
SHA256 8b9049fdf391c527b8598528a7b847adc19194fa6499c9919eab3811165f744c
SHA512 028506d38db1eb803f50b621aff0b620388cf6b3a98c477c0cb1828e3f56a7cf0f7d463956dbe370221a9dd59a0e373033386b2c9bec2df520fd36953c1a1976

C:\Users\Admin\Downloads\Unconfirmed 225018.crdownload

MD5 fba93d8d029e85e0cde3759b7903cee2
SHA1 525b1aa549188f4565c75ab69e51f927204ca384
SHA256 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA512 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4aa430441517e8c495ab3de6e892b6c
SHA1 df17f5d774d3a3aaad3ffcf14b32e7a49ce7c8f8
SHA256 f64080d68758c6402bdee65a0c9d031c4c94e25337260785a069855dde956827
SHA512 e1003bdffb83c9f3a49da0f9eabb1024bdf39e9a62f798da843bef7988f1364f733c1a2c827ff70e6a35b89232cdf9d8c6acd85c75883332c2d3f2ec72984d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa005b7b989acf2da6e05e0e2c828749
SHA1 1149bab6a7d85deff8f39c87456d12975f6861ff
SHA256 4b6135fe54abe3df40a7954592d35356d5e9e47d1b92c6e5f089aa7aea0858a7
SHA512 a15f7bca1aa1d2eedd902b89a23bde57d2a558189eea59c54deac3c2c501741e0728b7aadf90048441f1cc805636701c30358ef98d54b84b8638f30c4377ee64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ee0027b2f333def75688519763ae1e3
SHA1 eb62636571a631fe504bbf5e1c54745d67ba1111
SHA256 538c8971a0345b94d5aa672dfb376f26f342cf958905d378990a9a6eb8e71fcd
SHA512 7836d310b88d7d2bf4c3d4c67851e5b2e0d0f8785d4ac1849ae323b601bf7271140f60cf166a4fba36fbd857bfd7654be6e948d69d28f0207325c7188cb9657a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ddf6f0031761e7d34b077c8d50b6727
SHA1 d9fd7b84a14743893ac28496c21278484f948cab
SHA256 bd8870f58f3a6eafdbbe8ba3f2feabf028d82552a1f030a5c6744f276974edaf
SHA512 f628fff1e6dbb24ddaf83cd83d8fe908e04c6d93c436a06deb79c9e744ad3deaa7eb14b733a88935f165c415c115e6b94279c1ac1b5eb6d10ba779d2826dc4af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 adf92ade1fc510fe49db45d4375a5224
SHA1 0de018595d9174c00a6d3037ccda87f0dc2bd46e
SHA256 a2b90865b72d2ee925a776ffbfb1b432f74f9d25a20db9f8627a7e9639cf11eb
SHA512 3a45d34c5a52b0017c88986cf71d7a95ffd1ca53fb7d537c40961aeaaaacca31a0e481228619c7609c850d4f8849fbb14b48137fbf231694fd2803969a3ec5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b7c33c9b08bede51fc84096fcea4a504
SHA1 66526af0f4ef835774de9fdefc5900fda7005b16
SHA256 71ca61d827b229ebcc50debaaa8339e260f4d9b8d01f5659147b458db9b39dda
SHA512 0531cb5a4ac09bfcab9325ffa4b5598e0516cbcd58344f3e442442ef76eb6fcb4cfc9b26dd1b3cb2b379adf2483379507e5ba95165970ff14f5fabcd748453ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 65b5f640d5b5daf1f78d1b80585f6e91
SHA1 a0d205a645cd200569db6027b72b3db9aec5c151
SHA256 d5b8f4e3af9d0f2159fa5056b42b4aa66f7d069689b98ea8970e3703b16037e5
SHA512 f0175537bf23697ce8692239bcb397e4d99d07d68e40509d4a3ee991d60d3dbf6bb14585f95fc12cc91e5e5d7b86c98a9cde690ad44033ba1ca328bda232745c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f6ad239db1fc8980688b73fc3891414
SHA1 1d628e73df9491db6b47f2cfb3d2cff35df00ec0
SHA256 69a23663f21f79991d66116b36286669eef353d6a008639a1c2c04c82af54053
SHA512 12aa9337cb450f44f6d0538889e1843fd034d3e66f7287d258fb773d1c0f30363fd91460cda132c1c0298c3fa7eecc5bd403fc63dde28a5bdd55d1fe17034882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8af4e6cf625e1693231deaaf1d46fef
SHA1 a2432c2c45f2913a18dc4d54ab5abb378047ff18
SHA256 2069cbdce726e64bf99cc85c5db156a1235818d019f79fb128a91f71344f8194
SHA512 348bd9bb39a5364b594ef478fceb28e8ba5e8416867f6d5b4b900ade1a3fdbf6c83a4c3fb28f05fba8a520b9633f2736e3de0b422e1b72c8df7f6f57f9b9f6da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ab291f76f0d815a7463052ba1b6101f
SHA1 9b53c761c74bd29fb8935e3d322e5e7b29660255
SHA256 9d614457fd52cf0405f70da50e6df80c367f6aaa6e75acc3cbaf2fc878231830
SHA512 80ff46bfbf26d95e215c67e7ec1eba54deec410a8b3a067f119aa7d9b80bbacc238c46797cb7fbb912affa72c4e2f24a230329951fa2b79df1a29482d30d3f4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea331afeb25ea5c18fd0164afac5c70d
SHA1 60f267406947aebebcf50d08411d82d28b1f1656
SHA256 f02e83d72e88fd362924d6ed90d8fbe3bea467c4058c43f0efb2e2d8eb24cce6
SHA512 2b13f01d0f8121581b511fc1caa481d04975410d26c2103e0e56f7af7451a32b13c1c3b38a60f8dfbc0f0e1b8aa0e959590b6e70e384094a2881340c02ccf87f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0348260fe663a8b4d0c835c0018bdd8b
SHA1 af2fbe63c9705f347253bcebe3e9185422b362fc
SHA256 2e090322191454801a1822cf82076085225cfa3d15d1865b9f829d4d49cbd2a0
SHA512 00da7254a13f72d654c42a8fcdac7262abace3eed8185adc5f25f4898b01fcd032ac517e446767a1d12d4bfe24a6504122babe545c76230d9427525d2030897f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73663271195e73fe48ece0a4840f9bb8
SHA1 24396c1c2e057d770f9a3bb16b4cf9eac5284fb8
SHA256 823c54a913a39953ac6713c2c35a8f7a1627cddbe181e4c6b11c0b849e6f96dd
SHA512 18fcaf0deaaed0b2ad55168184e5749a261e0b7ef7e6d32df1bfd301781de2dcc621ad03d802afeebc7cc06e95da9032c5d92c9ec3cf9934abe45a11d38c4b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c086f88a8a7809621c8a1600f852ca3
SHA1 23112e316cfb5726c2b37606eba6dde1d1e8eef4
SHA256 f02027eff5cd2910fa23ba3f535471f38a8c2792ed83cf7c4ff05f7ddd8d72d5
SHA512 3157df01be39baedd5b84efe6224e934442777853922cd860d91b3948f8e977445e155cc0a0f8a01a7b95c56bee29dfbc446dd1aba0c5df0111372b14ba83fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8582505202cf8fd5d5efb83ebfa73263
SHA1 e5338298e1db1bda51107f17feff2d6564a69b0b
SHA256 7c4a1cf5c811a22addbde8a2909b35eeef5457b164c3739534242a54e45aeac9
SHA512 cfc818bee6b54d4b0c76860331b56aa66f16d56eef12e97765036279c9eaee7ffa08fcc9ccd479a30a06606e0003995eef43a8aa41123b9308d0499e5d95b2d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 faecf6280fd430d31ab4b918e1ef1412
SHA1 5323eccccb32c947fbde63048ca7b58900ea926e
SHA256 a6c0b56599543be99e3aef524cfc8272ddbeac63af5f5a1be80b10089264f30a
SHA512 a9b085ce0589dae3b477093897c9f30a108bf00afca6b85a2be268b33406ce1f15f3f910f79e3d4bb612628fc0e44d1630d11c20b46d83b4a3843cd8ab113bdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71e4be319698cbc277ab958b0cc77a8c
SHA1 eca2443ba41bfa551bcc70a8434d0484fd6ad34c
SHA256 fa67789b4431419f7efa877c283d53f197de51317a293ba38fec8d396ab34281
SHA512 a14c06119902dc4a5d1e20c36830e74ba2cf515d35d5014c78eaa81413649a018ca8e9de9b198fc9e41858b0830c6155dc71e607911c8c4759c3eb88317a4de9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7211ad47f45492ab4b8fd675327995ae
SHA1 0761e859c9295d77c0e3c7f822f56d7695400550
SHA256 b67982af0e711caed1170e6a4ba685d2db35e7a778f6ce19906faa918ad7072d
SHA512 95036029dd85eee74e867579383f41d11a6c2e625e52b574a3d971d80d6909febcef44e9dd3f5f6219727b2e822c5fa59f0b894e129a9461a2eb6e01a0273210

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef3f01294d52d65a1ff0ee3daa96d313
SHA1 128c15e8ab05e4ec90cb74c71e25162ab161516b
SHA256 3e890b2fd82a1900d9d29880ad7c43c8bcf95c60d420afa605d2aa9c87713c56
SHA512 69a51040599e95d4fdc3575a8807de62cd034f1de2ca3a060e24f7d8e2e4664111db5f1d9ef165c318e9c6f574091f909818a1a983be5adf19edbf12e09c5a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e552a2ad90e3b2c15f919f6f7663474
SHA1 3936b4c6b01d115eeb2379d2db225fa6c834cddd
SHA256 6baf75c1b4557a77d3188c84c555a913b987f48d58ae95114404f9495140fd43
SHA512 897f8459f85121cf911bc2b50f4daa9e118ee6af8b319a1201426d563641c2994e6b98fc035cce763ead619ea18a45d57b80872f16eb9611086735317d4f2ed8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 355f55f472244bd2e04bfc8ab09b4703
SHA1 b9d3cc0b0ffa0abc8a102c7dbbd79d62a2629d09
SHA256 d693799271fba8ddf012a0b36d3f0735834184bed29c9731f900f6069d6d80c4
SHA512 34aed0ec73c6d2542adde04d09bf6acc2b192c6aaa72306ddb33e5c97d510e1c73ccdd588b09846460e86c55bfbd470faaea99a6d8bef5899e1797de371c2a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e3c63e2e8d5dd2e120af94b585f7ec5
SHA1 4f07c5c824addc09d99c890cb985c947abfbed6a
SHA256 245d4410bb8b275bde85627119c220e5a8f9e135ad072707b5c975d9992b8cec
SHA512 af0577dacf4071317cbe6e3076eecf871c7a314c3bfd03d029c56832ecb8203c6100a4a605b479863dea7208dfb0374d935745906604f607ba87925e08002d7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74e239f13a0cfcb2d0c4d45598441f97
SHA1 b276f1febc66786e4d7ea1f6b36c927aa0ebf1e1
SHA256 3ba06e7372e6856afa9d8730b880dd448694480c1e9a967512091962d7e893ff
SHA512 f2a28137522706d76142f4528c697fcbc5ff53fd32c3395feffcf1740e40807365bd683516a02c4074ce0a9e723afd9cfc9cbefc53986ff9d64355013a47cba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ecd50ae829ef25aad04ea3b789785275
SHA1 b01e3df417762bbbd86c130283d2ad83274b17eb
SHA256 9f68a0f23124897380a141674f7e007bfe854683f20a5065f896cc7a0826167c
SHA512 dcd6266887985654e7476d84652e73dc2ea44401281a57224239de28a8d408c541b4659c61662de83de38c1371e1e8e1e7f0070dd75a2140ee52ded8e73f9775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c7675ba-a451-4006-a30e-b3f077fd6d9b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1156f28f30c7fc5543f022303b5270ab
SHA1 c87e90fb5c391d6e222a4c767a8fefbe7ceab256
SHA256 fce9f52683f4e416708f138aab902bf3a9719270e12f30c5af266132820a9554
SHA512 6680ea4610e4ea928ca02234f843534d5b5c600f8f01102c2966c3cddbb50c3c2cbbc41d20457422e2cf3c5e9e5ac27d4f20642b32803536fd8e877cfdc06fc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d12a379c6287f5aaaf7470d50f4c0c0d
SHA1 dc18f77799321d68e06dd4dd6d571e79b7c7752a
SHA256 cdf291ccb82fc515cf9918dd10e85fd17244eaeaf127a6d17357d0ce75425682
SHA512 fe7ba9928348b4c41e0a719848c747c7870cee6de4112d29ba9636c5c27ebaf1df6ecc417cc8c18f883fd18be5cd1b95fc8a26b4272c0cdcfc5a355cfbbfc4a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

MD5 cb3c8542f0f84d37a966a866ce655998
SHA1 d68980af9d11068339e7514e452682d0d483ff18
SHA256 2a1b79eaa2e9db4bf7c80aa680229ba4057fc69e4e3dda16e7bd60de933f41df
SHA512 e925899237b24a3b67cf7d158a04cba2a1771b84ff7bebebde3a357ca3219a7f16f7fe1fb8d5126b78cbf25e93b709e0d549f437674e4dd2ad13ee8a89a4224f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e459d8e1551d0e2ff81499f9a2e0b15
SHA1 0c834d16e2ae544714dfe0fdc71dc642db2fff29
SHA256 f5608fceb687635da24f727fc92e9d2d25bc0515dc0fb080c095ed5cd19bba26
SHA512 0d7fdd65418fd05b3e8859a752864b8f741ff644069cccfbeb1a894c005d469a519cb17fbd12e3d71614aaaa57eb432fe861188fb717b78b6334d4a091e8280b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc28f7ad0755c39c57c142eb4e15e6ae
SHA1 d2f3b29c7410b9847eee637c774f9eb20f1dc165
SHA256 2c50f0b8ad76408aa93e6c4659ef1877151cbdbb591ddf354ee374bac5b1dc22
SHA512 360aca988fdacf70d43b778722d258f08fdcb7ef868f9f77d5f7a84fb72a964dedd607becc81bedda3c2d35043a4fd7ac06077bfd768c3832a473cd27562e8b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98c24355f827e0c68e425ef917553bd1
SHA1 8ae77b231b26ecba510ca8c98f91a77a7855ca4b
SHA256 0afa3b3f7ff39019009e0e5132ac25969ce37fcbcf0bdd138e76554b2ef61707
SHA512 8021632ef8b45137f583aa20bb8837e2646f9265c7073a2161a890d685c42f3e1581da8a8566a5a4c929baff2e1e3767e93d449b004df4d1c6471bfdc835e8a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57d99a745e50bca9f1b770d7f0695895
SHA1 a8737a5a2b68113fae5791bf314877f23f3c353a
SHA256 7aec0afca3d5658a0872657e4b4661847ec91ad7dc2150ee10e5cb0cbd8302e6
SHA512 cd245b3c8d05d3cf05463eb441cd86286efe855654eb0bfdff5c9a2773d5fa50529c7860ff57a9aee69ca2198daeca435d1adbe03b44ec142bbcda97e15d9ac2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd8b72b362a9255d8c3579b31e5a5bf6
SHA1 2b213be706e14e013891b7593a92c5e6fbd72f13
SHA256 702b323d02cb4e1c9744dd270e298b00bd58cd0b97ccb231e9dc756be49cd059
SHA512 a0abf146d39dcc8deb1fcb8391d1043d40ecfaaef712876e821b762a72b50c754b6ac6cae9bef07e68d61a5a2406308d23aa90251361b72093b61a62747b2860

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58d3bd22778d99c23143982983b44e29
SHA1 c4662b2f77b4e87d22c1bc19a44a1a15a95b858a
SHA256 90274418e12f7c9623a1cb0517dc3ee1d7916712d22ff4abf09f16671de84001
SHA512 dab759de85dff7d7ff8af0eed05e9ecf39a6ac76a1ad51bf28574519d0548efe2616054d2e28e278050d043ee0fb1706727f4b4daf9257a8abdd45dc8b04f025

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 fd9aa031e7068ec89eb0164bdcb74cbc
SHA1 069304e77dc579482abe0f74b130d4a76febacaa
SHA256 ddd213537df7003c5d56088168119ead3befe96a32ce9b74e89f4edec506b75e
SHA512 a4640bfae39fe55c812154f4d63a0a9def6902212a45f68b8381c5605c76727bbe7c0c219f64cb0d6f484e7a64176ee2f7708dbc72e3066479e857026880bc09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e3ecebe354d0fda372e5779fae240b6
SHA1 9d2c4e4d0635e1c3d38e9589e7f9bcca2bedc683
SHA256 f1ce46c9dfcde29c649e03f668177796927fbde441eec643f712fd1d9eb2fa52
SHA512 98a9726d802f3272ddb8f4796b54245306dd5a50c8eb37cee4e2790bcff921d46cdff1bab3d617979510f5db0b17bc7f8e4fbf886d94a1d53038304f82b22dee

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

MD5 19dbec50735b5f2a72d4199c4e184960
SHA1 6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256 a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512 aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd53c851129fc88356ca0e79b19bc77b
SHA1 5806e2682e4809018bae198399d9aef09c5ddc42
SHA256 b9b95f1cc28f24bf13b606b334597d3b98ee49625a53c22571c3d0a125f576ed
SHA512 22f69f9c416bdb238d93f7c3ebf4bd6f661dd54d0dadd0f81c338dafbbe0e0bcb8850c7bc1b24bb616cc556ac504d7ea74373b940facf89e4b963e33b080e9ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 323af255893746dc89cc28a5b928bd55
SHA1 2be1db166df42a7b0eb48686ca12aab6aaa7709c
SHA256 8ffce158b8cfeaf0646077fdf5f99b591a03c2ffc788a1a704a30b851b261423
SHA512 720b9430223d444874e5126fcf800004c6892f4698080cf2ee52d229f8cf5e60a98a66c1b614f17579b48ee58fbb97c951cc551215a00e752761b138a36253cb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 362141aff87a4aacba0632d7445eae67
SHA1 ac122c3fbf4cfac1f71c4cc6dbe14bf912ce81dc
SHA256 8a2f6b71a630736329ec237af6df007ca1211835127a310e3f6a85d9a92b39fc
SHA512 6d37e45c1d62c4e9c35d4f2ce7177fca51152f7954bb74073186496b8b7c4483c4cba76f6858f63ad81bcf7fed1fed06d9f0e540c3703614fdf2cc20d026173b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d534f3abe6d70e964eca71a2b3a2e35
SHA1 1b93720ff935a09664b3c2a2bf040c4579ecf66e
SHA256 1e28b4e7946f3b4b8cb69bff3c0cad24c3410e131daec16bd797af4fb9476fa6
SHA512 a41ce3609a6cd0fb934aad39cd2d290321d39a4acfe15e47aeb3a7e82d4b36f9134f5e96f3b24f4af65b34de255ced0d715eb96fd7ac2daf57b70beaabf3e287

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cfc63e6a94cb6ea76e992c1c8a050d98
SHA1 e5957ee237ec7407a780a50be3193ec5645931ac
SHA256 ca142576211b34d18560a8cdb7098b2a6860cd7f350b582f4c7ccf8202e87e72
SHA512 7b5d0df10482154987e24a1ba4e60f02ec143c4d46325630650af51bb717e47be3289896209d2e99de4756fe2d9026b4584645064ba193f8b315c824ed5d1e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f2865e7fa1b33823625e1af8cf22533a
SHA1 3c5d0344f3ccb302f422f78267801c166cdf88bf
SHA256 af4719d7cf2fe3e8fe7c096fe3dd9c5ebcfafa4083c91f63363d30cda1e06785
SHA512 2dbb45b86ae8470659c1c1e6a13353377684e4c81926a2e8655bc7625cdf55c14b9af9e6ee3dc00bcfa6181182691f9286f581452bccdc698b9637b00cc3809f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\b7a707b2-459b-44a9-a28e-f703402dacc8.tmp

MD5 21f4df4635f9a2d9e8035cf315ba5192
SHA1 d00f54f18d424650aa9ac330588d96722e42bf8a
SHA256 cf886afb161b5fcafa4da3a11244970bc82cbbcc901f36b4d6bed44dc14ec034
SHA512 57feffbc2ac512011a62abaa638016afc943e0b366aed9bb86233ad2db588a1701695ab935d4a0ffad8c47857b9d72c8013451f0cf2b605dbd706c1eff413754

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 accb4a7b44a33efb9794dd86a6f271c0
SHA1 85f8595907d07081522a43fbbd8625dd190ae32e
SHA256 a1fac61254862444da9f9bd1611af6fc8b2ed704b6e3b9dde20d578fdcc4976e
SHA512 95da2f93ad08538bc1c726978e16dc31c191563095569e817c80bb5c47edbd5a7e38992c6a3e3ac8dec0ce658ad15539b5782d9dc90886a52cb5f3cc2b7bae29

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cbcc5ca01cd19530d08e9a2dcf18baa8
SHA1 fa8dbcb02490db27932a4698fa7a08acaa78ca31
SHA256 23cfc5843de0aa13fffb9b9c66a5e27ba4d9903e6ba79065b9fb683c746bfaba
SHA512 7aaed653cd3a2d9b0b2a734c26ee398dc85bf6f13c6491e19d79a5ed7c9fab023df4db85c7ff1fca66f8b8538596293826cf08b2c496f80d2e09bf7e4358f9d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f5

MD5 5e122a7079b46d7376e2a288ff7e60de
SHA1 024a59e404383c90e09b3e546619e59246e1183e
SHA256 97c2184a4c5fba3951a1dd69b18ab31bc6675114fac3643957b21e607d245b1d
SHA512 527bede647998783f46208f71f4346c0f65de2d35db74d0d2074f37bf12fa13c56b7d69fea0678f5564cf93ea32798d9e2adac6d5856578e66216df00da1372c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4123b0834c9429b75d4d5729fc1be352
SHA1 729c7d1d43205b70d7b29025e0b1f71028038a02
SHA256 0f5b0934ff2624562b83917044a4291b03db8d5632b3da5628ce176a3e46d8b6
SHA512 10087233fd3e3358a4eed89b11f62322534844e90e31f3f0daaac32b51113eb72c6eefdc83b392129dd6f394186b678f389a9d4e8acece583d86b3b0ed7aa8bd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5b50b93eadc14bacf1eb95b319d2a3db
SHA1 59aecf721c3a9d7428a320dad6b4f3673c96e115
SHA256 78f3cc0ce641fd7a377bdd7ef830a893d0c805d55bbd79c3ebe72576318d7051
SHA512 fa44950aa2bd88dacf8f466ae3c92d1dad7a25fba5df1ac9edb356ec67ca1e8b866feab33f9f516880a2ba4e07648f26dbb7b2aea7efada7384ef24c46c099ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_c.adsco.re_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0af74e586196b98948b72d5196ef1427
SHA1 c9a0a37c07670405cab4bbf5fb115f8cccde5fe1
SHA256 113a3ff748535ea9f07287fa3b05e623b987ddabfe552ce993f04b8028ade9fc
SHA512 b9c75bf5c7e1b26b27db4bbc4c19a1143c03bb4fb6b226a1cfa78311d90cc1acd07275de87955b607ffd3f9f618a0c2c14805fe00481be13de8140dea28f1f2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6919bc105a696ad5de7d5149e7fc7e5c
SHA1 d28a5bb1f66a3e8027e34f9ac535f3fd327bd475
SHA256 7fe7fec43822c95ef6454cda645497620dd02cf3f1c867d05076211a853f9beb
SHA512 28b565070bcafba5304ecacd7dcc65f0a0d98570da960f37dc358335b0838eebe21e879d177e25026fc66270997be030b5ecb7e3efa88355d7b073b026ba71f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07398a7604fcc92832ed22d8c53157b3
SHA1 f052cc01674a56b0ee75b0eaef87656e500d3dde
SHA256 421ceedc5b1121d16294b6e8a89e54b77d76cedc816c5a5f137e7b66b4349f23
SHA512 936c437d549fc1158d09d7f3b8a1a57217ee4d4e0bd0554540f217249f1530ec6d969ac0e0bc6b6803bd37f9cefd3a80b7efb50b7c54e34d771f7e8d9aefe6bb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 38b97a027b6f2d37c4f8396a39fde175
SHA1 de73cd3c859562140af3ee4fc6c4eadae8690ea2
SHA256 9de131c9ad90e68826aea72f993ad82a02e5c18b8fc3b8ade73000233f925287
SHA512 13e23f9d557c70ccef315db861568244d5ee667a13389449d54d1eecb6ae5128070d5f351016ed8fd6a9b43ffe9091f9d1f4cece268a2d5cf19db34b89c17802

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 130c0504b65616a8e635f3272dfcffc6
SHA1 92557e444e22a689b9b3708aa2ab8f6252397433
SHA256 c06fc8b87b864e3169b753ee03962971afc00681ca6bb7e5d8b2a874bc999229
SHA512 5b0452b6236599d15436fdf1783e34967ad1825fcf68cc73377d1501cf109f1656602839493d6e81fe2ff5a51b3524822ff23817263f1fecbe88ad044d8bb537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 62119b5a1a9ce258389987142dad2516
SHA1 2b104f928a844e6bb1179eb9a6e52ea346f77fbb
SHA256 51f6b6fb447bad1b4076d13ce58900428abfbc9953f04ead15d0ea6dc0a942eb
SHA512 d6309890a44c5adf4af41179c1ea8cc958649576393beeed7e5f98de0f0bc0a43ff2b77ce0f8ed4b1afcc8ffd2ace9955faa5a5c424023812fa416ab92097966

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 598a867f3577aaffa55756ceff9a0336
SHA1 d8907aa416e8c2bc5051f0c3424598266f9f8f03
SHA256 97058aa3ce810adb05b4bf3a1782ba6072d32b107f4caa06f85514a1a35a1f90
SHA512 aac2b2be647c1df9685392bb363a2266c76bfbe1a54c96ae007e34d34bd91c5f60e1a62a4dc21ef6e1f90bbdfb3b13a08241d2724357bc7df5e7cb3178161a49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b9e6d4bf53d9dfb7ae61f437df914ea
SHA1 d90f8cfdf91032eb5449c1e673c3c7058ce7db13
SHA256 61e7eaeb753aefe61d2ec8ea9f744ae41d2d5cc3b5cbcd04724109b33b1c7635
SHA512 76cc3c0877f4ad36fcd789041590b6dcce630b877f0fbf63db51207325f53a080be5dd5a37f9a733cc10ffa6f98f22f8811680c5c5ff0e8016f284af11dbd71a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7f31017e24b6dde1d14fd12329db65fb
SHA1 43c7652f914eaed4017672123cf9ed85e266e7dd
SHA256 8a58bffb7b8580eb873c56eba60570cea93834812582b4a648b923a622ae7365
SHA512 1451ab0096f29fcfeb6db238e5bb60d5a03a5bd538d00b0f2c3ed22f4d1674c4ab815df3251ddd4776341390f002d87baf273472bf6d155c9dd4e9a04be8bb8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f10a1474a1c0819e8cf2c30dbb8ae6d
SHA1 0265b53e09dbb4162c278cbbb5667b305db68b61
SHA256 becc8e6cc439954e4fd948c3651b0f460c1989658da3b8ac41fa05245bd09a92
SHA512 25e213c737fbb74728d252ef81b3a366152c36f67e517af8df06bf06ff22f040ce198c2ac883d9df7f984a67ee1ace0e4076cfcb3332abf66402da9469370624

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000118

MD5 9f30471946c01a95c89d21eb25958066
SHA1 64dc16c6e7542e4f0e7ed9067ab40bb07f6ebf95
SHA256 502b3ccece01cb9961e5bb3a47c31f29fcaf0dd9eb6a081c9a5a78e088efb575
SHA512 f63a7c89d3609e49870c9a08dd88455dca075a59246856662b4f1ad6231f5f76e639cea00ed2cd21f9b0c85a44b73f7deef3922080f2fab64c3f24b666189708

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 738e53cc51c1481028706d5b099e2797
SHA1 c7c680da5c934b64de5a40ea0b37b84da0db24e7
SHA256 0a04a7b81ee4834538e55d0c3827a19d7e94e405ac93e6dbbdc80e3ffe3f76df
SHA512 9a8671412ab8db9634c8edbde27d4bb74db0e3649ba5b64587a777b4417867cdbebe91aebc02fb5f203fce1ef4167f251da5e016e3f2e17532319e0a3218b56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a1edca2113b8633cd065695ec3a6dfa
SHA1 f8e9f581a33ad9ce72a19a5f6d26fdd04ef871cd
SHA256 4a060b0cbba50b35cbe4f08fcca52088a797fb4f250846773357143204f4ae95
SHA512 f62f0f4ec626490cdf48c837f581521c3403af2d33d978a462197baf14f6df90b5d74b947d22bf702bcff86ef72d2f075cd78d06c2dcb1cdb516ced93cf35fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b2f4d3f0e729a4c8df7ec01c1f0dd99
SHA1 d303bc5754bf8a510990c3c079a2f4144c1cfb87
SHA256 9a3475d2f70bbd48968e1dc65e3b628cd2c5e5fa0fdf8c45b0fb33962973eebd
SHA512 b3b6b9a15faff64bd2ebdda0dcf01962d2e7553a5830dcc07300be4b831a48291db55bc0b849397cb50534eb3960c57c329f1c8d61444d6572c287ccbe2703c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d34a5ef0890557d19d2baa7ac33ba7e2
SHA1 daa3a12935547a23bfa20f25d869a2bd1829ef29
SHA256 8d0beaa303d457a9a19c2225b4224ea093f2f74bea8d70dd190a55ddd8a7dcd9
SHA512 abf2865b90b08a44a54e70c4e99c7bfa4ee2faf78db1554a65193b3b4de6f3daf7df32134a144bea8a381338b5dfa7622ad1d3426f44405c6fd776c2c76a4094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20782e5890d7113af240666937798cdf
SHA1 ddca31a35bce577f5c91a77375d5fe6715171fa4
SHA256 29c20621ed52e5560bf3b7e33edd5a209d8d0bc0179cb16b43e08ef94518959c
SHA512 dc1fec9606aea5976632eb94e5b01fa2de7f650ff1f04f2a68a5b4bb6496131f814d7204f361388e59e0a224df4f62a60cb40c312660fd5c5fa4d7fc48e24b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a8dad5cdd597f2a8bf29309c13bd2e6
SHA1 3d708a69edd7a8b14e1c515f26adf07293fe2b8f
SHA256 493555f626588e6560e371e0c0523ae880b2605f22f54d4655f0c1d902369c85
SHA512 d28e1fbee4610feb8e31fa6efad7876291b5322bc86d0f68bbb8f07d9c08bb5a4c6a819b98812584ab68d04abd2d7405f9a9132c806c0b34ea62afe0224eccfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad3ae6e3e5a88d9999dbeca23bdfdc6d
SHA1 f006147f02e481b5a5d64d1fc78a339d3a462eb1
SHA256 28206743047847eb8ac670699145441b4dcc5ca0bc6e026f45d4b27282c483e3
SHA512 60c203c43a7c870932089a906095a47851218042af3601c363096f7cced4a8e38b06b0e1bd13792c389c3d2f3d5a2be9f4d9e825dd1c8477115384878f01d9e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13a64401e0295c2659047088b3573cb6
SHA1 df514759093306cff3cc5b128e1055434f090753
SHA256 797e56b6457aaac5d48524c5626afea00d54c51dc238caee4da7ddf8e38d9e1f
SHA512 102013acb3577d3e62e4561f27e7acde4bf8a38537c277212822b1d56b9ece953a025e60b26a6df3d839960c21576e5fd3fd6e2e18ff47161194d9fcd169a46b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ff14229e434b3a3d1aaecf9b1b6787d
SHA1 4e77276c94e140da7aa6d44e4552cbf7088afcf7
SHA256 5aa4283157895e5387d05f019290a0731f0df39228d9cf17394b2ec4d2a42789
SHA512 a8cb907bbf6f280bb0662dcef74a7325d074eddede16ee7683ee62aad0f23a743ea6fc24abfc76fb388534f9f37b4a74b3dde040fe12b84b01aaf916602d8fbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4fc3fc6b8b34817e81768bfbd1374294
SHA1 233ff645e402c95eb17c37b516ac4ab0ee687005
SHA256 5476b59ee59acf176b54e8513ac7cb8e14c8376a7648517309653bf10fc7b496
SHA512 504e46ea1e14fbe92723bb94785bfda50ff60c961572fea438b79767147f44fa3bb0354bfdd3ffc8e57335d641b1a9ff49e41ce1b27d170654e55274877fbcc6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 0266e3a291ac7fdd0fb692a62ad8f0bc
SHA1 cb9892bee912627ddc47dea31de0d7f29eb1615a
SHA256 dd4976646218da1e459859361b2877dec2b909611e1f2fcef655dcf3f197dc91
SHA512 e1fe000ebf71ca49781360ae002270c1cef9736f10eac8ab1dadb6bda9186cdd424d659ec6b87b404609dbd1dc8ed6c98085ff4173a8d4fdbc828527cac6f7ab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

MD5 81532bae1325296a50e3b58054ffaaaf
SHA1 7d6667a5f7eb6c36f582fc0cad00b65ffe638758
SHA256 c62dd37b0858dd4c56a555db3cc955919ca45439f5432ebe490983c15c42f21b
SHA512 2d94f6a1994222b95f1dcfb5ef6ec75c1111b8a564086e87a2cc733d0263393e747479b6c118674320f9b66352f82627881a309220a8ed854bf3b002c867a0e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

MD5 9629a81cd6225df104e12c4e5ddad5db
SHA1 69d0087c1bc770c0a6b7053481201a71b88ec746
SHA256 e371b3ce600a74e89290308ac204fe472a1b445641ea3811e3bbe5b189fa90d6
SHA512 aa5994224ebb6c0ce1b72511778a92ab57dff62800a8a1dca936cf28eb4d710ba21c6898acb01f84a306cd3b4e594888ea85a31048c6bc25fb72810645195756

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 47f167adf55bf09077ba165493564f8b
SHA1 5a49c7cb9b32d44a5f637e5f70f8b901cfc2ecc4
SHA256 be5ba0289a2dfc9f23a1aa184304369eb7fe7b680a91210cb936d904c9a3b8e4
SHA512 b56d0ad2dd9dd9db9fd5c80e83a34888363891e7a9d46691c90a14c9111ddc18c24dc7b5f786c398cda468785fe4a4dda578f01d5018524bfd4937c53cd9f4c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 f885c17415b7a1cd6d00967bcfdfb098
SHA1 4f2b25043b2012205c22786e4028f3b75973a736
SHA256 d65959c375ef674e915b49bf0579f0379ab3d7b3a2779ef267e4b27bedf3b425
SHA512 5bdd989aa0751886c8bff8dff0d91a44620fa8714f6d41d2daee1a6ed9f3143890d3836a2762cc419576717bb2c8628a43cdb5bae4c0da6c45e7a7998eb61f4a

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GX304FV6\www.bing[1].xml

MD5 5f99b71d6d6e23f1aa55d0886b1d8035
SHA1 f09f8241de8dff820ef3c700a3ceefc23659019a
SHA256 3934f3a3f46c215ee8bae0931f5d55a3ae48fd51b4789c46d75fba75510ebc33
SHA512 22ecf9d73e03ab2abd54b00b32c3537216f0f2d1d1c608c9f7f25da8b09794cf2fc83cdf10b79484cc5aefb4794089c2541ba000cf2c217604c0d1aeb696a772

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b6a307c2d79e493db16a18aa654706b
SHA1 e95fd8984e40d9c0fb7bd3a214d9e92e818cfd6e
SHA256 f8e200eaced7b5134ab6117aa8e9e2546d4f218f43b3b77064eb2c6f7f4b0d8e
SHA512 b2dcd0bd60e94e8b6e5096299b37bddf91f5f5984f9e75c4afe1e1037d46e403851aca91b4e224d317a52edb8b488ef4ffbbdc2225154985f9c891fb09a6e42e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c2d654b0a85abe4c8febff592fabcbf
SHA1 0c9896d7637296998ecfbb30ac652d5e797fe890
SHA256 5de3684a49b606625abf6d0dec01f41ff9659085fc483efcc0fea258987803bf
SHA512 0a3a847f6e14036a95eb64c99a099f15eee1ab04e7f7c378d7421c86af3e9ea97082ece6898aa008ad4d4b8b6430c4308efe55eb7c8c4b10122a6f869334e1ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015b

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e78f5d01ed24363a3bf3d652f3831d0
SHA1 b4e103947ff1950c5fbc1a581b259034339fbf59
SHA256 f615e9ab1d78992e87f8e2b6d770718480947cb6bd8209117cb3f73453981058
SHA512 42d746dad511826f6c48dd33d11af4bcfd2dda08ac06d7d1ba19e36e4a3192ce34e1d656562e990d4911b9c04183dd64c96712a10fe11443d1a2372fb413ce3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000163

MD5 0800f316866f3b20e5443bf0b6c133a2
SHA1 0c26d720ec1078b683068d5586b3a204ec118bba
SHA256 8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e
SHA512 84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

MD5 d4357ea80b32a446f5b93f7d8a938079
SHA1 845511d6171d4cca3c67643c92b1f2cdfd14a095
SHA256 c1d4ef7be80fe4a3d0135babde4b276a8b7b6dcf95cd0bbbad7cecf475fa2cba
SHA512 86353002d4c5900da98b02b1a40195b4aa64f4ea87549e27937fccf89738d3e654518725f0e2341cb7084634d38ef4f63657c5ef82ed7c4f6b3d1558450cac97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 584123715a49de507ba7390c872db951
SHA1 7734e11d69d3a83132779299b9c0188e6e73ce41
SHA256 a847561ea3f33db7f80924eaf675869b2f95273a72f272b80c908019ab35e7c4
SHA512 4ad5b2a7db27d80d75a97f4f9c5e4e747ab82a95afc985d4c8a83bc9500b1fa3aab52430fccb65107929b77d000ce3d80b4b85a8d444dd285842f93758e580df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000187

MD5 6931123c52bee278b00ee54ae99f0ead
SHA1 6907e9544cd8b24f602d0a623cfe32fe9426f81f
SHA256 c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935
SHA512 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000189

MD5 623c502c14fba19c5c6a6faef17d106f
SHA1 85d848a29d5c928fc71286ceb8efc8b58d3c06be
SHA256 ec3d0746d24305a1dbd250e0d5bab9a472e01bd004c52dd68108b56109c0225a
SHA512 6758a80db46b2f4f4294b32bff28d0d62492bd1b557ca799b8eb3616b17d003c0729b2e0bc197714c24bd91be473ede1c1e1ab1bb00cd46934d1e563519c4031

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018a

MD5 0e32d38a75bd0ae9523c2d56553d4203
SHA1 db5c31829474a49ac03c7e1e220143e9fc626235
SHA256 024b0418438147f57205de39c5d937b4cff7736c88e99b2dce84ce2b4102e8ff
SHA512 373a6747fad67e6b38a187a584fb0a01ee58999fd17d18dd0856c7d1a9c61af2dc19191db844f319f022169c6ac0427ec49e769f80959d314d901c0eab5df13a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a32321ec18344d04ca7387cd83b4e6f9
SHA1 62e1be8e4ae8138f849805769e780ac2c4151167
SHA256 f28ab23bdcc0a7b6913d6394cbf439a9314040fe41fd66cac674e6d576561156
SHA512 b1bd2e3f18330e5366c97e09b213e0cd0563186ad5cfbfaa1fa18a0cc5223d79ed9b61234e7567c9d66fabddf3af71abb817e7ff80e4d7545e8e8595a67fa579

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bdb2e6b43c1742cf18352d9fede0da0c
SHA1 dbbabfc7a0c3457b9ffaed31a6c4347e8759364c
SHA256 61220bb8b6cf57710bf4837c990d4a2f76bb14551bd96021152db2c1c7ad0f65
SHA512 33edd53328f0737ea1fae7a6989c006ea26a0f04e89c1080caa963b25236e404a5ad9bff37024727c0e62d139786836dfd80be482c3b3fad506daa13b4150d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018f

MD5 f65b0bdfd00937eb399bb86a6fd7f1f4
SHA1 0d48d5f072ac4174ee6c85041ba69e16f191f976
SHA256 bcca95df483c59951e76eadebfec9e3a87a7e11fec2759254188a1c4912167c6
SHA512 fe0a2946813dbcbd99998b3b9731cdce4d213083f299198134f0bebff30f5ae900e556b1b3a6d452958ab8c643659df31181ff88b8ea84abb7ece46400be63a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000155

MD5 e33076f49c92df5608dd2ddbd77ea3e6
SHA1 0347047e1093c49bf544486661f682dd70e8bad3
SHA256 477d49f06fdf574d269d6f2ddd5c6355ca89380a1c805dbda0ad3bb36a01a222
SHA512 1bd622c70000d325acbd7a67488b0cd3314b4efb85133dbfefb2bcecad9a43f689ee7aa6ccaed4470c5c7aff86fc8ae40793d5ba5defca6e5b2a460904663290

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000195

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d784d6f065699e7_0

MD5 ed98f907c2a4f80474437ef639d56c49
SHA1 712cba2179a5620b4874658220254c3ae5ba401e
SHA256 2319945c8cd68eff6c021bc22d345e06e21c420c2182e4fd4335968b366ee22b
SHA512 8073e7ddba702e747db4047873fd40a7920a1c3db86fd21296198c34feffe727a6c68ba7d158e924442ec8dc258aa49f35b01645906a338b9be3cff011893322

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 cd3f32b2ceaeb78b2a23dd179a23fc6e
SHA1 418aef2080cc12d83d75becf995ca9b10592db8e
SHA256 78820a7389f5b3e817c55b7df8d2d3077b64ce6d061df55aa4d458e9a4ea356f
SHA512 06ec03c9a5861de9f97e0b98e81abf9a59f2164bfaa382e57307a7991c1cb4a1291dd07bd26157f217a95e69eff91be8a15ed36a26c83371838fbec8cca09164

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 44d9ee4cca4993ca73fe131a4d85673e
SHA1 70d288f985e979255988f337b2ddfd46d11dd8ff
SHA256 b506614ee290195b36e61c31472a529b48c58433c85996380b615bbb33966bde
SHA512 9fd25657088a472032c8494e5354971d99d190311c198fe0fd1a63203745a944126979747514d11c57a48e1ede0ae5bc6eafbfec7d964748928e33a2297606a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000198

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a322bd6a789cf3aab8f9c43b674b19c
SHA1 ad490afc211c901dd0a5241b42800e3835fb0e45
SHA256 47eb59528a95cd2d229fcf11e1f57e60048e653dc5e61beaef0781fde99f2c0c
SHA512 ca036c6687291d9232bc7179f89acecce62cf3df33d233df1578710b400780eb26f28c3ad6d8d97a742929e82561dc8e68b66f421ce48b3e0f4c95624df689b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 894867777f4e84adf43910ddb3d6371a
SHA1 6ea426c7888e7dd600508e047288551c2bcf3a8f
SHA256 ff4d1bb92dd3461d56b2cc0d782a09bd5dff67afd1cde5738d025f5ef2571dfb
SHA512 b2e1a35d952cf019bdf07a5195c76aaa04670b977cd02d76b95e983a65dc32e25a994d57d68a46ccf749a8203ec2c105b137fda2ac1c4534638a6bb7c6bf3a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e79b0c074ec58a7a16e5a7a2801c8264
SHA1 e2d6d4b8706fa1da9ad9bfbb06716fa8aa91b0a2
SHA256 095c5968689db5c09f95f21b10dd8f116eb702a536f6d4d273ae7f2bbbfe7a66
SHA512 86afd3211e5d23b2c561e0a15cc3bdb4bce1b82cea43970dc71b4a2e7ba5fc94a9de01c746e585870159fbe26a682282daa82823955ff8862f4157f82869085b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa3903351ee5851b5a70ba4a5907d736
SHA1 7ff409f9b5317ed1fc29879639fb7e101182c5a7
SHA256 31a1d7363df72d0aeb4f91b78184e87417f252a12f29e3c0c86466cd017f35c3
SHA512 2d3626d2e10098df3f29d4eae8353f679e7569f50602cdc182449380242a7e8eb442fd2adb37967a2bad49f057623bca19e0ff83b911a9f78f0590088dc6e01c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9df0c4efa869463_0

MD5 95c401afa223edd8deeac3660c128c59
SHA1 f1495cc7c9de13b72cf3d4e9417730024b78a5a8
SHA256 e820fe91dd83b307a0996faab9dd2ccfbd7dd44e12bfaf3377bd52dc08ee92e7
SHA512 5a58765f2640172cde45e8b76df4f3c62eb803815d0a63f78da1f13c86a8ef0507771fce8c9badd068de8b75132ed4e83e2663548d5ee5082dc3913d9c11060a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000158

MD5 230ab95d87a717be265134072eb17c25
SHA1 71a3d3dd6f952057ba0c6025d39c9792ff606828
SHA256 3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068
SHA512 9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000165

MD5 6b06c0a61b0519c1c8c85c037165a9b3
SHA1 5ed0ec91c0d2ca41f463aac9240faeeacdee1bbf
SHA256 a0b8f5a0bc1a05bf0256024babecebdbab0d3d5920d365a2e1dfce4bcd0284e4
SHA512 938a138406d782e62a50de2ee91bfe80ca81617919cc53f10915647fa2ce8fbd5165ba65000a9e3ebb3a43626bdcc138e174450dc9aca8f6ca8dfa07a150536e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000161

MD5 3262a64faca797f853d9f9672ed40d96
SHA1 50b4fd6e57e9e87bc2db7a3f78b61a6c9b2c927a
SHA256 7fb4a50774c3168e2e0adb69b64bcf5ac1eb978cf9ceaa5456821164977183c9
SHA512 72ec6061365a3a53dd87bbf6c7ded5a7c9d06fa9d8b65442316e4f8f0f00d17edb6d9675662b55062aa017625bb8647e674dff290a7dfef12e013fba51fc720a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bfde39962961371_0

MD5 991a86c153eab4c320a033d4b41f11f3
SHA1 8f74300ed7da860437e8b3eeaaa2d8ef3ee49dce
SHA256 cc0aea6d8ae9209a4fd880c97e061fdbd5f07db0cef927ea0a03327311bb6359
SHA512 c0bae2f8beb4fee3a10b64fef66170b41e394ad9b866c746b3a12085e0dc5a8a2c904bf3d8a0e4886fa5b95b84b67319be39d2a832d30375eb055a3049ca7210

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000162

MD5 4ebb0af8cd5e11013a7d4516bb7ed68d
SHA1 edba3b6dc82e5a88b0e252b43f62cb5d760f0fa3
SHA256 4e2175ad5923a9e51eafbc906ec37fbd13b0698a5cc03d30a470b7126c9a06d2
SHA512 81569ef8014b9f53b8649a079a453e707b4bc6050f224b021efbcc2cea3a4ae981c0e945c36c6f3005f07f6a6f4f568c4978f3479a7ba1f7a94f1010b664556a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5caca2d4f4087fa_0

MD5 49619195057245c8bf47bb330062bbd0
SHA1 fa6f276d2461cce6d2eb4ede4df15a6974e05910
SHA256 97d3e407f8816f3c36f9428dced934aebb6cb119fd961f622dd5e9dff1878bf6
SHA512 9b6c7309c6a9df4f4d834c0c7435fbb3487842fa92b80c415ed22b9adef56cea7ad7102a4ab48608bb99be39f191c028524827e5cc96bbd61812ad8e788c635d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89d7e59e145958edd1f3e543466be675
SHA1 510ee7cccc003c3c86198745500424f329686729
SHA256 ab3071b738794b296ef9a0092f652d2d449da2cce569d8c63f19b57de7ff3690
SHA512 ccb184f704c384f34615012ded23b8be95e6e43bd89f9290dd09baae710caddf609e85b7b40031f893c0ccf0ca74d0af215c255e8132170849f13498ed2e787e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a19544dd8e5e4b2_0

MD5 9a61e0b443de1c760e91b9aa84f27201
SHA1 95679da638130b521deca72c165e95f411949d78
SHA256 4da40873eb0a3e90c3684589f58144d242a5700a0a4702d4fcc36fd62af48802
SHA512 4b70f952bfbbcfe9fa62910ebd8882b7acb48ee60c370409f219447771a4153d11de93d6e0302dbfd544273bfd802c7ec23b510489ea34e2d7f70a0a714587c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000199

MD5 e68dc41937e75b392b26998acb2d09be
SHA1 b3ffd33f790eb21b8bae1c6c8f93c85765fc4e91
SHA256 e4b53b7fdd39514df81e6bb419cb980f00cbb8c95cd421f17cb702faf18af513
SHA512 68eb5da95eca580e9d3040ea91717300e810e26cfed80f0765c2edc2e983d102671c358792c72c680f9a621304cfa542bb116cac9f6f1dc2fa28e39201210425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a0

MD5 b9eb8c4e6c6f11de89ab7e2a77ba466e
SHA1 26ea4bca4d3352739371f81c33b3a4a8f72cd2a8
SHA256 5aea915e78edac882e1e90d3a898f2aa3f29caf3c6d04b180e13a12d2996ba6f
SHA512 11e9b798b2763f221cab74a73e87737598527ed3271c47a95972cfccd3f811f694b75bd4ffdb0f1801ccb59e8221d9f30d16fda9edd1d8afdd72ebf85225b649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

MD5 c8602533b2fc36c16e06dc34ca18ba84
SHA1 075efc3431550d726babd5b5c444458352c1a961
SHA256 a8105761b5ef2f85dd49e5cc0a705f16c2f8ea408aeee8382d9bcb2fb9e8e629
SHA512 1d4d3837bdb63a00ba5146da311b4b4ee462a152a529ddc052bec15868ae4f45725fc95a9f795966f30dfcc23afb958265ec3beee4fcededcc86927bdd7e0816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7b2445be8a49a9c_0

MD5 be834e187c30a2a7b8fbdba37fd621b7
SHA1 8585492ea2502036d8cf7e1afcebcfd6cdc2cc82
SHA256 81f8fae856b7418fa161ac9f58aaa066b955280777494fabf3a7e8a2ff858146
SHA512 5c449e93afdedca3039d16dd83b9cd8a2e1a11d9bbcd9bc66049e1b0a16bb25dde154d61fa534058f3efa2d97c4a44d2c960aad3e3649d098d20df5dd7032bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ce91c7d3c2c2734_0

MD5 24039ecb935eff895621addd3b8605e7
SHA1 d90882a984d39a2de71ead9126fcb0af0884e035
SHA256 f0fe0e7de5e6a49a996f6369b75fca09917715d903088105a2828d6102d827e9
SHA512 c5c59b561e30fb5454a4993b1ee1116ea469b8d58905a6d1a4309316ee735ed4fca46c29e923311b2d8094d7f439101e9560257106889190f069cd58e9d6a29a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00019d

MD5 6293707271be5cdcc7112f7bbf6123c4
SHA1 d46fef33c3e6c460b1dbf1d41a52830c84671b68
SHA256 6af8e22e6e997e77fe8225db1f2d43c1ccd793a46be55e6be1256e8547ee8ddb
SHA512 719e0711e29831ef683214e09a3a8bacf921efb8ae430ee386933e74a382fa2c0f046f4f0880ce64157f8f153c53cf8af21fcd3fc50ffa84bff7d6055d0c7e2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d2f21feea6962e3bbeb45dfea557ecb
SHA1 dbf5a08b19cda9bdc4a2f7f3c3af749e416a72f9
SHA256 4b41179ddbb7fe329cb5b130141fede5e953c4878be597f92012c954509271c8
SHA512 958bc9cfcdbdb6256c5278ad44ccfaf8595ef30df8bf1bb917acdad8384758cf9c323151695e13762a611bec08666ecf863e9f2896ecc25b9aa6e3f5bd048315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1c44f3cf7e3c7e58f70a5864562c02a
SHA1 da2c9739da4e0a9b410089c56779495cfafe44b9
SHA256 44de1d5fec5e551a503544c69a6d58d9b8b370ba679d432b0f844db1b4321af0
SHA512 d84af54e3d14e72bb7a3d763b11936882c59710732f18602032401c402f14f1a790afe8badfd0b894d096d277c4f3febc83694808a7349117103a58e2a04979f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00019e

MD5 c6f2d5a4ab2716725f9127cf39559ca8
SHA1 80d76d63557135c2a4ddbd2802a2b14197a08894
SHA256 c07dc0be7377eecd17580a3b5e2aaf957902ecb63eeb8d5be6116be36fa4271c
SHA512 3f82e3b4dc0b623bb96a3edefef0d83a02cbf0f1346ca09d8a851de1dfcdafc80b92e0ce9df7988b443396128d499f466713c88cbfc58877594f36b0f770e57f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\669a439756c18c32_0

MD5 eaa5fcb2cbde703b35f3c2b09121a80d
SHA1 bdb8ad5d1596d3eb3f764ce53503cbb90d41d858
SHA256 257e15c767a8df67f91a0d2e3719bc8866ff43916942909226de1a17abe5d747
SHA512 f6828463ddbce3e54b1e8f48a20c98d042cf8a207bf8a4c25444df97e5bbdba83e4e1aecbf80a69b0c5a44031019740988644bf0bc2d198df3abe4fbbd2dbb71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 faf2d17d4708b8281b34a953dea06a1d
SHA1 01b58e8ed6e65c6f285fa5cacdea814de4232446
SHA256 672b78e558797a6ae5fb8f6605fe66d3b7cb670e22a3aa9d2f62eccf5ed47121
SHA512 7089bfb247fcdd2e0603cc0f32350a89b10887b340bb1f0e47903679abe262375d4f601dd448e02b9053b0003e56e50f155f410eaf0c1ff2c28625405226abc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\293c7bf322fab312_0

MD5 affee5ea2d8bfeaf4871565ab071c02d
SHA1 6bfe0add3a7179e4009432333952e30a8b03f754
SHA256 2cfd090ebdaad43f97ba1b80bf2daf9d92c8064311e107395f8c0f3845fbfa06
SHA512 d5daf90ae44b13135c7ba086a822c29c1e5d7aef11f527c55634b58fd2db4ba10934963e884b706c9b3b833b7492373acf1e7865df62ff9f30494c1620171971

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

MD5 2b51172eaa7393a8497f94f59e337960
SHA1 ce9186928c677f7dd0f404c45d579acb4f1e74ef
SHA256 b069b7235e7794699501c99649990934f2477a00b553c54af93e6cc3602b9d48
SHA512 d262e209f4a17369471b50f9c8e0d4ca0e1cb2f4ddb553a2babfdeab6b8cef5a7ffb709fb3a55f1db3c7ba695c3fd3fdc34bb75a84e1d79ce9562cea01e2bb2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2610cf87a81bc549_0

MD5 5b8585b8671360fec29c09698952ec07
SHA1 e7540ccaa19d270298d65d473a578c2500ac3e1b
SHA256 d8b2aa3a6b800d007ee479690e5f6951ec39d1dbfa9a59c67192cab21463c9a7
SHA512 a40fc63e28a3147132a42fc4ff64f88e04e59c93343abe7e008e6c09c09bfa901eabfb7106188116d952c289b8f49a75def1f7c827b70ebcf7de79a97ce8c9b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c22df8258f6388a_0

MD5 e38798fba6cb42fb1c25e1f96bf014ee
SHA1 d6027884c435c40e4b57ecac3bf945577779b565
SHA256 d63c6b4a0029726c926dd7ae463e1fee9adb4ce872f0a17451659071f8874892
SHA512 48d9c4bbfc09e9623f9a8f645b1bb84a0ff5579dac4875c8f9acdc0b2f197d229ed0ee8c0a1c699d197413f99594e2c6dcc752bff382f68f42533092a2829728

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcf6aa4af8f02c9500606dc62dd98494
SHA1 85b272b7da6d4ccdfbd3682030bc3cf75a5ef783
SHA256 e53acffb65d43612f7cab77b7021321443169788775d36945d021a20341920ca
SHA512 0867a9a8292b8bb0f1b007410b3fe59abf7b541d5496d9543dc1681c3e53162c1ced75f8b10afb415919dc2686b26d6c0233ee09d74c25f2b2413ea35528ab9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60ecbe6967740a8437bff35170c0ea47
SHA1 fb23bcbeabceda3a089f25b8fce7bb56efeb5d09
SHA256 cae5b2fbe4f03c911233468dcace5e573b617e4dd0b37850d64178a651113bca
SHA512 56ca7af03ad04bbaddc53fb547ed21f7e3b154d8ebd88fde6d4ae48c514149a0245b6a5540eea222db583aacde8a130721a3e8c14e607b2b84ca6386316d866c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5e6bc9a817477a85_0

MD5 715e5b84e32fad7c8b4ba83d49f4d103
SHA1 340d3c4d7e1ec8e72b09e735e4de13f7a06c0a08
SHA256 8e18636292707a291b2f8500d45517bf04b90103ccc9ce9e8b3a92b418305df5
SHA512 4cde006c8016cc279a2f5b8e58c6f9b98a1fdc047a1174765e3fd665906de6a34c6cb1cab976eb2c22d13a12e61af2e884f561e0845cc588982b548febb58ed2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aee7814e3541c134_0

MD5 1b698b4736c2aae11a58ced4b869ef9d
SHA1 e4a20657db5c71785bd2f713ef3b87802f0c819a
SHA256 78960333018672cced328c0fe2c8d08897b0c28bc9478e328c6cc0bbd1461672
SHA512 3672503630ca2aa749b6aa6f7e2f4dc05d37b95200a7c4b42335bcff5cebf70193b1ac11a95d1add0e86b844806f209a9c17fa217bf0ac1becc8cb4d547daaf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbfc2240a4d2f88a_0

MD5 5ed59205196ba9e737dfcd8de3c5ef96
SHA1 fe38b281c645402a2eafe5c4c711cf80d909bd5e
SHA256 f7e05b24c85090266e515564af9360b6a29efaefdddeb18c5910710d7cd1ab42
SHA512 6af7bd35dee235e960de0bcf07809bcd39154f796256787e09aff4951d0bf08fb0ceda7015ec46a3a42aa0d878b011f91ec9baf5bb821ac190587a9f63b9f44d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f8bb7ddff3a5d1cdefda5acb9b80875
SHA1 d25cf6491c8ee89c3a181ac24f8fcd34adb78a89
SHA256 1ac1d167c1c9f4e2519dc2378bd7e6d0ea43d616db4b90da4ea01d9c24fc7a37
SHA512 0db10af134815742783751a11fe54b6c860962ac1a6ca2662bfcf73ff87e1ed51d188e942b6cf10a9d96d8f3fd9eb9a3369067df08bbb46bcea64d3e32f9f84a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f317d647063008dd870269ed0464550
SHA1 b9174feb5ee223d1cbb19e609f31912c885746db
SHA256 f1476dbba4c81e10925992c72fba1ab0e2e6ee8ed4014b00a189362c84512229
SHA512 0a6da3e31b97adae92aa999c6aba99d0443e504810970fca2dd0c81ad458f946d542ed59fa03b2ce92a2f80dec4f9c1fbb21bb4c8a1f096e1d07fd0aaa55c0fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 141c4544d74ebdf0893a053f05209daf
SHA1 3f45baa1f8fb2160080b1ffd376b2f505f422def
SHA256 3a600ed03424da1a32b26e149a4ff481e7f443c05fbe030b3fca8fd2e8d3ebf2
SHA512 f173e2cf6d0c13593fb90702916b867284340418a6880079aa305329c470cc024ba86e9420c2526c10b5a3923032a1b8890c948fb3fc4f3e89537c61716000cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

MD5 32bcd795cc2699dd5316561dea3fbf18
SHA1 43110afe26a54eb66ccb881c18f4dc40ae9cdfe5
SHA256 f2a40656717eb8a7a6e86920c41ccd8ae323a2a95d7ea04ff0817c90d5572953
SHA512 dea4c11e713f6aa0e543b622b0c558fccb088c781dacc780764ac028c4059cf3f65df5351d35d744a95d4b339fb7381869159a0adf6356a697fe60295dcd4651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ce91c7d3c2c2734_0

MD5 dfc0157eb7bb2b0d9b3de899fec8c7a6
SHA1 93b0c4e1b7ac9212a657f00917c9e54c9d6245fd
SHA256 5312cd55bab5c9adead5a78cc875be3d52aa6bcf2684f54062a31456fdd04e18
SHA512 fbd2135a114e546f18efef26751b32f3107f501a08baba744d03e0a1bee7c2805590ec0ef84d4c54546397c0368200f78218ea61f7c4abd1f5363a6d2b3b0438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bfde39962961371_0

MD5 fe8549a6e5784f9b634c206de22a4026
SHA1 d8beadeec59548d4866ddf78f356297ca767c91a
SHA256 62c5b7423aa8225a70f75260e7c794df434fa2607e276b8323696fd4b88d62e4
SHA512 1d23c514bac771dc9ec1f00026daad8b26d011435b1de1c6bff07e9acc7a17c3ef9bc2affaa4ca46589bbba2f2e91630b982b0284861b5598e7402d30452050a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83ce1fa1b2fbf1d5_0

MD5 58fecaea20c01f6257788cfb0b382370
SHA1 4a4e93e396b3677b99271cbb69258149902deb11
SHA256 67e6d66019f803b7db8ea7de3a2a26a74eb827b2470a81c905d65b658151ac66
SHA512 fe25f1f7ad8e72fa801bd3da5fb5f00d206a02ce8753b05a68e59f7b0cb6c3700706c031b66c30011c0274382872e24be184156d8215711ce9b552edce1b06fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 53fcbd03149fabdc95fca745f9611e84
SHA1 bbd73a026098ed4b725559b436479bb8e3014d0c
SHA256 e8fcb359a9ec2fb7a8772dfc9ed085da095adb8ba5a0f81857f4da65d7a57066
SHA512 a527a25af40856c17a5df7ef8e2ee1f2dd87d2e9101cf6e65ffd5fc37b79c7d9b22105f581824c28060e8ebb18241e136e6ac11cfde6dc7e033bbf782f9271d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b50630ea90866c6413366f7e83c6f374
SHA1 ef83ae147d58753978f2ba23f292563de33ae8c6
SHA256 56498bb1077098f5426b6199163dbd9ba490740aa7daf2e99dd0d41fda149f1d
SHA512 8d2301461e5f5288b5212db5730c0520862e592413808a3512e29ebad4cd1cb9e5e6172beaa300c5d95b884c25d07607f0e3ec9ed077c1a6cde007f4b990aa10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2367e205d5c3bc029aec33ab1fa2b68b
SHA1 609858733cac317a34662e2b27b40d6415ba6a46
SHA256 b83939f07fc53489abd3d0acee753fce6ae9a9bf74cefad4bb81f100db533bce
SHA512 9123cd37ff6e05672b4eb78b036177af88176a66f8c7c73336f9a3ae87db07abb2c2aec48d158777102ee31070d9150c8668126b3b6bb04f444dc513b3bfb6d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fbfb84bb4c1ed4223788a9661c449124
SHA1 4d9475ecdcec21e1ffe2abe560c58d6c726229dd
SHA256 02f1efad2fe3b40093c38eb3c57b4e17637fe1c2d77a70f34e78c61c37c40590
SHA512 36ac78d91c0c7882430aee1bed97d3da0690c25b426f1f9ebc3c9c986d196a573c681fc6fb65dc7c3d012a9a2673a2332ae129af0628b94fc759c881070f3bf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c61ef283abe375419f7ce1848bc1c13
SHA1 ce6e1032c14faa4be29ce09a448d245d12930d1a
SHA256 541336e00e3944ed5a7976aed04acd7df051893d9a6792b62f64bd6eba66c3f1
SHA512 699b0864f3798a83948f0151bbe83fd3085c41e639f8546d1a23c9f8f29cd03a1064034e51b71c257fa3f6ccc315fda25b9b53b8398fe7070d6480c01ec2c10d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000031

MD5 eae2bb98b9e1f8243fb1631652df1013
SHA1 04221d37f9828700850eb17e03ae079d3624e227
SHA256 b135bf0179503ed3057700dcef213a5121ff849a7fda78bca9a467be74f9e64c
SHA512 ee5ee6ff0e33f78619c05299171981b8ed584545e1a268c749c96bc7bd1f77b77008327eece7ba901810467279e72e1eade8da44afff48bf922632708fa37a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f087f6e3c9205437def45a229eac48e5
SHA1 19e1722bb38a8d2afeaa4480b7c482cee9f03574
SHA256 25b577beed4873c71911ac23448fedf253d34d1c63b0743356790b06708da13d
SHA512 4970f76a9a97e83e9aa22b36e8ee82f448599362dcfabcd094138a7d7b6b669e255fec7e62a670f2d57540646b36f6d21a72ab8d8e9386c7b446183d768e42d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28bb5260286dec722632326a36e387fd
SHA1 e3771ea64db6f2c9008827f6dd24319639781947
SHA256 942e6dd18800a604f8a050670d55141245634e905360b60180f5a36cb56a4801
SHA512 68a1cc365c6738755892bcc7c7b320158d70b0187012ea67799ecf0e3a82bed8fc76e6f7173bdcd57bf0ea2bc8627736432ccccfead6cb1caf0cc248508b8a57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b97f5f38bec6183e_0

MD5 247911458481b1e012aa49e74f9b682a
SHA1 992eef98d7c2b9ea287d6bd3018325d4ccfa2f25
SHA256 e30c4f833783f05108329cf8c3e0aa383392017acc2854c6db50de68c0af3968
SHA512 8bca80466e5287d7d79bb3085722c1f6f0de550f15994bbe964a412d161c20f8cecb89c30ce2995b71e3544eab619481c5ff2a21d98d3589bfb36f065bd719e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93d331e3a37e934b_0

MD5 ba190bc68db1fc68c9edbddb067cbc51
SHA1 d1abb38b42763817be7168b2ee5333c0938ff489
SHA256 fb281998a3bbe4cb50f58f8a6c8d3a6220100f4205799ffa934eed4d72db79de
SHA512 5e0cb9705ae89eb3271da9f6e2f20a89bcd6145b50842cbdb5836e38d7f7c1b3d5ed704ef66981166ed52068c829c6000d2af3e008460780f19a7dc9f309d4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20699e056e457c1525647fe70eaefa21
SHA1 eb493469e372549ab3101193527b861f18d6619b
SHA256 095e66d2416aa37ed254e81f4c3b40164c1e85ae018e9dc49d084a31b9f30565
SHA512 74619b621a0c0373cf1fe3b3c913cb42d18e71fb899d12234b2c55188de9649c575b7a9962a2b3e3b8f317a8ae584a37f06371a1f4cab7335acbc0e4fae4a11e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e768f225c61e612f7b62b4970a84045
SHA1 1c29768d147afc268f849909435e2e357ad57be5
SHA256 9615b658971c4900507b7be6dc5ba05ff048bc52dd4e8a71904e4ff6d248c441
SHA512 9346b248954887653f665c054641d37ce2f031ca2aa467289fe4249e9d2581359b2b3d04659c8a5b400f5b2d840500d7a72696553762fef8468c98435f5d6ea3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 80a110eec7445957ba4df527d3b25ca7
SHA1 39243d7bbc251f2a0e61176668032299803ff20b
SHA256 6c972050d9051673ae69908df6e6c5608210db22e0e640e6053f91c11af9e30e
SHA512 aa057d80146fe1b2e39a449de182b03eec6cf6060e5c70b656b82d249510699759a573bc0d4ecc3b9b73de1da50e50c8b4a9a442219309fe0f296e1052b88321

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5953655b391b861c0d83daa8da458d68
SHA1 14a809dfda672d0ecbea5796d1dc158e693750a7
SHA256 39d4dfeffaba41df1d22ea7a921af0bb6dff5fc6162f11f26d8f6c6a23a6d1cb
SHA512 0fe5f54ee20b2b5679807a56d8c807b237c190f6d82a025c24b2f1903381b4835531622e3a9c42822cdccb807b0414a299fbf39a819b9527c03e7623564af8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6af270919ffae470_0

MD5 3f2ce80fc2ac8cade4715faab1092e8c
SHA1 99d88f13f61cf1784b33085e6b19d33e6145e008
SHA256 9fb8777f21e6d7e3396aa6c2dfbf70a776ece99273e50c55bdcbde5d177b7034
SHA512 31bda96a22466c9e4f7f9fe1e37f856bd711902fbd994aade28e4b7ea230d67043cb1d0bc2da72873ab0d0d4797febc1dc9318722354a71745ed233cbff84206

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee6f0030e5128e5_0

MD5 ae65f5733709e97eea55fba9d3d6ce2f
SHA1 ea82b991fa31faaeb3ecb2032db168325a1e9b2d
SHA256 3c6c4c47ba8d5ccd94cc1d350f42eca3842473a051711d50126b524ddfd5d9d7
SHA512 f368deca49315c4e315d8221bc51755d6ae09ae0048d3db0560902e1d27a7fd9666c5a0a12288cafd640c92fa391176cc427a87ccb45471767fc673f646387c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2fa6900268c3ce3_0

MD5 9432b3f49b7eccd9102acc5d15499acc
SHA1 ba61f5c66df77577060264c7539fe19728740742
SHA256 d9b1345f02ad3b0e33b16211f91da84fbf7f960cc5f2e6013e9a5cdd9f33e70c
SHA512 554e0bef037a1007db9faab9f87ce55f12a735e1773b339abca1cc5364ae6eabdb45d7918fe985e1891d3bf1ef6a139aae7ffed3c0769a07e46b36ffb8d7d337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\225eeeeee166f9cd_0

MD5 eb6aa261d4cca41e09772b9254a0f084
SHA1 6843b3b6439821d1167914844acb1423f411a3d1
SHA256 4ed2bf7454ffac313d004a129d9728ca94b62eac560f2dfa5e1ca4b88e2705e2
SHA512 0d35a63895de9dcaca9d10b7948171f6513f5773503e2871d4a14364e658b77d12dad452f3875e03d9d8b4dd8e898bb029ac4532df7b3ba31eea9cf2d67cf44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ba76dfb33cd7b721118199526b973645
SHA1 63538b6e2945f48500a4689cfe072e3f18540f68
SHA256 2d21a8687e32f043309a7d0c110824e4e1fbfb1ebbb25be5b937dd84f3e67c53
SHA512 a1c98ece9305fa55819c4bc429c461aea7c491d019937809bd7cadde2249f75d431e81f67b01d7820aa353f0a7ccdbfadd5f930e340af5d85ea3affb1effc4b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 526ca4ca8065c89cdcd56d29a00f3fef
SHA1 a3b4a86710d8fb3fece21f24c4244195c044e8cd
SHA256 d2a2a10c4c53939c4604dcacb52f07baad5e4a7bd7af25eb2c1adade8ee747a3
SHA512 6b90e288fc359d9dd093df3b9e2af8970e153b6d4898a44ecb4a828a3d11f11f93b92588c51ff357092fb8aa66ba6d8350c2a052100e4733798a3f5a1b09ed9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62a6a6642abcd4bdf9c95ce2189b4db5
SHA1 70633a66ddb2eaf4ae570bd150a8b69b2251933e
SHA256 218918284d05066fb3f4437b4bd3fae51d2944c369b61a02d3bcd1e573c557e2
SHA512 865553d22843bb314a923edb759e7291b0352a091cde4ea1222383dae57da5a0aa69baa12a256247d33744f93db162878a0acff4e757060f8f671b7300455da7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55d9333193befddc489b792f250fb867
SHA1 ecf97f348af2f0db7cf3f73919dbdd0add060c5b
SHA256 4cc23a99c4603e47f6c439224fea0a9050033ab2f16f7036a1132f56832a393a
SHA512 e5f9d7ec5a41b75b886d8d1c99df1e3e4aef29ce3e4c4543562ce5f53e7b3bef71dd166fd4876d7d2d66f4d1722cbabfd23953c44f19183aff9dd3cf8aabb5c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e24e227fbeea57a4f1d74a8eaf0d3d48
SHA1 d5635be2e46779fe78c9c7894c586b35e6c30235
SHA256 bf4e61676021e78f408bfc8d94d644b15c3caf575e135a6ea92c961b8e049759
SHA512 9361e52d93cde53407669d2b1c73ca4d91f5d5c31bd70a5707a24f24f04491887f14680036c1ddc4135ea51ec9f75dba4d9d6b6792b1d50930df6e0cbe8ee7cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60a216b9c07903101bffec09ef6320a7
SHA1 043dada3ad19606f5a4f123422129f4d7dee856c
SHA256 708dbc62931f2c9ea95dcaada9f252a903bb03e988ff3cb4cd03b06caab97346
SHA512 acb47cacf58b0327a949a5f8f0b7a02194219da0cfca8ff980884265deb0a88930472614d8538ef75d992e25c0966b656c45b9e1c182d28bfa821b115fd8da36

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 af3f3dd643669f93cc5334cb589f0003
SHA1 b5877265bc9db3683efb2908ff7157d5e4fa4fe5
SHA256 d22e9e930e5dc0b53b6d1cc88e710a7271b601342acc2a1c00b607794b6de2c4
SHA512 9ed01c0730393b55e6e63f79fd65b29634167fc8fea605225640c2e0ee86128cd8ef4e01472cac4135d090c55139abb009f2bdebed19d05d9611466c6d34b7f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00335235a363efdb4aacbfc5c9e39056
SHA1 d2f3e5432da4513d44996b13ac43f40b44bceb00
SHA256 147be681597b9843a84201fc9ea14fc12f52e03edb17eef4a27b87615b0940f1
SHA512 e17619d25a65f8520e9c4b28d54f0a39ae283479035f45f1aededabddd880495c3afe929b52ffe7d75b0338edb107b29088d56999d6711b3b4f670c825141f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\9357eeba-f8bf-4e66-b916-b7fce7740876.tmp

MD5 e0485c0d743883df435265f51f5934ef
SHA1 2be1dca331fcbce9e08f7c58abc23a49988590bf
SHA256 cc284f9755742791d39cfcaf4435a39c727fd8469bbaa647809f3b710cda3cd3
SHA512 b518d0774e6ce8cab200d741be0cda0cb3905fece843bd769e0b64c437a903e204b5dc0fc6544b425d86861969a58f7f2aa589eea8584ab60b056183c1b551ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000141

MD5 3eed1f2747b1dfcd010707087c176785
SHA1 74dd2708c091bd7342229d70d4cfa068a85313a7
SHA256 67a6518dfe79d127eafb639ef9c2746205906dff06f0b6bd1c9c7d5e75915088
SHA512 fa6d9b0fc41b2331595e0235d6ff1b802a40dc1069fd26a68986a7a6606a137ef0c0cadd3d676a6b0f90e608581c5028b3557611992ca084bf02e7598c609e18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06d95bf7a6907c3dea9e74ecd5e1985d
SHA1 24a376f23acf9163e93c7fd5a5d1e2fa4a3d0383
SHA256 b43af7418751056a84db2752b1eb4bb9c5aacf9621a22c33ae3c2f903561c1b9
SHA512 194683feaf57272aae14f724cca18ccd29a542fb2e5ac489b98e869f24ca3f1257851157de7a68fd11e814a19bd907deeb3339cdb14902c035f3fea9c8bb413e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0865c87dec25889a2f64b8e28fe5b561
SHA1 80d21215da8541fdefb1bc2319d3f5392053ce4f
SHA256 4f5d44d490c7d0d5b4e1aa090a618189abe26649446361b16ee84546b2b1ae83
SHA512 a813283cdcde328d36d4e6db7256a9c6296b6ac9b0bc241283837196f5dfe617eb8619a906f7722f3628f1dc883d25a2c2b5159ccb6dd3080d27b4414d8c1ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011d

MD5 df8e486c6f340d4237f3313cceb26345
SHA1 626b6102d1f9dea6f70cc25d694b6f90a31e6d21
SHA256 386eb10366a78e52f31ff0e5cdaeeb480855700528bba6c75ec53f2d43dd4d6c
SHA512 6fae8325b77fc0d75b9e9848ba6be151d28e4382c2389700e9643015eea4e0a5365c363a271a8312a51d7026e04049dd61cb058ae7abef8be861b2ff91451278

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

MD5 1005c0a80b90c5ce1b3bcca24d42804c
SHA1 f1f55fd0d9dace26fde47689cf29ba354893db33
SHA256 894a87b307ec7bf068e61b81d84e736351fbd6356e73f1934ed50f4ca743a1cf
SHA512 acc3d3106e23391723f36c5c3e42060d99f8b7ce3c2982489c2a3ab967a601d9702f21935b67860813fe75188801061ee1adc940070bb005e13f8c45e87b5ac8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 18fdf35ce079ef02720bc6492e6f9321
SHA1 6ae07d8ef1f21e3ecd63891e6bc382249930fdfe
SHA256 14d2ff7585736c9f9b3ebded03439f1de151e6d691bd75f6a7d56be7306d66d0
SHA512 65f21839f44baccaa791e1296981d88072da095601f61f359a2673a4f1edbe3138ad2ed015f8b53ce7042c14ef4867de3245331fd942534f3b4bd214920ba2f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a45dbffdb5b5dfa58574b7f7c31e99c
SHA1 0bfbdb5adb2fad07ccbdcb8a340ca3de940af2b1
SHA256 ef82aaa35c3ae6ad3286afb3046e2c024e70b2ab5a7a59d8c12907fb393e6c25
SHA512 6b4a2d9e5e7b14b6f2128b2ad39e7d04838fd02979679a27f7379ced5b0ba84f6b67c819fbe3a910202663da4d36c91a30129042b8c8a627804fd62066f4932e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a00bacaa2279edbe6c198f7006762f1d
SHA1 ea2fcc97ec53dfd53db12fe0e6f728a5a2cdae88
SHA256 2fa568874caf849fa94cb2a1f1307d96d76569f3aa901769bed5740b4a2196b8
SHA512 120e481342482cfc930a09bbfda50bb585805eeb4bb1f7609fa12d940a4b2124fab6c6164b723fe04ffea92d5eff0a08019002e502c1579aa96a60178cc3f4c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0e65d2c122db57c1a62715638c8238c
SHA1 cdf9391b78ac836230f5d1155b96dc814ad554b5
SHA256 bfed159b180c991413271c8cedffb8b5ae56a4b9e9ccdbffcb569c0f44dde50c
SHA512 6e0b503724ebd6f06e133340176e27f5373a41f00899eadef4ce70f02e969fb026e144e2e151828df7b7daf42c40a55a3a861467e213e2a233c41df2c0e2ebce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014d

MD5 7820201f0db0c706a0ea5bb7ce018ef2
SHA1 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA256 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512 bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014f

MD5 bf6932806538be17b488fd02dfb7d3bb
SHA1 de91359b368dc30c8b18ec7df8095398639f0615
SHA256 fd595f23cb850653f27080296cf9570e0f94332bcc6a68a1b02b9f071b1718b7
SHA512 231e1da24cd32a37bb0f9005c953ff8d89f1d67523785ad5e33c26a9de99e6a0de9eb043750b95419f3bb109532721c54f514eb240fc781af3e81730ed69ff9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014e

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0c3febaa1707f1d6b54950b07ba129a
SHA1 bff2bf87598029a6d12f82a27cf9366e13579b0d
SHA256 19fc81fdd0dd69bf535872361f95ff89969d2307d07bd274c9a292456fd4d6f8
SHA512 33a3b57554108459ad3498aaa01d3224d3b9013f4e50c6fcbc0a22e172360550afa586493bcc42539adbfd78b31cf6ec6db166fb30c70684c1770408119750de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2352ddc00ce694634d1d349486fb2f2c
SHA1 0cda3608383d3483a55da32329e01a201a222c8b
SHA256 aa52fc39cd18dfbd282140b9ad215ae2c6d85deb5dcffb6072ddc6eeb159f2c6
SHA512 266d5d544717d8ca795a45e4e49d14aa1bf4f7e7e50ccc6f91dcce4594074280f26a633ed7d442886d2c46a916e2edb61c9eac627a79e352d731b9da4e010f10

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5d80f97abad75542605a59b709e5fddf
SHA1 e3151fefe05c694cb943bc1801fd333baf67f519
SHA256 888927d8cee9fa5704e98e110724e0bba02c6a38899323a12956fbbb2c608aab
SHA512 54ae94bfd7d75c4a205e7fb33091c952280876c5c6c8c8fa76c645a6905645f6c8c48be3f039d93911495cae5db4d0cc9962685e5e7f70f91906dcf0884d829d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 47356f236ba8a189ffb2bf2916dfc65d
SHA1 d7ad03bfa302d4fb9970bac97f57c9e96701dcf8
SHA256 bb9e4d29685434a42c6a44b32e23bde16d81692582e1237a2e4048a36d4eff7f
SHA512 cba6d72f31628985efea9d609384ad84c5367f4814fcced9739ea8a49c8a26e17f367d0c0492da60466f7f16816ba5b6a700792ca9e59eae528ad465ed7f792f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9306589957723f3e414f9771097ed9c7acf394d8\4b4b16a9-000d-4103-97f6-d80529effd3f\index-dir\the-real-index

MD5 476540043fe5da69b1341dd11e445a43
SHA1 d13acacb1491173c11c8c7ae3202f055210a80d7
SHA256 14d73f727dd64745dae1162d3000879b2c6a200791046d1ca41790b432582ade
SHA512 6abd3b6d14821093b36fc17e541025a9af3af1d6fbd740160633045b0808b9c0769377843720a02586df0d0595d4fefcb3312d3d28569412404345fc7393d29c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9306589957723f3e414f9771097ed9c7acf394d8\4b4b16a9-000d-4103-97f6-d80529effd3f\index-dir\the-real-index~RFe6f73e3.TMP

MD5 6d96b8c8b5f428b49ef0bc47edd014cb
SHA1 fade8cb8b8577e821813e8d884951bf8f1a7443e
SHA256 a7b8cdd1bcede8fcbd9a55c4d63e42d9e8eb8756f4b6b47988e032993b77ffa0
SHA512 e0b042e1ff858bacc7568275e1acb3f83a3227aa1147619989a2d3e5fc64f1f1af66bf2ee719a77ee959b1d7b26158e4b0c01a2e2414e0d4952102d9b712c893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9306589957723f3e414f9771097ed9c7acf394d8\index.txt

MD5 2fab38f7f6702c314e0d131b2fca977b
SHA1 71b7f3225b59f909b6e59cdb2359f7303b498386
SHA256 52ea59ccf0b4517e21ca61dddbd3f22f10b6e5168a7cc5298ae47ec48ab4e00f
SHA512 ac8063cb365458bcf5207ed58de1d04bfa7547b6a5e586b7370beaefe8f57c22a7fa5227525b50a25f1f52599296cc3eccdb0716d6b6ab756ab436a0d1000142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9306589957723f3e414f9771097ed9c7acf394d8\index.txt

MD5 78f3f7e79362e830bffa1b3e0870177a
SHA1 078d9ff550c41e1a7196ee53d01ae8b101af2e31
SHA256 ebe74d4fbefd36245181d8d62a1e81f9385ccee3f1db9e27787366293abee2b6
SHA512 69120e8de571a6d03e37a8ea08ba085149eebc419c9f5c1f178f3e542fe6a60d59f0255ea76ff275527b34d5ec7420a5f3024d3c4bdb0aa779175b0792dca6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 521f7145c0734f86d6f85cff7540ea41
SHA1 d1c3386898c75bfdba64aab386cdd6f4d581b252
SHA256 65304813c99484eb40aa3cad07b5b2a5945f05aaa43ba583f2d606bd9ec74091
SHA512 07c6b546669fd30ce683d06fe41a18a0aaf831ce953dcb0515bb6f9b435985c2d33b76a06395b620c6d95247426c7c19bcd8fc752c8e8851c8aec9728620bae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bfde39962961371_0

MD5 dad7bc7f2e4da85eff168000553f373e
SHA1 809bddc88a72aaec7343e700ebf6cbdf0ae23576
SHA256 ff36631f426a8e7986db4472184418dcdbab223a8cb6f9e103c56809579fc608
SHA512 db9d66fdbd37e675a8f36e5be3f6b2b72b816a69ff5e7cc7d2e63239c26c4c018c3ca49d73159a19f5837435d1287a608fe65bed800c684b22a78e9992932a16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf3445225033fc0aa60ca1999518c100
SHA1 294107f02c3cce8a4e99c536ff558f742bd83888
SHA256 c169e7a7be74a2959133b589c254dd5c1966e7f62a6721ac23af9b477647beaf
SHA512 8857a1f1e382b89c8073d9c3fac0fdfc35c634fe0f39d15c5357143a3f03aa76ea498de82d8647afb8a0dc3a6447992a7e5f553df959f08208a5b6d995c7a3c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba6a949d0ad853dedc5fb2375277b61a
SHA1 5d9469e8d9dbf936a68df5a38b2e3d725a483ff5
SHA256 f65bd5cb27cef20e33d03138d926a105f41686c2b995cfa222b0aeaa2d6c5cdd
SHA512 0cb64bd1093264b20d4fc1d6d205c83c5424321116166469bc0fd584062299c3abc81f5bb485aa9ce5e17b404c0c7b1c60290894511320d56cbbd9e26255a5f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a56e2c4d2bc8271df62b0d5a7c65efee
SHA1 adb8f25a3f557be5a0c2089c38b97fa6b51b83aa
SHA256 5d71f3acea8af78433befca8e6652571c3b1911862abcefbbb4630eca2872306
SHA512 560be02048d43015e481e561f35e9053b35e28f675ebeccbea901018a5bfea6b41ab07a8a4174abeaeb954b537ec2adfb3aea3a71654a06d509390c23a91d855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b10fd8f5b56946339234b09eb4d34f16
SHA1 8565b585ef4282847c44312c449f1ab11d993f18
SHA256 bab841708756328e2103a2ea359cf76d8b626ed18c2c6e6ade44d678c0b4c965
SHA512 b95bbf9d4e95faa9159ddf6c6f4e25a62203cde9c2f406e2bdb752b422000384f0ee3c29a6e573989edc3223061627b82677478ea4a98459f24ccd006849190e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86b8f9fc2d45d61e53fb33460d6a66f2
SHA1 556b8e6802ab659a2805410d2ec6afe42d58d7cd
SHA256 856b8b4f4166a1293129c056c731d5d6a5088a822e6be39c52deacfeb76f5f44
SHA512 35c6d07b712fa5244e792255b2ac2b6a9d3fa5319e733e20d2ea3f1efd9504fc0a4ac22d9e5d607d7948bb3f401a48f5e233f5ade26d6cef9f77afc1c424370a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5e6bc9a817477a85_0

MD5 bacf9e462f1c27bbc6353fcd7391fe95
SHA1 e5968796a3a774dad00722e4a63a6086b9042ef5
SHA256 251556b4f2df984e505be9effc51c6f58ef379bbac7643049d684dd5766cc81e
SHA512 88b2fe3f030d44fd7de1aff8e1b9fae4ffbd5b6022ae98a01a1e67b8a277c1bb20b0b0a200949f9b8b2be3b61152e10287f0cc5b4b820c49be712703b79cd27e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6692dff8dfc5c0ae_0

MD5 63eb76aee7882322af53b29c4220290f
SHA1 7d9a6972b41cf7d14f215fb9c9ebb636856e6cbb
SHA256 8eb5bdcd2e819688b7d4ac16c3cdcbac719d8c35cd4322efe266ec4b1af43661
SHA512 b81b3f492ec87b1c698b666f186ae2f210764efca2faaa7ef462fb0ffdb716c2a2aea2f0ea07c54bc9ca49cfc104fd3fa26b53a353aa5b1b2b9255824e3a8774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ce91c7d3c2c2734_0

MD5 a9b2216cdf43422c5246d95fd13061a9
SHA1 b8ac31bc75c9590dc0f0e9f7138b891ccef9ab2d
SHA256 25b3c0c2a4215084d3c8b5f349f54c5dcc0ffb888fac6cb18cc6a0609ecb6e19
SHA512 a9080618bc1a21e4225fbbb1cd64607e7d7b683c56a66e0e23a3d30bd3cb4894b67119c29f2f6f849bedcaffba42fc17b5f27090d731c8c9f0b05fc3666c2e18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\258750babf5d91d4_0

MD5 f017d63fbbad0eb07476ed781740da12
SHA1 9463d75a71d6692de63ee55428320104c5f5b0c4
SHA256 7f91ed154498c63bf62cdaba6d0a2fa6c30c906fdade23a7c13d8cb6fd9b3cb9
SHA512 bb5ea9d288dbbed6c6be3661527ecda885fed6b3d092ba2265a04837e68acab837e1aeb5f7c2e44e10947603342c545ab1c8b8dfc428a7b3089417c9dbdd4c1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580ad99de3363834_0

MD5 ff71a5b4e44890eb2285e72af50381d4
SHA1 e9ef7d581a940dfb80f12e06b9745911066ae88b
SHA256 0db1e2160fcafe1d904b51c38e5a4129d279fc4be10b453d5fe1919faba52db2
SHA512 9e80355cc37bcef9f22164227d27697c3962493c3874e2a6756958e764df0b5c63b7b0b84a768c50d657fb4041554cf6cc26dc26c156ee552b5964f77d496ef7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ad860519fb87cb5_0

MD5 50591c4c51c9c9af5423b60e930ee5a1
SHA1 239f40b6306a3cf8917007073e23a12345a8f28d
SHA256 288990a95d9efd49737bb8b948f66dfbd85eda6450296a2cf7f90bc2e322e246
SHA512 11df5398a367d02e7de3994da5dd5d14b73f0e34d228eb1d06f101685541eb42ee0626f077988ba98c0a4419cdac4c0d974b31fb54035d35894826c6f20d0abf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4dab1a212dd64445a2924959d9c54095
SHA1 6c2e394bc3343e4ffaba8d92da43d3ed1a2eac55
SHA256 43d364edd386a983c0fc80119249742802380b8ed3793ea9e1ed923e7985d968
SHA512 b73591a5e147959721c7612d95d6a79d2b3b13768721c9681ff052ef1ab31c4aa300ac43f221e623a31f8c6134755a87b5fcc8915a9497343ab4df4be7ef5f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5016a7bbae9982e281526b4ee929ec0
SHA1 af902df78dda7d2960b8e6951541295b5a5f929c
SHA256 1a81bc889eb3d0d850eb3c548a94c885d615ebd1f59f11768a749453f1ba12bf
SHA512 719a2cff591f4be921199a323af77d1099f67c44b67507881cbf2f1cbc18d54aea98041a815720aeaec98b9c7651c5aa684b198f919dd918a0a52c478c2069db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 4244eeac12767f4303ed6531bd768a03
SHA1 65d6392c9382344e718167645b4be1903d29dbac
SHA256 ec589d17307e5cf91e05d318d3b73fd62413772881d98472fb106627f61a3d65
SHA512 b80e5db2eee13f151da4ec7106725508d0b1511a6f2845f3b4fe98a5c13ce0f07f8653894949304a28703908d75103ac2c4a8e608c4e34d704383271f5e09b25

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e05600728f95a735f2310f9f7bf6258c
SHA1 1b70f2d0133ef7957da3c113c6ddf2321b243b59
SHA256 a59e4b8eb65be514bb5ea99b498cd322a15e7aeb2d8158ca4b6f409e51f98a44
SHA512 bb4bb186acc0d88c62af912b45288336fae06755c6195e9b8c3a6bb8194275bd4fbddef5d81b329f41cfa84c7e533c2c700a548ebc229804fff8f617e5e673da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25b7f0e40f96006fb576d777d3afd3fb
SHA1 32e76a1ba3c7f7f229a8aff47a04eabdeb83c5b4
SHA256 5a2c43e19de6c5d66e9cf07f1aa285e6a176a7d5840341133c6cb57492a64974
SHA512 5bc0371000a258301263b6c9d0b39ffd73b1e620670d891810d0499a8b20d37df0f2c1478511cb7f0024fd832e990c4510f42cc64e55468d0baf1d72c1adf40b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d60255cf53ec62e17f069cb641f6aa0f
SHA1 9f27cbb9ba1a389a72bdb1f4b98a3afa8f1f1d81
SHA256 4bdc79e8a9796de2f27e86783d4672ab481e70cbfc651812868553960457b648
SHA512 4ee63f55f8c4d821de154a0b6e55b2957e89b34f2475a7a5c0b2f04692cef0ac6347e932e4f4f7ef2ec43f0cb7f87de5ae5b3b235ee3d8eede1b418e0495c1c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4652b34331983d514e0963d8ea071f67
SHA1 1f6f09deca9754f0d17bbd4a0594002e30e5e934
SHA256 723c873db6ac219e20a0bd39e8d47fe8dd40325c28e66c3b46ee8bd052df096a
SHA512 6dd13f3a89a717ca1ef5ef27129aa83241d9042a41bb4c8bf3bad3f6bced157aa4c07b4e5abb0cc0c7ab90ec1cb4a6d5414fc071b5c200f6092926bd19cb8a82

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f98ff74bf68ccee360f54bd845d4b71a
SHA1 d28fac25d4d0550611427fdc82a5297b43f3fc21
SHA256 bfd83ac35596847d9a0efff4729ad144b96c1a6aa8a3ff83d5bb29efd36f9029
SHA512 3853a5464c6ebba09763f4bbb3cdf45947e22e5de9ffe6af9bc6ef26e9f067089ba534cd880650bd7edce22ad13b702387b7c444279174c5c759d2499ed95a11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18320911741ca849a644cbf36754c0a6
SHA1 0f2bc629bf96df680a6c528a561a4c533a38d16f
SHA256 6a9f7c815617e61a589d41420d81316fd6d762f1f43b68ea7665b85ce964767b
SHA512 8cba4e241ed743962b3b12e7beb232a699347c1c691fc52bb2128544ec0c1f3f75a075a5142b6c116fe4a6c8fdb3b808c0e51a7ee420e4cceaa61876debc35ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 959afc93187a1e6274fb72857249e4c0
SHA1 6f758c1a723ded15353dde049e775a4e8133534b
SHA256 7e4c8f0e643fa40572a19b86dcead6282b0ce0040ad4f57d9e8d72a7601dfcfd
SHA512 c7ce451064122104a2b9d2026644e59e5ca95f698c7e59ec98c697e64fc03f1366eb354fce32e9b2497a8beba8f00ce24b5b12df80ae766743ca69a6f6627523

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2ce0a3f4125f26bc296f66267ba00bd2
SHA1 5aea22fe06d528b9a2b1e479440138b211988fa9
SHA256 1813a6abbb133ae812137916f72e7244e210848c86e8925ac31baab595bbb5ed
SHA512 6b89e28ac021f4aa01447d29a53f8bbcea0b86dc1968cab7fc0cb2595678a8ec6c96001cdc8ef50c50ffa2edeca7a049d456c273015ca02b834e93bd0ba979f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8bfb748009fe19145a07e4ce2508521f
SHA1 0b9856f484669fc14d752e5f281da93c7db89dba
SHA256 8f0c854ccea71218dba56adb83c3008e717aaf984d7cfa9d7882057351f87423
SHA512 d784aa38e14ff3fcbbbce83d3c420c950bdc5ebc80f6d62a7c095087ab083b2ec36fe070dca43fae8687a9a2b5e193011058ccf19039bb2fd369689c1d02f10f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 295f1fb96fcd8dc272d2155a785e221e
SHA1 d5ee09cd5a3ce41b742ae0fcea193bcf6cfa7fa2
SHA256 4ce8dc785742bc0a7065add2baf19597a3765f7383bb5a085bd05f302442d299
SHA512 b17c8dccd613424f2209873e4703da40422c7efc18ee4da9350700351b59c1c4390aa4a415eac694ff9473cda032197e427428d145edcc4723bc63daf281ed08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 90bc35f8a149b03097d3a3d251b6f690
SHA1 82732fe7f021fae306c339f23d1a1e7627c1f83b
SHA256 d4f4928f7e0f8c27c5e70cbb1c3621c4c764770d499a9ba0d6d7e587d990dd57
SHA512 14d7772930af90b907ccfe2c5e844a3f4ed1b417df69dfd8f94c474bfc1692b1f690bfc3bed2634590a25ca0b9462d90e5ee70f0c8f2583af1418843efa3fe09

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9701d5c8503fcbfe2e8475d8daa0ff28
SHA1 fc4748925afed960b2bdb2100e67d10c2ba46c22
SHA256 cc538e08b7577779d9f65776f719a9b5de828068c11a4c67b9ce7d5305a70085
SHA512 d4940e47baf592ae554e226a00c57b6adaf813f341f9f14bbad9e8ee8b3f193069d51eb77a29da54f9e471e34c58f9f1ff805427c7376c4129d5844c02a1664e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\1b9a169c-3b3d-4b55-806c-8aeaa6bcdddf\1

MD5 7bec04916ccbe6012eb5c9845d92a4c6
SHA1 1c3aad50d47391354bc7d81ee67c7605cd8c226c
SHA256 07c9b6712ad157f7116748d2ac0dd5fc6fe412a5fbe5b7ef2baf943e1f8a1db7
SHA512 30fe826a3f7b3a34fac7d9560caca689d27707862ecb20df23d1aa262c85a66463c2686013b6d7bc292c10a06d0fa1ef0696c23e3ac998d5a1ced8881d05aaa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d21589523501bdf1a25250db4e12ab2b
SHA1 6decf301cb18c227efb2c136c05ed8d1a2bbde93
SHA256 a4e11802f1b64f75f81ef923e9a1394c9f25e0e8cf61daf5cf89099bd90972bd
SHA512 f4852bdfd5f459912523d34672800f9f698dd8a4139255d48fc7bed8845aeda855ea5952acb80ef7c4f2c6d5dc91dd90ffeef284e3fac38f194e572873374a8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5062c6afed47b79a3ac8036c295052bd
SHA1 5bc312fff954acc61aa4b794a727f9b803b4493c
SHA256 edd6b6ed5122a8625552d444e46929bb058b6f15853ebc6978685b9207e7bc32
SHA512 a52b5a814ece4b4e589ec906a9df96318ed1cb169ff8c06405fb23aaac661537a8bb01cfccfcf1921fcb6b9b9161e34fce8b4177bd4bb1cb449ebf7cb58dfc68

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 43e6ecf5890533c9d18d257a47c4156c
SHA1 5a30fbab6c2f15759f1a95184ae0ee06a3e81e8f
SHA256 dd78152eb01813d90693a3cf539560f88281f06c02c29f4e3b56a145ab20089b
SHA512 bbbd1676a16ee60dc9c67896fea649d29708b883d834c2f94ca5a17c9bd0b9c58e3fdafb847994667d64eff535f6adc35114730943f5e883de85f0a536db4c0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69c6accbef14daa002b1226666fbfa1e
SHA1 8bf47d2bb937539b56c5e31c53589f33bd3836f3
SHA256 437873fa386c7661def61d1e7d9d5ea52d9047ef174e6fce45cf55f0b65848f6
SHA512 f834bedda5edb014e18e3b77a8a80b803c7317d3114f1ead74e7e077601ef17527671bc4fde6e6c2ddd94fd17153e675ba452885ffbd500335c55f1c57b08af4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3cdcfe7aea9ea4392f570d4776874a9d
SHA1 21666acc7bafe43127739fcdbc8104aebef77924
SHA256 bf9f2cf033381bb6ca7b9a6ff26717f262c7723f2aa5f2ba6a6df737894f2cf5
SHA512 983928f02f19e06b6411bc9df6868dbce40e2ab7c65f411f7c671f705db0f2246d574feb4136a1862de042e56a478e28365f753934aa020bd82cedbc5cbae8d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85fefb6b182328e47bfa37a401c1d947
SHA1 db1c7f766509a897fdbe4ccd32f863fe9089285b
SHA256 e1109bda32fe9c81b69a5cc385a0a2d7aedf3f6bcede3f5cf09eedd262aea878
SHA512 edba837de727714ed40955a72804518e22b91f6333f8a7e24d0d44aa7f737343a481269cbf361a001ad8e988bd1e20d1f360625535b9fa8d9ae7833414ef19d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99d8153c4ac9484668dd47399f192694
SHA1 a0b12b17c42663051d4c8b45fd2e8f314fc1ca52
SHA256 1bfc860676079e7e3398c701c422b92eaa8711f12879b5909aa06322e3b92447
SHA512 c827fcaeedb5492e22de9f73b5a22c64271ae7ab8c4957944939b4dce0f42e8b4ee2dcf149f2182ffc8aba5759e1f64531237b3ec31f78bba600608874c997f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e3aa96a5e7eebb2f346b9fef78803f6b
SHA1 c683e6119f6557c179534b67309208dcea935a07
SHA256 e5c0e6fd3595f4eb0bc7d90f64fb94e62709aec7deca45764d92495033b54ae7
SHA512 e149c717a4c77c2c669d7e1bfe22b24a5c80e0386483b967d087e5d5b2c926bb451924cadef047f2b7fd5d71ae8da42fe443f62cafebd2ff6474c0cfda97b152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 223a7a7f9ced9ce3a8e95769f397ddd6
SHA1 2f4635a7eae0dd3319456e7f7792d4e710820852
SHA256 9255ee97d73f7548abe8c5b87cc13f9e75b68ab632e415829a916336b3fca461
SHA512 dbe9de9fe87e2e9a2966d926e66d92ac3913846e42d423fcb241e3023ef18366bff399a97bb75404f1046178b989744e1d4ae3f281ac35dfd48997f654a8acf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d51dd9c982d450c77d7efba9901767fc
SHA1 69ada30adbe919e32cf0e600b0e372910e188fa1
SHA256 b1d3edc5b6df5b8023e1dde868f4f818943b1de356af84f52288671d498fff68
SHA512 3f4021156f819eb1f6a8513becd7d2e535bf8a3cad91f054305028a0c66fc5c901ca28a5d2f7b070943d0e9dab53f2622169667152a9e563c1ab787b7bc50fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dfcf5c0a32ce0bbee86c2675b367fdf8
SHA1 6788ea795f3886186571ef78cc7b45881245fbab
SHA256 fa23290e8a9bfc762fc40ba5cf485a9de4b255e71ad900b471fd3c86f24557f4
SHA512 e94212a19a809f4857cc81df3b1874cf3ada178bcf045752392feb4c385592bb1179f3e5da43c71a97d85e7fdc68e587611310a6f0d037100cbcb34cbe6bcfc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a8070b9efd666f1af2f47d8aa94510f
SHA1 ef6768c620be727749fae13d4b4a13083becc685
SHA256 9e8ee105d0f25a19c99ad1afe6a976a9b82162ab44e0ab56bef3f47133e78227
SHA512 bdf1f5ec93baba36fc053eaf9335e13c91e96ed6e1f422ce27b771d43d9edbe61c427bdc41a096ee07fb7fe906a21c45ace75f60490127676a100e09ac5d795b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 452d3cfc131a5e30b63aeee7dbe130aa
SHA1 bc9f7b0e2247e46b8a7a3e767dc02e2e7462cbe5
SHA256 6b0b12e31af208e223a68740e509672dce5474b8a06fbb8111f1b5658e83461a
SHA512 f7647c83ede17b2d527150c20a9d813daba90b9607ef8812b4de5ed5bc500026eae714d42194a1a0746108173667df481b0c90064c24243e4b63883a1d749a56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1bad9f52a3a8bcf407de68a9467544c
SHA1 41ae47eaaddf22e92074c9be27135e6744446a43
SHA256 96a4239b9f0c7b4282902e0d57bdd8ea6240fc6d3220fc58f1ca90b17136ede2
SHA512 4b4781bfdf421aaf6d3218faf3914ad1c362a658a954175d677e9bb28336f492b6b80960d710cb47207c2f87add36f32ad584f00eb4acec3bdfecd8c827188be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6171fd0c86ca07fdc33afed81106aa19
SHA1 925c7c44f6789c78cbbb162bb98522a27dc76b86
SHA256 bb104a05884ecb9f1efa7bd22bf786e288889bc0b0ed62f5611b0a1bf79d6c21
SHA512 656deb2e2e98f287116a045b0ec0844ce4e1be599807b00f057e92505197ee205f89cb023ddef8a2f844db9d56b67c6fadb3fd955fd692bc8ea2fcbc919636dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 64b56de5bf8e98793c92b5957eac66ba
SHA1 e42f2026d12fd732410ca98512398a4e117b458a
SHA256 475d7e52633b39f9339522d52fd8a65a97ac1d40011cfe3af4ea8c2cddcd0a75
SHA512 b2c1162a2990110ab66a3d73f61fb3f12a42113e66007d64763141b349d854212c8e04fcbfebc745b23d8944df63944d5e8bc37857fa9f3b9071d5a1a2ee0ae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0921b4b393f2e2ba36e3060f72531c4
SHA1 737fb772f6464e576ea6329c6e5f670dd457f9ef
SHA256 e5405570bf1e59be4e9ea800aa0e29517f53a160b0f45d743ad60d40b2fa0112
SHA512 c6e1a0c8237cb32ba1017aadf63d9851fc8130090c03b12a1c7565b3bd08b0bccccdd973d488f2bc337a18fcda333a6b0b3b45d22e7e0abeb4165155376f19e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c79576e4f315b79e4cad7147d8bda0c0
SHA1 6ec61bc27dd9e98962a5c844e871be5c76e6bcca
SHA256 6f6ba73694e17bc0d6223fe0441415faed32bde5e580d91dc96d9a8ade6ab4e0
SHA512 f8751337247cdb9100659f24bed949190a6b3014c69e9909a8c47449979e3a2a97a93439be1d7148a44db65e33fd4c97e5440dfe729c0e566b0df883791c07e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b69c99d2144c6f5b60151728e55f542
SHA1 e5d3314d8135d3148e56c337b767d07fd0bcf43c
SHA256 bab30f214f3da94317f10dd5bc0b9f471ac78efa94adcc3f25fff91a345ebf2a
SHA512 ee98cd7c07d1ddff8483fbe36b0c856a83a41e6bbe2268b04513cc3b5039f05e1bca5ec4d14dbedef21e623d542f5ae035d2da615bba31e0ad65c85d20a961a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00b217e082ca70b8b658bd12372c198d
SHA1 975680c47d45be5a39eb8e95b34aee196c982666
SHA256 5e7759caa10bb2d122ec747a63b3fd270b469fab0dcc197c6a26046be680efd5
SHA512 6a04e9a93d5039b830e9d462ecfba3997c0a280afbff77d97f02662560a577c53b96bfa08917d87b3932731c0453b38216834535aea0f3f922371371cec266fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fd17172ea0bed9313da9369ba37b999c
SHA1 39c655d5159cb0ac87088d7cbc5d25021fd14f5d
SHA256 b950825a187d109f6196c951589e3acfa373a52be469581d13fe9ffe48336c1c
SHA512 701b2117691557c8c4365273fa3b3d08844b8ff9bd4a178bb60e8fba771ea1803325c842eed677da1380b953d95b25d946b6a45b3206a94b4aa5caca1575b6ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9beae714d4d86e14e7598c1e52b26c4
SHA1 b5da6a2fb0c2498cafdedd949b74a0f31bc6a50c
SHA256 94f75132b11f98de1960ab62254ae2b0381f981ba477f2baca5f7a1126140874
SHA512 b3c6039d5337719b12f9e61392215972dcd5383956ef3c65493c808872aef64d0d2cd5d1fc83d386d393a782d366bdb991d3fcc4cc1d1eb0f6d9055e273d45e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8266ab5c19cfa429e4d57b39afb5a7eb
SHA1 db230487d3647abc7fdf45e2f1cdd08a3657b76a
SHA256 c2deb31c81986d16f44855fd7a1a9d0aa99fd9c956d6ba9704282793827d1b9b
SHA512 a4a57fc803263a2312a145b8ed1c45f04dec28970b6cdad67946e607b6961e3103f6026b32fd764dcdebe2cf2531d35fa963f28f53f54390838ed26962b51b45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8eb6e953ff051a47f8237e1e6d194afa
SHA1 364e4faf1ad1c9712584e054708ca327570f8ab5
SHA256 788245989387324c4e5534a27b81021a0eabc7af28712536b141c213cb69023f
SHA512 cdd2d4808b710c2833081b1fb5cbf9e0a0edd2fd7bf8ab3c45ceb0040e91fd22787f8b6b667438be31946d701896b4620b3a0aee7a8750096db139025d2d9786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 e0d5eb19cddcf0d74e4266106740355f
SHA1 f13f424217eaf066e469c77a30ce7c0d7aa2a5b3
SHA256 a75780be873f94cdcb2649377c1732d82528ec81881edcd7547947b32ca3fb2e
SHA512 18751cd74e384c783bd000847cf5bc2e4fad2d22f0caf6c7f30ddbcf9cbd2f3a41b4c0949dd96ac0ed0f9ef26961240af7651fb78c9f4f5178b54bd48ac97cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 2e617875dd9be9b8c2d3d00de6dd161b
SHA1 e41128302fed11a3f10e8b2460b70c7afb1bcfa9
SHA256 f8113a85e490eeec08808063f4bd1afad8111c26ce15b7e21468421f06561e85
SHA512 2bce33ff98f8e03e06652214e44a9e111f86640cee7b91ef865b5b1777c02a38d116944d1b3dbf57f447c7f393b13c18b0f9d8873e7a9babe587dd4c3f5e2639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2249e17e94ade96a32704ddc0afe9261
SHA1 3f150a3c75a21cd2de1b13c91de7f1d645a11735
SHA256 63c7c2c217251511e203d343e79009ed0896903507eb1dfbbb9615285956d04f
SHA512 0fd2e54333f7deaa073eb1a5282cd7b7c1d353a417104870833310bec023aaac2a76c9bd5d4c740e7332c18fdc3fcdce5698579663b8ac0f609223f2e1f9d450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5eaa8282026b9225519c8e13cea39ef
SHA1 b1121616e5a8f95043476ad3e778c5af870f9e20
SHA256 306354885dca3d521099c15ec5af5d36c8b20d632bbc09de92b4dda2c36d87d1
SHA512 89e6043a0c137fc9e24718677be360cfacf6b3a171c00f19cf2422b0728744889b82bbb6ac0b430e3397097d9cc6e7f9e51f73cfc575d3a1031a68af01ef3735

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXT

MD5 7070b77ed401307d2e9a0f8eaaaa543b
SHA1 975d161ded55a339f6d0156647806d817069124d
SHA256 225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712
SHA512 1c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d52b6cff8a7fe64083d648cca51ff8f9
SHA1 5020995e6d5e4ad9a040811e24962f3c326213cd
SHA256 958128cc73a326c66177f9208a89c2c071c3a3d1616a7a6f4b5722f34ea16840
SHA512 f5c9237b540f86bd8def3a2dd293297332eae103b7e6bd74aa79ec0bbfefc61c892aad68bb8a1f877eab6bd17a91e46b13b25403b366233ec1d0c66499ef0e40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 562c193a8cdcb1ccbc485c340fc9844d
SHA1 68b6018fa65ef1497d47202539435865608be120
SHA256 f9c0b0e54641f9b603023247b440ee5824086ba845b5666272ad7410c72a4590
SHA512 0faf8dba4538c642a4826f213c5eb255116c8ec1a8c55ade4b727abd349db589818889301d2b250cdcaea754c2c403c621f11962c58d7e7dc7b5bd64f10af86f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d964377d1e7233c8df1ee9d5b220d617
SHA1 598020e03b3cba2c59ad8743c3cbe1ca0ca1dda7
SHA256 b68e30ac92e4b5b510b7c95518ddd60a44aacc93e5db2332a4980e6f0ba52d79
SHA512 9e1a102e7d692c9e738476ec14e4caa4e06f88438f83b3995560109dcbf60b18899d777823c77395c486297932c481fe1ca4109a49e1c0d7d691751b671c47bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a726b52ad77997bca1e3243f90afb109
SHA1 9b3608122242ba7f18901f45a19865f116b771db
SHA256 56d23ff820d3dfd87bd7a091f381fe1c78a7d30ecae3f94c308bb5923c4d55d8
SHA512 9f2e1379f86940e53af3fc64ef4e1aa350b00afa6ae6c497d12f3d29c83cd754c92c642e40093b4cd07dafd06def8475b5c3f5cd3227cdb0a5e9124244e7fcb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3704939cdd36ab32190dacf300bac16f
SHA1 cb9e3eb40a23ae71ae33b13dd0135c5e8827f9c8
SHA256 9742a8bb4f60169aba10928687b28a00ab02f5e2deeb4976b37c341963e17b5b
SHA512 140b26a36eb8a13022b4488ee7297179d2326db13bbe45aa247758ffc2e49ab217987fb571d2419840c2c5d7a1ab4397a439211f9cba778d417733a008ca34a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb2e7ca07b28e241a96b5e0a4dfeae41
SHA1 3f85a6a1b6eb52e33ef743f398c9acb77c570b11
SHA256 15ae2f63a97af3fd941b5fcc9b207597ae7785b13c73334f321af5dc540367f2
SHA512 5897d5a668e9943052a3867074fbfa8e499397f2d13994988105c5d7599823ab72120f4342fa380667b75c9fb373d1829f504cff3b27a0a15989b536ddfee566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 805449282574b992a7202f5219d70478
SHA1 7c3ec1b31f29dc99bdcdf248f51f132330cebf8f
SHA256 d36c0d8acbdfe0f4039ef3b2969eba36af800224f3f50bd6a77102a33af3df3e
SHA512 d89f58f3dbed03ab7277e62b7d57c4141870ace286b1fd0cfce161f588a3ec4eab671ed9a772f0c8eb8297f67152f73c2d50b244996f7f42329f7b05132182d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d48e41a2f4075c2b5711f1233595bf28
SHA1 414d00e3a688c930c675ef51679a26305e46ef50
SHA256 cbc0495ca8e0f9638856c6a0dace054fc9f9ba91b185520b6a0868f3e29fa05c
SHA512 4306de9ca524fd18376be6f7c285805b72976a48a1972467572131863f4d14b59a1133f9ca30ee643166d9371638d86ffbf0ad26054d097ed75486ce6ed5eeaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 7ccaccca18779127ded87bebe19b976d
SHA1 9ec035901f870c2aeac0a9c95336fc07f028f2a1
SHA256 25d277b7bafee5e6872087339e62931ac2360d1da91937454e5e2e3776da1dc9
SHA512 5c6d259782ba422b920f7cae2f9376eadf65a47a1a58612d8c89db66126ff502e1c54502e503475dd8dfe5e3eb891f419160680c0fdd7b5fc7ad0ae0002dec10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4ea1ccacc2f87beb2be617ee3d7e330c
SHA1 abe20aa3ab4fdfcc90f4fdd5ed344a08b76f7d25
SHA256 95046f5fdbab76abf29ecf1f0f1224907f89b2bbcb45a3456590adb89996ea98
SHA512 984b7cad7e8d0f5664bb609fecc4e22a14faaeabcd7e79dde485586fe34d3612920ce28013326d3e35e8ef4f8d985ed32c86dbdad247dee437821d1937d6f802

C:\Users\Admin\AppData\Local\Temp\KillAgent.bat

MD5 ea7df060b402326b4305241f21f39736
SHA1 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256 e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA512 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Windows\Temp\OLD9EA4.tmp

MD5 f6cb9878bee0cc17e54510ab92d79286
SHA1 1b71ef7f8f5aa4e05d049c42da2fcd28a68f6761
SHA256 b9b5c73ac5b705ec8c0ca807ab16ccb0ddeb986ee734fd6fff7b5d33a0c04412
SHA512 baa7c2b2d2bf1faeea3202fc2108c484c003034998beab07ee6102fc53b8efb1f19773ed45e57b6c118603d6874bb028b834eefb8e098577613d0947ca9855f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 20b489ba2b89a3a833332bbca6a10822
SHA1 f2400211063cfb4932d043408993b5ecaf1208c6
SHA256 33f871e453fe96e44b1b7e8667b4ca9bfd1ea4d607a3fd143b7368e82f488cbf
SHA512 2bb09b3de3cc16ac37a17a51efc07203a88e6a7dd14f1002e22869135bf314d075c5afacfa39e94a8a1d4eb2049c792d825d828658c0f51b267266ce24d862aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c1eb78a47a31510883bdb5a042c9b20
SHA1 4d213f00ceea6ec6d9cbdd1cfd6afab412031864
SHA256 4d5b1274c7b341c2351bb076c26e2f56ba1df36c1240a60f8151cd6202bd82ae
SHA512 38a91b6d5e6c17e18197c61a849989c02cd232ffd69fe141831d3d2fcadaebf2d5c8f23ecb3f999a6bdc7ec8395e5668686bfe1ffd24643a7646fa3f05d463d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a33edcc2bf06480af1a49145b3c3871
SHA1 61e7c7437b51f6112783c9496b38e35a8417e896
SHA256 d57d2947016bdfda444fffac967a1dc57bbe1abc631ebce57edaeb4f8bddb050
SHA512 143c622c9e8dde51e2e486b01ae0adfe5d0b2f2694f946547417720eaa65ca5fad09831cdce28fd4255491de3230ea28143f21cba8665ca78794e206e377da5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a50cd7980e5b3a06f7da156244318e6b
SHA1 1412aa37a17f42af9518f9eee063694d04e7a293
SHA256 91beb4598a58e91d7ed3884eda733388d6d39809f84585d53191b353e9f63a71
SHA512 557d7bb4d5e430d32d0ce3a339296062ede6730b271d7a1e9583c62a4498a0c0ef065630f62eb3673ee890fd7db100a29b7440a97ec725f84d8bffaf0c35c5ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8604b8c2c0a58f0da6dfdaf50af79fd
SHA1 3920d96a1658f4e49a41084d818c2c515b5525da
SHA256 38a9103dd479648375bb2d42f583993be77870558710a0cffed2f14575f15e1f
SHA512 ee9fcd545466da928a752986fb3e1cf370f8466691fccd09d1eba3e88cab92496de280d54ef0e16cae9eaa28561aa5bfb75d14356076509b64175cf93541603f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7ed9c60135a22cd91bb3c8829326a6b
SHA1 6f7bf408994aac828e4b5d044b5994abb41533e1
SHA256 f150dbd89f0cab76107584dc9a44a57438d678ff40cef3c58e34f64022974fbe
SHA512 094ea00cfd314cafce6a432013223ee9b64d9339016ab059f12b547800adf0bcf26729cf396e9c7eece6c4eea356ba494a209916f97fafb8fbb4b8d0e67e11ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000030.log

MD5 8fc80003c3434bc6f88750cd8f36ccc0
SHA1 cb2d1278fa216eb9b2cdf42311575f923b1449e5
SHA256 d88a7e011e65a25481d00147016904fe6d1efdb0184921823044d6fc69784996
SHA512 c9d585239c90ba66d9f4a1ca59083ca22f93e476060f119a59992b5d87e81b0fb256a135b3f954d4a1afe83537826c8497f1bde0e7132bdf32b93d9f18edd0cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 555e46953f7e22d58a1141aa4f8869aa
SHA1 64d22f56eced65dc3063d24dee2f44d3edf7c836
SHA256 05c608ab4dde827027b38109963a469c6cd6b99949347b5683707509ff63f762
SHA512 ea512474c5c0930d226d24ab34163b0322c6e3ba9f3da77e83c2e15aba106ad695f4afbc17d3131c4ea47cbb93166794f8f8ec660e2127ddd7c97ccfffab9bc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a091648fec99677f799f17d5485b256e
SHA1 f9a579201f97e32958182b9f8f38e241e3b7fb9f
SHA256 35af728a907248cbf7451af6950c783ac3c848f17b79b625b63254a54033b06a
SHA512 5ecebff1bda1062ca9b2d83fa2cd7a8f9ba1058deeed39d2ed0d4054520c7575dfdebf4737dda3813961d3987290f77de677d9fbd4b1ab91c47027dbb88c8eda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16157ac6f955600074f84599f3ea6caa
SHA1 57788fd1affa1ddc61a6fe1a5294e0a7751d5e8e
SHA256 8071c375833ced6b1195a1c967b4c3deb2d8b05b1ec788e8dd278ccb2e5589c8
SHA512 a866bf97dcfdea0924a9f2842ac9ac9240275a44d48c091c4e2c51d31cb6bb8e5eaccfcc634317742a12fc818333a5f159e51c3566799b5ce3ff37b4dd6f03db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9679fa6bc1ebf8d1b78fe5fdf669de22
SHA1 78a6ce5ac003b2c44e797ccfe41c26adf7e2f8c2
SHA256 ce7aade3b6263f2cc0fcfc0b8f75e4424f08a8f515fa67f663da33894fea3622
SHA512 281164b14d8c9f326f56d03ac0621a7cef01785adf5d07b5504b6411e8039c5f562ff68ae66e001eab0ec1729bd440b547f98f536f38a130a84c7cddf56685e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1bc5b3a64d60e8d4745e511fc6f3b76
SHA1 147b63780ca70367304be4bf3e4a57edf26c4f1e
SHA256 5ba45c3e92def030723ccc82a083311833f6c286edeebd75d77fb40ca3348893
SHA512 97f47ec63180170c59f7a54d717ce16c7302d57f6f39f86fa5c817b6e42107680ddad6a91291f5dadb4542a8ee36e47ef3a84d7fafba032ee8bcd8365877368e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c4bd16337918267524f9354991ade85
SHA1 5cc0351ddaceb10ebab27fd918fb14dd32f350fe
SHA256 4889ffd1c09bbca55c91378b2bb996096df433ba7005ba4067d692832a00dc65
SHA512 c0d59fcbc01090eaec9a167b295379371c5c63167ccacd9aa5886980f6e84977a439ae348207dbb015bf9cd6f0aae2e7e08ec4e1a67e6668982d1882411b894d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 695763176e9a90e87bb8cbc51d74002e
SHA1 50a2e18f979242b057f8d5b0eeab2e07d06e4b99
SHA256 7fc12c3a86532ac9e5d54ff095afed7d1a35772067c7b47809d417c21bb9ae95
SHA512 01c35389219245bb1afaa6ede6213987de119043d54ad4eb2bb9c42f8fe46465c9c586ad871330790d5834859083bd0b2b4d1280883041e281f1058bc192b489

memory/1728-16767-0x0000021140C80000-0x0000021140CAC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3218fe110a172eed0d4f7628d2390489
SHA1 e04f4c23b4ce494b8ac5fa1933929a304c9d8110
SHA256 6c5c834797db44a1b3231b5527a969878b075babbcc6c8d92ecc9427dffc36ab
SHA512 2cf2e963520bb194675a3efa9dddafb3c209b13d86c2b554eb6690a7d5eee6a8d9c714db6caad047b13d470a0f7dec9034dc12f0480bbabd4c1c7cdca0c64dd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c02b1ca798ba2979fac4bf3b362b57b7
SHA1 e3834d6ee50a8cf5bc09b284babdccdc7bb854c1
SHA256 a1491eea2ad6e4676641eb4f48950514dc7b35ab57c4bd38603ef537186174fc
SHA512 43b13a653e78bbb18b7c3b1190568730f3e8567c989bdf726b4b781fd50f8195224bf7add678b939f176317d71268a9f78dd31921b9072f3fa82afcd3a1fdcab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 c0b9a43614ccaec145324a5bcdaffb38
SHA1 aa095ae101f26b45b5a87bbb600c299b447f94bf
SHA256 8a19e79fea28ab0ac754bfb498ac42b16e502fc001ea5bca6a3cd4e3605129bc
SHA512 a39d7a55626e19c56313c2d631c3c410ea43b7481c2f9d9f5e286e556e093bc8a52bb26cd192998d89da463d8331595b54492805d85f15b4f558bc7389a7bf8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ddae6be0d7ab702aeb654a883ba2045
SHA1 c907da9ce143e4e8cb12c65fb0a39a03a48119cb
SHA256 21f473c7889c8406fff68040fcad1be7cfdd382530816df36b4bab33c84c56e8
SHA512 a2fcaa80cd4071cc5fafee591271ddcc7b93c0c6476ccf88902dfe0bc8ddc1dcd07919d66e1d692811b66414112aa6e7e3e7887b07aab1f7940489db00c67c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 aff827b32d28e975cd84bce71be86828
SHA1 9bf48c4de95974df4761a9b9c08d111a254147ce
SHA256 ceb05f726d6492e5f1c04f92c2a270f1635243ad199507c613fddd64c4f70145
SHA512 b1f9676287f05d61fffbdc5be319f9c1a1cdcd7151f50d58e9959c985ba860a964244d31fac01cf03c36f925b9bec9fe295848e1a0977dcacb748089e83fec40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f28e3e7e2045b66b237412d318e7b2e
SHA1 68a77ff06fa5ff0ced4a90831a5df2525a7ab9ea
SHA256 24d396291a23f4d5cd1b36d612aab6ba0a377465e6c27550a91b4c83b8107438
SHA512 465666022a1dd8d69008c84e70b554ece3f9ec18a60dfe6944613c12734abc95be67d58bd24b3c37dce34be2c26a42319b71546e688bbaaa4a3e71026cfdc3bc

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GX304FV6\www.bing[1].xml

MD5 6ab4a4e2de4aa335fd0a95a0cac93617
SHA1 4beafe8061bdfe07f19e69259b48c2def5b77eca
SHA256 74696b7d12b9ddbd97f8bd84d3e9bfa7c619bfcd4c5d02e2f9b37bafc3f7c857
SHA512 7296d7e9ae4228a6205b0394af1ea76fa47d73bc52393d9cb92bc32c1bf3c99ddf9bea5ce0ab6059286233c61d9beb95e802c986064767794b22149740e5977e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c43a48ac6652e3ae5dccd1df1196aaee
SHA1 96dfa5fc9a5a8efbf18a48b8a9da2399b0036c20
SHA256 826094703ab27d28c99fc1195838c6d0587f89ffa105b4e7afc2595d72616b33
SHA512 be1e0c93a131115b04f5a081b45c9df27648015488d51b1ae51b6ff71fa3d6c5388c1c96c88ab08f922d578c8d1bb50d67e98d32e2e6cb509b8fafeb6938a4f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d73b34b2b4f24ff889bfff1ba3141ac7
SHA1 529c7d18c16453bbc550b1e04eaccbfc79cd7f35
SHA256 3a702bba22ea8c142486d75488b3a933186d01e1e32be21dc4c98c5204637dc4
SHA512 6dc6692e068dc0add93f6ca04f2c18759afe2ebe61877fa5b08dcd6fcc4ffe82850688727b323f87a934529fda41ded9a8ed09c32347c4528de843725f468a44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1 983df2e897edf98f32988ea814e1b97adfc01a01
SHA256 eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA512 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3