Analysis Overview
Threat Level: Known bad
The file https://github.com/Endermanch/MalwareDatabase was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Reads user/profile data of web browsers
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Drops startup file
Writes to the Master Boot Record (MBR)
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Program crash
Runs regedit.exe
Views/modifies file attributes
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-09 15:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 15:18
Reported
2024-08-09 15:28
Platform
win10v2004-20240802-en
Max time kernel
585s
Max time network
585s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDCE3E.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDCE54.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oefimrcpcbg941 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\@[email protected] |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\@[email protected] |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{7A478B07-B13E-4303-965A-9B828517FF59} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{386E96E2-42B5-4310-8F50-E2E16967BE0B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\Desktop\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 283191723216873.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 1528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x4b8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3444 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x94,0x98,0x9c,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| GB | 184.28.176.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 82.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.42:443 | th.bing.com | tcp |
| GB | 184.28.176.42:443 | th.bing.com | tcp |
| GB | 184.28.176.16:443 | th.bing.com | tcp |
| GB | 184.28.176.16:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| NL | 192.87.28.28:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| FR | 178.32.143.167:9002 | tcp | |
| US | 8.8.8.8:53 | 28.28.87.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.143.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| GB | 184.28.176.16:443 | www.bing.com | tcp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.42:443 | r.bing.com | tcp |
| GB | 184.28.176.42:443 | r.bing.com | tcp |
| GB | 184.28.176.16:443 | th.bing.com | tcp |
| GB | 184.28.176.16:443 | th.bing.com | tcp |
| GB | 184.28.176.42:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | med.etoro.com | udp |
| GB | 23.206.73.117:443 | med.etoro.com | tcp |
| GB | 23.206.73.117:443 | med.etoro.com | tcp |
| US | 8.8.8.8:53 | www.etoro.com | udp |
| US | 104.18.9.228:443 | www.etoro.com | tcp |
| US | 104.18.9.228:443 | www.etoro.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | cdn.optimizely.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| GB | 2.22.99.132:443 | marketing.etorostatic.com | tcp |
| GB | 2.22.99.132:443 | marketing.etorostatic.com | tcp |
| GB | 2.22.99.132:443 | marketing.etorostatic.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.18.66.57:443 | cdn.optimizely.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 117.73.206.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.9.18.104.in-addr.arpa | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | acsbapp.com | udp |
| US | 8.8.8.8:53 | cdn.fonts.net | udp |
| US | 8.8.8.8:53 | a20380768775.cdn.optimizely.com | udp |
| EG | 108.159.120.94:443 | widget.trustpilot.com | tcp |
| US | 104.22.1.204:443 | acsbapp.com | tcp |
| NL | 142.250.179.174:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.16.40.28:443 | cdn.fonts.net | tcp |
| IE | 108.159.120.117:443 | static.hotjar.com | tcp |
| US | 104.18.29.127:443 | geolocation.onetrust.com | tcp |
| GB | 2.22.99.132:443 | marketing.etorostatic.com | tcp |
| US | 8.8.8.8:53 | cdn.acsbapp.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | c0.adalyser.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.22.1.204:443 | cdn.acsbapp.com | tcp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| FR | 199.232.168.157:443 | static.ads-twitter.com | tcp |
| IT | 157.240.231.1:443 | connect.facebook.net | tcp |
| US | 151.101.193.44:443 | cdn.taboola.com | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 2.18.109.60:443 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| IE | 54.155.65.141:443 | c0.adalyser.com | tcp |
| EG | 108.159.120.16:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.99.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.66.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.1.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.40.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | etorologsapi.etoro.com | udp |
| IE | 20.54.24.199:443 | etorologsapi.etoro.com | tcp |
| US | 8.8.8.8:53 | onelinksmartscript.appsflyer.com | udp |
| US | 8.8.8.8:53 | 9944765.fls.doubleclick.net | udp |
| FR | 108.159.120.54:443 | onelinksmartscript.appsflyer.com | tcp |
| NL | 172.217.168.198:443 | 9944765.fls.doubleclick.net | tcp |
| NL | 172.217.168.198:443 | 9944765.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | logx.optimizely.com | udp |
| US | 34.49.241.189:443 | logx.optimizely.com | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 172.217.168.198:443 | 9944765.fls.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| IT | 157.240.231.1:443 | connect.facebook.net | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | wave.outbrain.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | 157.168.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.231.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.65.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.24.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.241.49.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| GB | 2.18.109.60:443 | wave.outbrain.com | tcp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 104.244.42.3:443 | analytics.twitter.com | tcp |
| US | 34.49.241.189:443 | logx.optimizely.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| IT | 157.240.231.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.231.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wp-nav-pro.com | udp |
| US | 54.81.18.140:443 | wp-nav-pro.com | tcp |
| US | 35.186.235.23:443 | cdn.mxpnl.com | tcp |
| US | 8.8.8.8:53 | 140.18.81.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.235.186.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| GB | 184.28.176.42:443 | r.bing.com | udp |
| GB | 184.28.176.42:443 | r.bing.com | udp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 104.18.29.127:443 | privacyportal-de.onetrust.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| GB | 184.28.176.16:443 | www.bing.com | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.66.133:80 | motherboard.vice.com | tcp |
| US | 151.101.66.133:80 | motherboard.vice.com | tcp |
| US | 151.101.66.133:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 192.0.66.177:443 | www.vice.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | htlbid.com | udp |
| EG | 108.159.102.69:443 | htlbid.com | tcp |
| EG | 108.159.102.69:443 | htlbid.com | tcp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | embeds.beehiiv.com | udp |
| US | 104.18.69.40:443 | embeds.beehiiv.com | tcp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| DE | 108.159.105.49:443 | cdn.parsely.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 151.101.1.91:443 | s.skimresources.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | scdn.cxense.com | udp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.18.21.97:443 | cdn.confiant-integrations.net | tcp |
| GB | 2.22.134.73:443 | scdn.cxense.com | tcp |
| EG | 108.159.102.15:443 | launchpad-wrapper.privacymanager.io | tcp |
| EG | 108.159.125.123:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 40.69.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.skimresources.com | udp |
| US | 8.8.8.8:53 | 49.105.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.134.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.parsely.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 8.8.8.8:53 | 69.102.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 8.8.8.8:53 | p.skimresources.com | udp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 54.85.250.121:443 | api.parsely.com | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 35.190.59.101:443 | r.skimresources.com | tcp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 104.18.21.97:443 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| US | 8.8.8.8:53 | api.cxense.com | udp |
| GB | 108.156.46.25:443 | launchpad.privacymanager.io | tcp |
| DE | 167.235.124.24:443 | api.cxense.com | tcp |
| US | 35.201.67.47:443 | t.skimresources.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| IE | 108.159.120.113:443 | yield-manager.browsiprod.com | tcp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| DE | 13.32.99.35:443 | geo.privacymanager.io | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | tag.bounceexchange.com | udp |
| US | 34.120.253.250:443 | tag.bounceexchange.com | tcp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | udp |
| EG | 108.159.102.81:443 | cdn.browsiprod.com | tcp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 8.8.8.8:53 | pd.cdnwidget.com | udp |
| US | 8.8.8.8:53 | api.bounceexchange.com | udp |
| US | 8.8.8.8:53 | assets.bounceexchange.com | udp |
| US | 54.90.63.124:443 | rp.liadm.com | tcp |
| US | 34.98.72.95:443 | assets.bounceexchange.com | tcp |
| US | 8.8.8.8:53 | data.cdnbasket.net | udp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 8.8.8.8:53 | events.bouncex.net | udp |
| US | 8.8.8.8:53 | 15.102.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.125.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.67.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.91.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.59.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.99.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.250.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.124.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.120.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.99.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.253.120.34.in-addr.arpa | udp |
| US | 34.149.130.207:443 | pd.cdnwidget.com | tcp |
| US | 8.8.8.8:53 | ids.cdnwidget.com | udp |
| US | 8.8.8.8:53 | page.cdnbasket.net | udp |
| US | 8.8.8.8:53 | view.cdnbasket.net | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 3.5.22.213:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| US | 34.98.72.95:443 | assets.bounceexchange.com | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 52.89.61.245:443 | events.browsiprod.com | tcp |
| US | 34.120.234.209:443 | data.cdnbasket.net | tcp |
| US | 35.244.178.91:443 | page.cdnbasket.net | tcp |
| US | 35.201.89.175:443 | view.cdnbasket.net | tcp |
| US | 52.89.61.245:443 | events.browsiprod.com | tcp |
| EG | 108.159.102.81:443 | cdn.browsiprod.com | tcp |
| US | 52.89.61.245:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | 81.102.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.72.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.130.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.8.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.63.90.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.22.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ai.browsiprod.com | udp |
| US | 8.8.8.8:53 | 209.234.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.178.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.89.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.61.89.52.in-addr.arpa | udp |
| EG | 108.159.102.64:443 | ai.browsiprod.com | tcp |
| US | 8.8.8.8:53 | 64.102.159.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.cdnwidget.com | udp |
| US | 34.102.193.48:443 | e.cdnwidget.com | tcp |
| US | 34.111.8.32:443 | events.bouncex.net | tcp |
| US | 8.8.8.8:53 | 48.193.102.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 52.89.61.245:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | comcluster.cxense.com | udp |
| DE | 167.235.124.60:443 | comcluster.cxense.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 60.124.235.167.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.251.39.100:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 34.102.193.48:443 | e.cdnwidget.com | udp |
| US | 34.160.20.10:443 | ids.cdnwidget.com | tcp |
| US | 8.8.8.8:53 | 10.20.160.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 151.101.129.91:443 | www.softonic.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| DE | 3.161.82.43:443 | sdk.privacy-center.org | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.82.161.3.in-addr.arpa | udp |
| DE | 3.161.82.43:443 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 192.0.66.177:443 | www.vice.com | tcp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 35.190.59.101:443 | r.skimresources.com | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 35.201.67.47:443 | t.skimresources.com | udp |
| US | 35.190.91.160:443 | p.skimresources.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | api.parsely.com | udp |
| DE | 167.235.124.24:443 | api.cxense.com | tcp |
| IE | 63.34.81.234:443 | p1.parsely.com | tcp |
| US | 3.92.170.229:443 | api.parsely.com | tcp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 34.210.49.7:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | 234.81.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.170.92.3.in-addr.arpa | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 54.243.122.230:443 | rp.liadm.com | tcp |
| US | 34.120.253.250:443 | tag.bounceexchange.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | udp |
| US | 34.149.130.207:443 | pd.cdnwidget.com | tcp |
| US | 34.111.8.32:443 | events.bouncex.net | tcp |
| US | 8.8.8.8:53 | events.bouncex.net | udp |
| US | 34.120.234.209:443 | data.cdnbasket.net | tcp |
| US | 35.244.178.91:443 | page.cdnbasket.net | tcp |
| US | 35.201.89.175:443 | view.cdnbasket.net | tcp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| US | 52.217.166.241:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 7.49.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.122.243.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.166.217.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_2424_XJUIYXARBCQSXYOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4eaf094-5e8d-4677-93e4-73c4307a78e8.tmp
| MD5 | fe98c5c35832f831515bf74b719af34f |
| SHA1 | c408043992168042093f44ee57a00759b1e59fa5 |
| SHA256 | 925c02cd4510e5a2cc8a909c754fcfefc12fc049fd180675be49afeb7678ae7b |
| SHA512 | b73ba273ab4dcebd6d26b9da9b5ea0cff656c2515f8d80ceb290b133417e9ee935fa018ad5c852ed60585772a0bf69b34204a8fc3f8e71350c78c482c105d307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 860d3586a817ea60d1aa76f1a5c68429 |
| SHA1 | b54a83173b03270666164787a9d9f976e25a65d0 |
| SHA256 | 4b94f0c98a93bb2e4822da47032e279b64fc10a7c8bab5faee256f7d8a1177a8 |
| SHA512 | fb5332053ce38226a4796795536732a75c0197835622056bbcd7e87503c563208b70645e33e2af25edde2c68f113ade5f46e21773c9f4172dddc030b285dd62b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fec93854-63c0-4b2f-92f2-eac73689e19d.tmp
| MD5 | 16e9b9fccf496907f218282b2e26537d |
| SHA1 | 7d5a33ebb23046e06556f03951cb4387d0b28245 |
| SHA256 | 3d16bce063ddd9eac27dcd437f94d5448390cb6e10ba456bf1995d653938b06f |
| SHA512 | 364dba83b6967ef2bf5e6a0e4aecb6af147dd949f27fb23e783408e41e83ce91e69b1854748b51228aa6cbfe4eed10a9bed9978196c3b9f53ff6b965ac78298e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580858.TMP
| MD5 | 2a345663b859d39e01c34f684782e0e2 |
| SHA1 | 1bbea85456483dc2a0e8def992841fb38c22ee81 |
| SHA256 | 82acd09e92919ecccc308b7c7416619280b07db4d1647c33a7a42a80a7b4b545 |
| SHA512 | 06ef12042f28400bec8b643165e61bac621368ee3a7714db06c6243bb1f5679239bb44346842ea1ef8e8f4d86f91956b87800c34606e943979bfa486bbef595a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45c06b4fa73b6c2b68063e7b53a1499f |
| SHA1 | b660e019522434198229ff544acaf9f276b05349 |
| SHA256 | 6c47e5929c912bf7f5ce7dc7bd1bf5749a34542af456d64c81fc9eba44fe9bda |
| SHA512 | 54f15d2cab3dbb0adcfd88f627f5c4fc4b3dd2a4734423d444b33e7c32e4a7cac544a28cd306f5dc99ab0c0d5a7047647c0b9d00042e5edf956f258b23c89760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 074d700cf6064e7e3e292a289a5d7b3c |
| SHA1 | f3747945124d1276bad203ac5c00361d7e22e478 |
| SHA256 | 86ba16cd25b47c4cb965c29abdf72eb895e00cd1072472c7df5730b9fb61ec57 |
| SHA512 | 2527cd695393331ffd5627dbaf12492ddf988a286f4fb04b57cfd1a93741309e4506f7eb64e87c564d9b9f1e97f8e94a08046f00ded25b2b288d651f29f1443d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40fb7e77a6fe6be1fe635157613c9867 |
| SHA1 | 1dfd24e3e1768b33c47de8e73589409a331ef793 |
| SHA256 | 4114d11758488350859ac1bb72913a38dba68740202f7ec613e6fc9db52e01d8 |
| SHA512 | 1c0ed5eb16e4465eb8f112be5216f877ca1844cba49968af60457abf6009ef340659c36c232d3918f29dbe9c76c34ffb81f5bd8c345426f89ff244eb95462935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 42e01c7a3d19913bcccb2b6df0a4261c |
| SHA1 | 646ebc8adbb2b0a3f4768468288196196c7d0e96 |
| SHA256 | f479455898fcaadf5424fc58373e3fee63b03c597c74a59a1be674581d72280a |
| SHA512 | cc1f66197ac57dda4bea5c95f26c9e1240147cdfd319d2327aa7d8a57dce459761b99c4272c08e33310bfc796e1fb10f09def21eb5319e5369de42fe745842ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b698a4fe505d8cbbc2fa5034abd3c823 |
| SHA1 | 22894d03d1c5965e3ffffc520aa2b75d6bbc994d |
| SHA256 | f6b2b3817dc6a8b3e54a4c55bd5c13956eb8edb3ebc56bb424854c06ca810fd4 |
| SHA512 | feb1ca63385a8b8e005fb94f2de4bf70c2720415ac86711076c9fb7a61790baa8c495d9b5b9babf6ca3e23e8e1997400643423d64ce4dcae6d03e1e8d8566501 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d33e82e7eeec71d9c404dd79f93799d4 |
| SHA1 | ba4492f0ee518b4a0aca8a8676890598c2bc6390 |
| SHA256 | 433d25eff47cbfffa28055365e8d3aadcfb8d8e615b4909df2cf5bcb42e95f16 |
| SHA512 | 16b80d39be9a45c4fe77f080b0d3065383019f003e4f99f093e9fc2986d4310417c0acb12ed753caae6b4a8829d7d16a22102b1c4c35ec6ea10ab82ed0fea8e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 00d4cc262b70dd3d386111ff78fb0812 |
| SHA1 | 628d4dcee1e82d04ab3969c29e256cef10101407 |
| SHA256 | 956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239 |
| SHA512 | 12f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 3f06d90f781a40e2014b2b3a97c48b41 |
| SHA1 | 660682729eda776fef2b49c1e4be9860a032bed2 |
| SHA256 | c051c48247b58ba107b7ded31e6a3913c8e0c890e547047080132f4ad81545e2 |
| SHA512 | ebaca5aa11d984601460b0def00e974411397a00efa251b221145eab261a8180c8e35347693e1ec3a1528b8dc206259593f21fc1618fa79840f588286c7e6224 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 8e6a5fe9d33d3c185d1759e247d1a745 |
| SHA1 | 13c7aa2cf2f5ce3e82523b5b2c3ed14200467004 |
| SHA256 | 81f01176a056c932e1fb9d8917fb793704d1ee671d524957675cd703e1544b08 |
| SHA512 | 054f88d17b91282375268fbdb6187a6e1a2ca962ce04c839161f9a81b08e8d6017b19d3145afc70e48ec54eabf23f053eff79bfb4da8e93ebd734e8149bf867e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01d51b8f5cfbd430998c1d028e6915af |
| SHA1 | 6409398280c49e6b6edb119e4663fccbdc9dd12f |
| SHA256 | 9282a6172a9a9999dcb6176570812fc31d413a2180b926d4785f9546e74c4c31 |
| SHA512 | d9ad14bf8856580f3510d1ffd567205142f6b97a24f4710e7505fd540cbaf0bc318296fa7d4aa44e539b1509a386f8f225d063d7679a3f8a46663b4324e2747b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05c1af1fb549113f70c43a7547484d6c |
| SHA1 | ad781cc9a469dfd6a6d88bff696446df0325725e |
| SHA256 | 6c1523490a89500c77f02e4f268fdfa4e05700b7c3a692b44be808688f2d873d |
| SHA512 | a33d62503a99653b4e1807a13f559f9affcafb0bc2b3ba06ffd45d396f25662d64c988b2b549840ad1b1573bf6eaf1c6371062d555a68fa7422acce1c35386ed |
C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9767147a4a26865d2f8abf63c170c8bc |
| SHA1 | b081f423192b80cf47cfdf16f571227a88a0da92 |
| SHA256 | 86cde2d88d69eeb080d6a9cf402994a0b2f1b4a8ee0d13af26b6f031d2ff36f0 |
| SHA512 | 6a02bb0dd91c517a8e83108ce0af5a58e54d14ebb9684e278a22b3b648cf37a3d19b90b8262d9dd316849c040f260ded6bf8e058d4fef60ccf9fe315ef31b387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 167e5536acb626a5f3f9241ad381177b |
| SHA1 | 5f941b98fe56375193f9e5ccad29d7b3d8833df4 |
| SHA256 | 75b6447edcc018e24a588f5aed3a1365a5887c6c3540ae63c4d60a08b865e1b6 |
| SHA512 | bbba2447b7d647a589e0846d20391b12187dcb5dbde44b019d84b0de18cb2a38b796de09e53f619ee1b808e2bcae09873b154fbec3811a6aeee21423cdff12cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5697fcb2ec5f3bb5b0b157d91118e74 |
| SHA1 | 497a552f5dda42dbed2d01ad1324df0f5fff09f4 |
| SHA256 | f139d60a2ab0f6e2044aeec943578f7af1885f458a2897556f0967b9c5557623 |
| SHA512 | 01ac09410a1fc002ae50385100830b72f37d078153b7014b9318bb259fe48c371ea3733ea28337db73624ae95c53c5a5201a64026212a69bf74ba07b37bbd0a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9485afbffca621334330da44f0526fb5 |
| SHA1 | 8a667edecc18473c58416b60a80346082d74f20c |
| SHA256 | 3b0c26c6ec293b8a224d0f5901742a346dfdadcf9d4217981d32148ecaf63767 |
| SHA512 | fde2652d970b18e4afa87662ef557efb7292fe1e62ad4dd58781844458cdb4d91032beca3f2b1d44cadcae481e0e0fe5f9e6ea0ae4785eada4332ba2f8ccf82a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a726548ffc8ef8bbacd773c9847881ed |
| SHA1 | 28d1942cf5fa2659d8beb331b81e2b41c56b37b0 |
| SHA256 | 05720ffaa240619c80e59f449ca2b91c50898096d4197b41f4879c471fd3942f |
| SHA512 | dcc476b48f444568ea2cea039c5b430225ef010c28d7b6c4ef5983cc1ab513754ca1accca5ad57f94b26eb5d1582be8926df8497dbcd229db1d708169cc5282f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c7571cbcc1448aa5246016ad0feba7b4 |
| SHA1 | 36490fa23f20b45bdd8cda5f72facf47583ebb10 |
| SHA256 | 8dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8 |
| SHA512 | c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 3e2d02e2bb79df1b595108b225670c6b |
| SHA1 | 5c715be833a5fd8a244719a38cf9c09434001a39 |
| SHA256 | 1234340cdc130ca1b9c51dec0935cf6e761d8cb275f0030772585bb144d5aee3 |
| SHA512 | 04dfa3694ddc7fc496ba35370bfff7e051f2f01c06c3d43833e6758fad5323c826b6d5221621596f4b4cd642d25f9e48e3834f02e719d1756cf3c63c5690b094 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | c514e24b5386247ea67936b8790c3b51 |
| SHA1 | dad85d1dc010e6bcac8db84992cd9f1db6ab05a2 |
| SHA256 | 68e5b72ea6259bd25916eb9e07984047d2cda94f8b0013314efc1e46073f6ad9 |
| SHA512 | d61a17e50b00e1ee6b43af7ea922310940cef2d7595fa7f6e42a84686ec51f997062317554e24142c9acb3f5e208c8c220ac8611b79264f506d22a9516d47761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | ac510c553e037c04129a8671df7620e8 |
| SHA1 | a1643b467bb5627e7fa45131a1e96ec856b18011 |
| SHA256 | 2421a0abe682b5da6ec0b86b36927b839b8bdd9a8e5a22dea46d89a80c1df081 |
| SHA512 | 5343f46f0adbe41d77a9597865c7b4926eb1df8d0092a843e2a345e08f9b12b8f562fef8adf869f9545a48130a4b8f0b35f4075e0422cc912a7902665fc64190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | fcdcbbdd0df87fc4b4504ca91692b153 |
| SHA1 | 5e5e97744f12d1a2d5a8b42ad3d320be4eff74a9 |
| SHA256 | d732e6b7df65a485f62ee3b29988dc95a30b3efe57f45fcac206e95ddc8b6d7d |
| SHA512 | 23f78376dd3263b81220572e2514f9bbcaa3350e5d7bac2e47f15fec4bd0b59a89c1d216106acaedfd6fbad656de791a8ee44465dbadde9c370fc7ba6b1969e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ee46eb623f25a08d61877fc83e071f6a |
| SHA1 | 52c81e283c429e7261c7c1669da0eeb7965d41e5 |
| SHA256 | 20202f0e56946106101cf2e5d65d8a7414dec4f6ea2e3381876e717354de76ec |
| SHA512 | df1e0a9df68eb260fb42ce0e3747c050a3cbe0e1503e1dd210e1014fea9d0ebdf83a2c9ce97d8573de0ea3f66c8304c16d36c8c9b223e6fcf1fcfd1023a75d86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 4e4d08185c05ac430a97c3428737e50e |
| SHA1 | 70f90983c1d041b530c55126767ade1509eed3ec |
| SHA256 | 54a2b44ea77627a25232d770879417b90d5efb0c8f5ac8f2b67ebd80bdc26bbf |
| SHA512 | 417768c427abf3dbbc3145256f55642e4ce6981c635608804ed890f2c20ea5afb0ed74406116e74ab5988ee2a1eb2fbe220a9c85cc451400918b0d32198e01ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 9a7c70340c70c0c564956af620efc03d |
| SHA1 | 1d02cbe822b73f1be8a99c0ecaaa2055c3b73128 |
| SHA256 | be847055ea25af94da19ac412242575ca86ac2a0bcb190f36c5e5345825c0748 |
| SHA512 | 0b31e98ccefe106d0f17073be06f7f371df3233d3ba06d7b541ed32bcb611cc37873275e635f12abbd3b2fb0de8042d0b3ea66d47194413994f77b2b71eca983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f5b4f37c5ebdd8fa0b77c14d30c57ff3 |
| SHA1 | 42ab0c2131effb0c1b76eee01e71b647508c650c |
| SHA256 | 719e0ebcbb613acfb14302b8c0feab7ca53658c1acbff1f3016728ea9d0ddde5 |
| SHA512 | 77641012093a70c1edd74c9169dfc1e8253d04e731a966c7712a36926fbdde729353655d100a7786e1c35e89d3a9fd18b7f589d4f56cd502df97743df0f5be0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690342313809
| MD5 | 626815adbd0de00b1526cf8c7e366ab7 |
| SHA1 | d8bc12c5fe078ef186c65981147d477f088905af |
| SHA256 | 64e5c13a8d4fb586e31c0059d3db67884a732ed8dfbdb3f386cf45cee15889a7 |
| SHA512 | d781975dde77394ebbbb29b7c89f4b67eae774b054947cbdf9a3b20fd3c2ca5a5fea6a62eed05288887585663b47d0df488195ee863f9093d2743310ee2f6769 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 83e6d0bf4f148f075eaedcccd4ce57e3 |
| SHA1 | 2e0977f229e314490f5761c622f6cb04a3409e32 |
| SHA256 | 81a1bf635bc913773e162e3367caeb6aa17ad91b211aee06ccc1aaeb6abb8d18 |
| SHA512 | 21132a003b85fb4741ef3a9a03f4b0079c1c7761df32e680635ae63c1e3d6b8dd2ac7a75853299fa706c4fb0590d60b0fee50c3b17b3eba62df4a859f192da28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 2b51f6c62270e8ec578962b3d0fb9df3 |
| SHA1 | a6f37901bd404ba23bdd5e95ebe6f8dee4814717 |
| SHA256 | 27fb58704a04bf223e6a9ea6b4b17651d00fd03c3ae58b938ecd5b713fb4c6f6 |
| SHA512 | 67cdce2208c0b446a3196bb61a32007ca3c6a4944e900cb9fa5a5d881140a36fa1dda6fae72fe60f9dde6c31aa332a5ed0a6d7d0d75192827928783430d402cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | d8980a1476e48ee02c7f4fd9d16d3649 |
| SHA1 | c5957f3573cd88d08e5ae1a864e380f4202188bd |
| SHA256 | 4c8c85986a1c3f9b2db7ccaccadc9797368e5476fb88edc53fba2e0d5bba7264 |
| SHA512 | 69abd3bedd9b00574a7c53d2e75fb4dd84d6627debb06cacf82e13b51a7cef589e2f44aba57c827456eb24d8c0680c7e601c5ada173c61615dfdec8c81780892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | fe7bef998d4873b5a57e8bdcfafafaaa |
| SHA1 | dcd7bc7da6650c4c01ceea0cff1e1edbe4378d86 |
| SHA256 | b46bb2a36ca2a62013e45fe86d2ccc79cb9c83dd7437746078d065f069455633 |
| SHA512 | b45d9ee74135f7f862a3e55ae5c34f0ede3e94216fa780887f2a64e2f42dc0f79226f4550e9aacc1b8bccf25a68adaed41eff1c4365cb57f141623c0f7ecc077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 8a7099522f9c09dbdbc974b48f9ed2bb |
| SHA1 | 680bd94a9d20a6f4526b5b54425f7d66401eea33 |
| SHA256 | 79db0aacf2a399201c4fbb0d6b26b7e192ee07f8fa1dfb43282f07ecb5a245b7 |
| SHA512 | f936b70f0e2d0b225622bc165b4388d493510c1eb776814a11ac6be32e31f1e09a67c1db0fde273953ba868ae676806982553a5501ce70735b0c170cee397b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | fb1fb1aa49d956fb2cd2822072b2514e |
| SHA1 | cdf1266ce78fb9a8670dffaacd295dacc5c3ed7e |
| SHA256 | aeb5f195cfd114ae349cafac1854011cc055184b2d6e43c64b4ed016870b7e7e |
| SHA512 | 48cf39aa6ba310bb7945ab57691524ac7238f7f7b2ae1fff4c68226862600d52b22db8d342a52259051421e6b6726cff90f74f383d164f33cae80197b48baf14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 839def0464ec9d1c66aaf8c6df31a972 |
| SHA1 | 4d73dcbf95396161736e44d7914028b6173754d7 |
| SHA256 | 98a1d8b570dbd3fc63966bb001aeed146c4b01cbec2446144f2955ce5d470bdc |
| SHA512 | fac1c1b3ece8268d797adb7003249b03469d0e5ad831982077763397dd620512ea16625bc175c3b491132296184b0b23e28be5d0200f578bd21d1bab2f4f58c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000007.ldb
| MD5 | 6fdc1f2e221e49d5310c0cacade157d3 |
| SHA1 | e0c51ba4569a850e3f16c6ca6cf7069a9665315f |
| SHA256 | 41dd63762a7bef41583b41a24d799be039427083ff7af6e9a1ee176b552a89bd |
| SHA512 | b674347b8a8fa33cb5eb774849a51110473a3adef78b1d76df076677f1f7a14775780f2367e645272695ea9d16742084bb51f79f741163c5a3a595db05b98e8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb
| MD5 | 64d4b191e2559b80ba200657ab9c1bdf |
| SHA1 | 394b3c1ae87b45b7f1c7cbd03c3a3885692f42d0 |
| SHA256 | 16ce3a53b693376f40f5bd58dfb7bb6b0eec8175ba7b3b608068307309037b2f |
| SHA512 | db8b6992ff5f08cdcb042594edb4eee71f1c52cb39db0a4ccd33eb3a49578aa0667556dc604c7ddf2f72c9228c3681a552a4583024c8a128dded9a8912a838e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 2a1b57b0d81d156e50608ba390594ad4 |
| SHA1 | 5399a98d2262625c0ce1840fad8d4bb11a629a61 |
| SHA256 | 4fd7e57c235338d8b5063c4e17b8911b7e3b5f0c08bd70168d5f56c1d06f182e |
| SHA512 | f1a577824a389979968842bbddb1ce1669371f3ff1ef16b86a4fee9a269f0b00cbfb94053aa55ac60287a23d9a2c0df053b0221e17f752a7fce45dc717130464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 2a3f3e0f4d87b63f70bf2d3adbd1683a |
| SHA1 | f86e1f6d969258bf46eb9d57ce6e48d804f28ba5 |
| SHA256 | d4b9710e8de719174630a186a8d485a441df94eea73a009b7bef5a0c42faa9f7 |
| SHA512 | 8dfc69c89ea3b5a6b73f8fdceba2185a79f85b216cb2e2d48c8fe20a20a01bc783e4cf5a94b74f22725bb594092f3a889515c4b2dffab4ea59b1623893e0c87d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 2eb3681d80debab2310dbd47315cf27f |
| SHA1 | 543038d3c97318138953875371326a50d8a18286 |
| SHA256 | 4760b23ae748f46f89a8a054e9e31656aa7bdc9bbeda94f2c5ff201578d581b7 |
| SHA512 | 71cc2224d7955f4982762d335a27504f2826d066e8700eef5ea391adf2dc9d8019ba3ba4db5ff826b6efe51a8af55f3a59a4918c4c7c1e4eb86557120bb91e51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 114da86f0e752725ec4402bccae35443 |
| SHA1 | 8f0e968d8affc73eea0b3132ae5cf2b56a1b6e37 |
| SHA256 | 56e023128f893831ab6ed3105a0f7e73a147b874bf5b53ed193d88f9e463f6e0 |
| SHA512 | 1b8b6e5ab015ac86aa28400e466af7737d60ddf9376bb0bbf98c8b2a1924deda4b8c40ca4c84af1dea9145597b3e54501225949550255072c6aead87c38b1dc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | b7ebe87db97ec4025b5efd4e861e5c63 |
| SHA1 | e2c8dfd1a0be30d2089d4fa92db9d27ea9e66952 |
| SHA256 | ccc4b7d2b1f8c42e518ffc461755803e22eb4e4a2c37ee306cf5b574bdd636bd |
| SHA512 | 1f3e86acbd5dbca5a53ed82cb6a837a315cc767eab79b961cc0641353ff16d2e8abd6ab0d374d75aa3c1ea6c82b74c3b580e976c900d801460f1cf4fedb38f94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000006.log
| MD5 | 3448919143fb934e2d9a46069484643a |
| SHA1 | d0eae616fe25917795924297c83b6a6e64c0156e |
| SHA256 | b96eeecf756edf282e57178182de7032363b095b16206f9252eb508a76269b53 |
| SHA512 | ce6319ce3baa03a9917487e827c0b19e579885a9152fab7c5efd0511bb6477a6fd5abbbc2d87cdc10e2135e1d0dd0a78da6a7ca090378a9f3289578d6ebd4c2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
| MD5 | 09b4fc4c9d7d6c0d9366fcd7de92eb59 |
| SHA1 | 845e1e56790f4db401aeb8950d6faf91161cd520 |
| SHA256 | 0be345c63327b6dcd49b63273216207131888a13cce509ea254c738e6e84ba32 |
| SHA512 | 1ccd34cc47bc5b83cb24631b32013b44b1e72eb4b4677eccae63b30f5ed1d8bac3925c2e14b0223ddeac36ee9d945ae823ef1c4468140b6a1e744830d7190aec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | b3b6bbacef136a4186c5c60598e45ead |
| SHA1 | 6798bd669721754360cac65702141973252097fd |
| SHA256 | 73c5a89b6bec4d4b9a77faaed8e278991a33f4402b6a1990f6fc5db3eb6296e8 |
| SHA512 | e78c55638dd36f7394ad19230e74acab9e9c00ecc0b5c71e623fc8fd5d624b556a06318d9264ae842a4d57c91f42d1642c410293ccec8303493b824194d9f142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 2d4cd38f6bd0045b399ef602bffbb448 |
| SHA1 | 6d28863bed5951980ad801ef6242f99f120628a9 |
| SHA256 | d05273f199bc473153d887fb07cef76e9453dcf9a79901530ab08879b0eb015d |
| SHA512 | 92c6b7343b8ddf9898d2f00a8f15be78f21ba7c9bd4c95cd08191a631a534798cfe2cb4db43d21401f494fc3271e95313e5b0c50a7b3787905d6d3e0ebc71db3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffae3b1ae141282c586665b7230b9dbf |
| SHA1 | 21bc85f106a2dfe433d4863687f786f6aca8ddce |
| SHA256 | 9991120688ca2791632347874cc3b31b7cbbd400076d216004ca584d06d0d820 |
| SHA512 | 95baf6095a70ac4cd492f1397a15c62b30254ad66671b7f1330718bbc2496fb9ca092e9e997787e8699c0e1fa4983852fbe022aff8c6bb76149a093e952da24a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 236b8bb31e520c725126fbab8b1a8291 |
| SHA1 | 5db2500db72dd4da437c1ac6dc514917ba9ff015 |
| SHA256 | a098cdc7bd7129ff9cc2800b0856c7d3219084b2505708368c49c22e5c370abd |
| SHA512 | 69176bc3fe5a6e638617b762646eb559d8b0bd75eeaf993cf6aa6e9b19903528a515b0c42c0350e4ba5641f26523b29635f88f6ee9d99ba3e96667587acddf7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4191516bb9dd5fe819eb6df7b9b8d21f |
| SHA1 | 6b86dd91ba52422d50f8914c281ad603b07c571e |
| SHA256 | e9ac96bb226597a18229af18d781ddb98a940a7f4767d0dba1ae38ffb8e067d8 |
| SHA512 | 65a031a3901e5ce24fafb3647adfb3c35c9e0044dfb522786da07a68489adfed467cb5429a2a55fac5a63f6ee248039e140f8a165b858d382e51615a610d4df4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cbc5ada5d1aed538b672f7a0bdc5c07a |
| SHA1 | 0a4c4e3a0f693f1542f3511f6db8484b3cd85622 |
| SHA256 | 364466e5ab92a4992699839c582e0df3e138fbb696c7b99af024902b5dbb062e |
| SHA512 | 99dd038edbe7d4e5ecd6b8deb0bcaedb608c55515b7ef9b3ab3733793f2eb5b1e0d347c35a3916a6fad843f8f7770d0e963fca0992bbfc6e053c81d639900315 |
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/824-1200-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Documents\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
C:\ProgramData\Microsoft\AppV\Setup\@[email protected]
| MD5 | 7413b45735801b9688a426b954144567 |
| SHA1 | 287926e4df92fd70c56ddc1cfdf5740017af81cf |
| SHA256 | 102578929605bafc29cb002ba9e4b3244b31182e62c032214ac198db6f253b81 |
| SHA512 | efc24d50f7d9d4d2bca13ea2253e5ab4a9facaebffd667011c774868be2246ce79ebbf5c0541681e18d500ca5137c5140373481d3340aba8c37cf868efcc500c |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/3056-2665-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/3056-2668-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2667-0x0000000073BF0000-0x0000000073C12000-memory.dmp
memory/3056-2666-0x0000000073B40000-0x0000000073BC2000-memory.dmp
memory/3056-2664-0x0000000073C20000-0x0000000073CA2000-memory.dmp
memory/3056-2685-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/3056-2686-0x00000000738A0000-0x0000000073917000-memory.dmp
memory/3056-2684-0x0000000073B40000-0x0000000073BC2000-memory.dmp
memory/3056-2683-0x0000000073BD0000-0x0000000073BEC000-memory.dmp
memory/3056-2682-0x0000000073BF0000-0x0000000073C12000-memory.dmp
memory/3056-2680-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2681-0x0000000073C20000-0x0000000073CA2000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | a29fd1ddc8d3cb0d2a4bb897d863a5b4 |
| SHA1 | e7a2fdfd0be839c3e145e8e8575fa8b6fdb85880 |
| SHA256 | a18b2fd6294629121db173d60e709b3ff24eeae96f6ce33beba76383df8c45be |
| SHA512 | 56de5450b013a90a9d2f6d792d392800d503d8b34acd4d5ab1063758d427996fee6a27844cfc05917d59a3f06f9c7256be5a3bae0b136824ccd155090f4d105e |
memory/3056-2705-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2710-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/3056-2723-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/3056-2718-0x00000000006E0000-0x00000000009DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\817a208c-fb40-4f02-8ea6-64e0dcbee749.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | de6bfb97f7053f2a9bccb4db99681bac |
| SHA1 | 1610ddcb911d76d024bd72d5f1eccae76b775fe8 |
| SHA256 | cc772ba8bbdd7f0b913a5d3a154a6725c4f092589eff63508376e3f20196f46d |
| SHA512 | c627fdcf29a6d73af775103fcc50e8481c4bb2f08b021551c707bc1947f22c6aed7974f56592a6dae1383ba9ec5d27e2f9a681f33abad8648145322cc7cc30a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fb45a7b43b06abe9e3108eed12e719a |
| SHA1 | 00dfbc37e06bc19ac06e98326317d4a37ee07bed |
| SHA256 | 61d6aa18355493a5c549a80c14aaf857d6e93663aa7aa72ab185476e95ccc2e5 |
| SHA512 | f288ce7bcf8825651e0dee137b7251e21ca5506bd3606b62e5d0d64e75edcc6c198a262148eba57addbd19d9c98563bc3a1c1e3695841d522ddb309ad5b65258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/3056-2777-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2782-0x0000000073920000-0x0000000073B3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 003466de8c326495308b8cd26460a759 |
| SHA1 | ee475e6cd00e23575050deb2a497d5c6abd4c057 |
| SHA256 | 7f33b8bd6131d7d466f752aae27077216e49f1c86955da3b924341b2ab064494 |
| SHA512 | 652200134079ec287cd9c156ab2706fd447b86494a3d43963cd034d1cd238199f0b91edfa7af55e669d0c9b430667ed988507129694e4f69ff290495e0817608 |
memory/3056-2798-0x00000000006E0000-0x00000000009DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2ab8d011f66d98e1f13706acdd79b572 |
| SHA1 | 06956fa5d061ccab56b52c74a78e6dbaabb8d852 |
| SHA256 | bc302c8f134a47d96d8dd9061c37c81e5899d3f3e881658b356d9db33225910f |
| SHA512 | 489b4bf8235425d9aa225275ff40b6ade5e7139ff1c9055f2b20f7dbb6ad0a999d2fa36b9823a404b04980ec568b45a946deae2e9845a2d89c6a58fdd9add8e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5abb81.TMP
| MD5 | f7c08b3561015878cf728971405743eb |
| SHA1 | 1c8f37969e6bb3ee68d35b6cccf5b85056b84a3a |
| SHA256 | 9b8f878da14be9fd8a850ef6cbf904b597c92a986aca4ad7a408b1656f1b067d |
| SHA512 | c55eeab349f11a4beabef8fbd1b34453708ebe1abe33d16c4e9c655c5f60e307fea9f4d7957e673365075f9519ff14642975cefc80df148d1f274a76c0353c88 |
memory/3056-2874-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2879-0x0000000073920000-0x0000000073B3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7dcf0476d7140b175a4957fb8743edb1 |
| SHA1 | 7141a5a457b42754ba78d2d4e404bfcbeb3440f1 |
| SHA256 | 3ae2ad869695ec42a854551c78e7cb7739723248555a4000b1aebac49cfb3ecc |
| SHA512 | 44db79e6c729fd37b42aabc123b495545a536a5f65ccd61222e32437dd050d873a6448f82094a6a199cf5167ee480b7340b3fa4a7478a8a5dc54bed7481a2836 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6a3e408b0d4e38656f64d068e9eee7ec |
| SHA1 | df7155ad6ff7f8ba63b0eac785e4bd31ce8e6f6e |
| SHA256 | 3968448de685a0ce8bbaca3dbecfd103171b12bda73af67796374430b80e0ac3 |
| SHA512 | 0f3019d433afcab1dd0a954771a513bc9fb64f5851d5452c989f28b824769307f95117ba90f70a8a9fae1a863058dec056bf16dd08da7a017e5e388fdacce7fe |
memory/3056-2902-0x00000000006E0000-0x00000000009DE000-memory.dmp
memory/3056-2907-0x0000000073920000-0x0000000073B3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23ccbeb7829959ca1fbaf3bf2596d4fe |
| SHA1 | 0641c63c96264044e0ac5a5a45fd161d3af22ee0 |
| SHA256 | af13ea0304b45c82065a1c871714286ea8915e3d99a40f8e81007979b018b4af |
| SHA512 | 17b58c60e77edff02ecc015f469403a42ba1e3b84c890c1afa2f7dda9b60d9e21ccbb29c96100d0dcdd2cf4ac2edefe70c4be2ce81a0e1591e1e9a17df7ee36e |
memory/3056-2934-0x00000000006E0000-0x00000000009DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2149f110c7e511fca7074ea97f8d4980 |
| SHA1 | e0f0a3c5c271f8c2aee9dd1fff1ebe17dfe3438c |
| SHA256 | 52892da1e678e1f0f948d5154cf5610cca055f625cda0afb10679043e9dcb0c2 |
| SHA512 | b029a46e2101999e7cd808f29bc986e2ea92b04ac51de95fc920ec27ed8b4e23ea9f6752e705ecd8fa38ee931a9e4a38d9f22de26a4560f691968dfde355c539 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 950105af3c81fa622057b1813df97ea7 |
| SHA1 | e1692e303df33970f27371719e15e9d813c57847 |
| SHA256 | 518da3c1e78cee30d56cab5ed37b75dbfcc56fdf34483a088c4cc01b6700bef9 |
| SHA512 | 9197a12af5ac2ca8f4bef8bcbc9ea31a0c57f253b4e5a251a8478d0d54a1f323cee87a7b01f54950d430e0338efeae588ea01b976e3077d0dcffce5a78a7d7cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d184c066a733e01d1644964adf096244 |
| SHA1 | 2c1d49e0de301ce4a97f2e49713e1e0c027f6235 |
| SHA256 | 66c5f9c970aa71d1c94d9eead71a1ce41ae3907d9f6434584ff7741d0e400c60 |
| SHA512 | 688a3c07695d70396938f365a6c1d53bab7b6205af2483ae1c4c0b56149e56754d1bde50f9330f521b0d9099a5d316465b9322d744e40d33182422bb0f8d5988 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4ae4066085b652039ac5c85f5e8347d |
| SHA1 | a1a107c1ab8b6e0e8fbcb48545bc09a5a37011cf |
| SHA256 | b392fd10b2a2c260cdba84b8c8a7f200e037ca9b11cf019382a95338a7a7e376 |
| SHA512 | 0302fc4a8e22058412ee3fe288275f1f09ac38dc4c188d0b42eba8e50d15409cb3dc6908bc9e9f46f039a1461b6bbb4c5745eed5b15d8e5c1a250c7c3b471044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e85ee225c32c7856831ea28a1129119e |
| SHA1 | 941fc804514ece7038cdeb738af8c5cabd412fd1 |
| SHA256 | 5c30f5eb8bb530aad8774c9bd8143e7e4902377b8b9c5e95d641e55da524fdb4 |
| SHA512 | 6fb785667074f1cbea4b74c6c1b007da982ff91117d6a754d682686c59e5497abc8634ed3dae94c8f5ffcaf20528fe805d89edb8d1ee401f50155b1c1e3a2541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a00f5088782a08be0b9492d6f151f25e |
| SHA1 | 47ce69d3e5f6c337e38b7ff2d10f7b5434e5b8a5 |
| SHA256 | 3c5a5c5e88c918c59215a4e16bc93f4982d612a033c170e790d33586a5cc3674 |
| SHA512 | d8c13b3d04bf8e3db6ac6527cc3bb59a0d9bb134d7eb9ef93da650a4357969fa03e099c7fd8a67a0c453b662f8bd1ca1a95818bb0f36cf0d6730aeb6ae8e38e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 02e604f7843389afb730ca36ffb02f57 |
| SHA1 | a8d72bbe97f6934bfcbf42d279bbed0dc96120a2 |
| SHA256 | efb317934f9e8cc3bfbcd81977199c2a97b22ce3e51f8bccbef475b4c158690b |
| SHA512 | 591f1fb1e55f314852daa23d45cd3b46881142e881d7f96307b376eb4192e32df372873b1e89f4fb90090642184892500f4a53c774e00b8e4210751e13429808 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4d17f60f43ffcff2f1a7224227570dc8 |
| SHA1 | 4afdac536ba987de8d32e63766327845e44c75e5 |
| SHA256 | 99d224383ea4b8fedc22e2e9b62b2778f1e54c7f1191b939253dad041cf0d6e8 |
| SHA512 | 4de1aafc21336ee106ea2dc134ee44a1ffd1e1b43f4b01ea9eac3ae2edd1c03c2168428b84a9cc5fdba6dfa75e613eb063ab86aa442526f973ade71495d07d56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0a7c4b57d6ce571e983bccfc58b7ed4 |
| SHA1 | 174dc84678603a35eff25049a3b6e9aa177402a0 |
| SHA256 | c2f8cefaf61a9b30c0fc02376944c6e7ae4a1012996405e217fd214270413696 |
| SHA512 | fddb1ae9bfdb28902d81bcfad88a0d2d6dd4f72bec6c0e9446b66b6443cdbce46f80ec96b7f0e40748a3eb187a6c9ca8bbcf48f2e147118c871135e98895d4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88c34451c2296e6008eb7fd4f1422f2d |
| SHA1 | 71fd2499e39898e6db341df85c6f664d6f49bdc3 |
| SHA256 | a56e0f11154668f581521ecb4ceeea376c566ab64deb1cffb94f28e82eda3791 |
| SHA512 | 81d5a8d6d31fc2915f05906571239df41c62ff1083fc5b81a658398de195412efd1e47d1ec6b94dd65363599d9f8b337a5bd01555ecd0345ddeb7f15f8faba56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 785107e5ed4ab408440b3bbc044bcb63 |
| SHA1 | b7b7be616f25c469178dcf50b1afa69b14249099 |
| SHA256 | ab71fe3cb53dc3578ee8e65f619b33d5ee4983b69895cacb18bf4718e91d57dc |
| SHA512 | dd84c0d5ea5a276ed6d44db152575ef7c76cc5798a94d165193fbbe1d20fb941ebb9a834e98cdbebb35f7de391d06f301abbc668033e49e8d3a4d002c1bb58a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e847c3add8ab16b096563d9cfc577be6 |
| SHA1 | 43ee2bab18627f989744045a2419a8edb3cb3693 |
| SHA256 | b59f19cad1dd9ea0d32b827d4f8957b0da757e20557a10fd757348745c30b555 |
| SHA512 | 7edf5af311c3396f758939f9be31f100dfab65785439125ffe3043c727a89f97e69276e0f28c99c6f7d4d1bf5ca27a8c8edc80b102196a4085bd6fdb783dc2b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01cb745a65c6581b8ab64c9053036190 |
| SHA1 | afcdb409cb351b6583a003ade3dc46dbabb34efa |
| SHA256 | 266a6057949bc8f880aeddcdd1a24d8a03b61d5218d37024a81198aae9ff0ff0 |
| SHA512 | 79bd343efb883fdfa6ce1a65382396a9880ebb9d348a6b01d4b4dcb1290fcdff1d6f6cb4168adb484cd3f13a51ff2729c54ea46928af02e1189dd36115ba467c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b3103623d1b1b545078108bd520bf0f0 |
| SHA1 | 4c61e5038e8f379bb0ff5c9ac4e237ecd6007fa4 |
| SHA256 | cb747d485eacdea6d8374ef9697a5d44c9b8f8601af26f8beaa2d30489327392 |
| SHA512 | 714d504da7606e684567b43a4bf4831c5485864c51f703d33d40e3e87f60399ef3c7e806d9c60f64d8199765973022be3a60bbf108fb3fc3ed73b020d3cb2278 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 498f5b2d2c49e1929c010f8b522f53db |
| SHA1 | 668b72e2b37d1a38d9aacce8f652c4a10f6208fb |
| SHA256 | 541f10ac8c2cad6aa8bbb83b47566f5f179fab8915910652d93782718b99ccb3 |
| SHA512 | 2379ab7d57a7f6cc4fe0b2fa47d3e0edc72aa3a7e3c9606e06e750012db11b2ebcc039d78504c4031cf51cf7f50437c14dcc45e47fe1a19b5e5bba52bda30e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8e3ffc71f65e763f3f2d94a10bdf6a1 |
| SHA1 | 27f21983f0a103c654e9f27070000af878b2bbdd |
| SHA256 | aba1aec6fe99e21834bd79f61e2ff22e80bffa04d2bf202b020de39e192763e8 |
| SHA512 | 8213fafba1c6bb3cf377fd0bdffff9ab7a93c822499f09320f7a350af029acc7d5f740d78631bee4fb81b6c611bb4c4d78647b862107bca8fa8e1289cd772792 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | cd89589b358746d8ed2866b6e27b02cd |
| SHA1 | bd3a690def44abe60428d76c9fe6e43254587779 |
| SHA256 | 2baa28a77a7425467f5be626ac26138651a5c414161e44a6dbd28563032ba0c0 |
| SHA512 | 53ea718b16b244c8e2fdf2dc41818f768120b424489a47776c8901d8d2efdc6f1b45b0934b74b99e60773c7075c48a7b911a750e731efea8dd731eb60d31363e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ee92ce84489d99c1463009a93c54c8df |
| SHA1 | 439abbed81c9153c229f6bf3684edceb21da4c5c |
| SHA256 | 98e4e6394cf310d7d457d4cf6f73a7258bfe8649c7aa52437d13f2f3e784ed07 |
| SHA512 | bebe16439ad5e1f4aff3e311e9c853920e50c71b5fc7d4f32cb3e1d8d6c39482568e80d09bd4c17c0006efa251e3668b79d4af35a3b822cb56bdff672ddd47cd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 24cf9be9c34a8fc18d390ce7a3852425 |
| SHA1 | 4072a2d414b7d0ed7ff60dc26575ddb718bc5478 |
| SHA256 | 95983ea9f9a5682495d0d06f2e58352b8f75480b1b2b3944c603dd707d29242c |
| SHA512 | cd31dba96d2e62ea41059df69b856ea3b2c9b5a167a2b7c4cd72c6074ba8830e1bb2979c087d037deaa7d611b92f1fd9a36378cb6868fad2cb91313647d68a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f3e47d278e93bbe54b2422686098686 |
| SHA1 | 80f42afbd6b087cbe17159b85a4b3e86272407a9 |
| SHA256 | 9a90b3419118a6162b9a37cd67f94e276a2640080c1c07f1b3e11bc2e78914ba |
| SHA512 | e764005439736db056ef44abc31a5ee45fd069e63cb16acd18eefedb6d5bf03a5617de3c05afd0dc9de437b135e0d53dbe235f822e21e4df8f71c54378794d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aaaa63cb370b395823d66f11e483583d |
| SHA1 | e78b03f4d1d500f4e6c71a8b56fee90c108829d6 |
| SHA256 | c02d6fb82a5f83949547ff6ea974d84d84b5d6c2f8545d82c353681ec7b01352 |
| SHA512 | 6985fdca3cd1b605b373b8c6b4bef0c410557c2c1ec25a603c40a20e5b6fc090394caf4923eb3e30b54c5c1edc243e56d0c4dd6beac16172ba43222f655884ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29e99b59bfa55575d51bb21d4f0852c2 |
| SHA1 | fa87b1782942a14ce4429b4bd0384a2cf37cac58 |
| SHA256 | ff26bf08ca15996c39bc5fad1147171a1b688e82330bb55c1e4aaa38487072b4 |
| SHA512 | eae02d5dfce34a8cad3d2c14dd0b0539425885228452bfb7e6da72caa2640b80742d4e1ddb5a1c96da497ad52bb57ff5ac7f90d2dcaa0936a072088f5ea3185e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f9536a193dff508b584c2674009141d |
| SHA1 | 65cd256a223cc391e0a07f8cdb8f0d2c54161489 |
| SHA256 | 2949bf57d39753cad5d845d9f3d990f8031fb3631a8c5a94a1e64328028f7773 |
| SHA512 | 15b5854851b348f5b209af8719c53cf03122455319dccff7872a0c8ab556ed7ccc7eef0896c33790928b7a0fc289813103c9e2c0294164458957f2d6f0c5ae95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d69ffaa433dad09c2b052aa43326591 |
| SHA1 | 1ad6eacdd8b7d8d90028fd1014ffb0d78a302f71 |
| SHA256 | 4b3d41ed31d46fda58ae53a2b93aabc56757cad1f583520f0818d5ba1c136c5c |
| SHA512 | 95b9b7a16069d2f513e555f30385e6ac4473facdf1c0df667eb7d811a93327469896c6723ac5568c133862557bde9a4495099f4076c1972be6279d92a12533c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 943b881cb295a917ac5c33a96766468d |
| SHA1 | 533b641cba852b3101db30c1140be65e64359ff7 |
| SHA256 | 41a4e14dbb2c8e0d046a730325d17b220a9ca01d3b56553423acffc5d62f8e6b |
| SHA512 | 4bb21f697fb8470ef45f33e5f58bc1f274f86dd0b8932b41221101f52eef83cf33d11c5b886de526848e0cb5b71664c29004637c3188f797f0d8d4dd96e60d44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b2196bcf883b9ab311b9f3656962ea2 |
| SHA1 | 17e8699d4af6dec123812cd2b463f2ba1fffc721 |
| SHA256 | ae3e514eda1a74ee9ae1aacb525ff95ff40a178b8e3b8e83fadbad9344d0899a |
| SHA512 | d03be2a80846752cb4b5a3b77e57fa6a37a83c1da58a867c5b3bf5a9052c7295a58f18ddd537b011b79832d7f323023870404509e7f3b836b27b2049c91d0bfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a912242ce95b01893f8afa12dadc0442 |
| SHA1 | 5f03325ffdff32d6ce3fe611fe363cc34b0441c6 |
| SHA256 | bfe8a9fa53fde263b62d05c2af68a003a2bac3f4e717021903d921bcdce8876c |
| SHA512 | ae4f13a298b96ec121b59f67f9e18eb0f03e85704d0458667be46e3ea16173571fa2b836568d9785873b263ff66b8b622fef357bfc1b3bd4a4308431e89ea2af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 86c2cea5a5b747bc9cf90dd8d5cbeffe |
| SHA1 | 7a92c459537eb0812dcb67c8b17689a222bcc34c |
| SHA256 | d8d61d98f1d21fa8cac655ae193b1a7818094c037adfd13f157fe56717aeb9a7 |
| SHA512 | 50e5e0ee6433c90272aa79fea739c4202a1f82c5b0f993d6b7af565757078a2ea3cf3674986d54cff6abb5220d28171aebb466f21f41e648cecca7dd5e583161 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44777568f508267ae0d4229c26ce550a |
| SHA1 | 83f837e7b66ca2104b541aec3599d762181ddc69 |
| SHA256 | 02eeade535d7665fcc1f78764baefc6e3656463855ceed483826aef6900197b9 |
| SHA512 | dece6e9c070ff4c6f06a5fae1b32395c43a8a62a3fa3e9a3ac21fe138c06d18a403e2dc2a00f948a8d2e53d510cc722a0fb7a333e93b6daf190f9f41d5e2c228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bc3271f83b545612d30b98e17da52bd0 |
| SHA1 | 4b00798ac3520f9d5054ae1a6aa67c76d982eaf5 |
| SHA256 | 1f268320cc3242eac4d2af5e54f03c45a27cc665288eac58f9874e09ff047e74 |
| SHA512 | ca7e492eb22a9238eb36dd3dd1d17714a10662a9de9a8d6816476e181ef1c1f2b108417d1c378281961da135908851f75d8a04fc839108eb431f278205ecec80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1b01d055b0347ca2658f331b3caa33a3 |
| SHA1 | 37d395094c184078d190965f1f70ef2fdec6a82a |
| SHA256 | c3f04256494dc7f0a925b572468610267a8ea3c2b2d0364a993294b2be7f4f18 |
| SHA512 | 33150d577d8dec83318a03024bc90e8683e60348db2b56f080a8471f09884b6cebb7efb2b2d2a12fbf8cd5d3f5b5990bee3945ab72d2494c35090bef83242205 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bdf02139bae8328034646ff0482002ed |
| SHA1 | 7a3386e5aaee13c1afdb1b4b8594511eb576640f |
| SHA256 | 2cb5cc189c41789ecf7db19d48cd86db8b4868b7bcf0db880905fc08e336cd56 |
| SHA512 | b9b539ce90975ae7e1236310c16985a72b7092777a3b4b12eade77724a2657364f267318e8f49342da16b7770e060f6882a3b4418d7d1ac2f9c2e05b671584f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f664a245-aec0-467a-b4ea-18d232274924.tmp
| MD5 | 44c93b22564adf59121e50c793341654 |
| SHA1 | e08fe07b6598a3c89ea6b9caeeab7ed68fc3738c |
| SHA256 | ab82e5968f7f325ee391b3e44cdb22d9a35afa89fb7baf7a6a58c21111044052 |
| SHA512 | 860783e4b7c963933f284daf5647e866ba544f2c37727a5c1061309fdd0b1a6bb23f2b4352c698fee9fc738b8187020ffa1ef25278e4f5e283bd8d1e35bad47b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abd2e3fbf6ea8213ecaad0e64fea53f9 |
| SHA1 | 9b54af8e324428d0d5da715fa3bf317333313389 |
| SHA256 | da54834f78c1540f5072c48c6168a12a150d1f9d0b38c33db4e9a4421f420bdc |
| SHA512 | 518d9d48135cad15e811f8ed47334916acd3f15aa90c3a0451ab6342ce787e936918e6eb89b7f2d13e78c46e36a25f253b10e6f7c81fa63592dee611d60b0cc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a2124e3e9413e290e93a250dded97e8 |
| SHA1 | e9ebbd98f57fbbe1375caff12e3987d08ca8d668 |
| SHA256 | e4d1194be1b67975716d76613cc6d75e3b70d5186a6ef44cf39472a9b3070cea |
| SHA512 | 9b734c2f374425b3be4fd5af6d6d90ffe40f7e518b6fa84fc9867aa7b19b34d892bd0204ea804a8606a682e5d53ade203a9c1f2724b96b0b5c5e7f8154963813 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4479b5dc76210bddb0aa9cc1fb5ef3ae |
| SHA1 | 62720f574c9cf9bf32601c2811090393cec4bc57 |
| SHA256 | ba230cfd105eca4295cb4c194d12a0060a3aee0e4eb14f2d66d678aab13cc793 |
| SHA512 | ffa75377991797df786c68795ff07dd63121cf3b8692aad2bf79330c96f7f185110296a8e14509714f497dee9152d47904dd1daa428a345902952b30498d6bc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf73e46b0ff0c7513e755b97255e930e |
| SHA1 | 6ded46b8877ff9360539b59566efc85fed8f7af9 |
| SHA256 | e866a4029a08d1abe5f1fdbc394d1e5e161acacf812bd9a0b6e418061695b509 |
| SHA512 | 5fab25a46af8107c026b881974e126a3d0ef3ca41b6e7333cfac337aaadfe04f7606184f883c5493961237ca6d65e097ae09ce67eda1fe30fe3ecb5b3e887129 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e17bc73f23d69d8726f5aa4792028b1 |
| SHA1 | 5e2ab5b3e67f6e9fdc06ddd0ffb07fb774fbd866 |
| SHA256 | a42d129ad26b9e871fe6a5fafea5024ccf726068a53d237fa5dffcaa311645a3 |
| SHA512 | ee5a2f3586aa4d8a7f6f3d303345ddf514ce1876ea3c324e699fca6e9d90ed908f7297ba570151bb79897dc85fa1e7dfb52e5673b58a2550d3589b482b8977de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e40d744e8fee1e94ed9c3c722b35efb |
| SHA1 | 9ce98af55406158eb3dff7ee47ee0199dab082c2 |
| SHA256 | 862c05fe168c498a41d4baa12c81759cfe911c6cc748bb6fb1466560f47818a4 |
| SHA512 | 1cbbb3b719d1f317a68c0fd55ae5ae95e40fe4952f6b975eeccc572d9b19d0dad16e57e7ea2306892f15144e8befd0d286973d5e7e5b74cf3e6c6d7c3e18adb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6c54b07bbf9d0c92a18bfa9e855aa47 |
| SHA1 | 50cda5dbe2a20c7a399962f305857c8afe03de6d |
| SHA256 | 05f413f716ac68a408f0466a3aa6c09e0a7be647a8c441e4e4fd5a003afddec0 |
| SHA512 | d7c90e7a155f53a6d938ea16d52b84400df689387168d8d6eaf68b94ca705c2a60481215ac29679d93bf9fb4b428a164a4f665db3bdb2bdeec195b583c5e6b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7646eae24a3b2447c4623320f7896219 |
| SHA1 | 0c4eaa832c133ba2f513ba7c951d66797b5cdb6b |
| SHA256 | f94c13aa0dd9d3467ee36558fd193fe5f756ff75cf66c95092347103c50a9458 |
| SHA512 | 5bd322b5738c8249f4a9c82bb10f75ad73c39de078337189225fe4ac759beb1282891f5a2b776e98a44a1e7089b188103cfa4c5a45d707640e4604f9da296c74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 05654d6f33298ebedfdd5357334b5f9f |
| SHA1 | 6d61e9c3b15e3c818abc3c624d1e96364194d160 |
| SHA256 | 19a30623ff20f2dd6302409cbeb2305b80ead590508c0543c7232e14cd3f310c |
| SHA512 | 29b178401271882539628cbc46a04beecdbde67e2e0854eea79da0de64067e04b777b3e2f6673f9f79258b58a1123c760a69768cf08f3ccbbf81efc1159f6ee6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690773618673
| MD5 | eb391f30410db998759db92d105c1ded |
| SHA1 | 4a55dafc25ca140567479467ba9f6e2a382b67f1 |
| SHA256 | dd7cf35b7c19b8af3276a0356667dbf5b3d87b5482e17982bc02f8f8b6c6933c |
| SHA512 | f4bbc31cc1dda461e312b4983fff2c1c1aebe63f25da269290403731ea948f1850d9dbfb8e920fea1c5fba353529454a708602f9035b9f4dac6ad2bbc48f6a4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 8c3bae226fbdb1b45893ddde5c35fe8c |
| SHA1 | a97a5a390d6cc6e9523371c70c060662ff52107b |
| SHA256 | 59f227c5de85f70cf471b224f1e8f9fe5ba48e6f722e236126bc6edfcbf600aa |
| SHA512 | 3e9feabe76653387a5f55507426acda55b115fc9dd5f70c0e4cd243f95ad58882a8a1f2db580f5440ad822f1e186db45859922beda9a3805d0d75e7b4f927bb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 1e458d7ba453d0c5e8a88551efae4da5 |
| SHA1 | 3bd2433e281697bdded659a623984e72216c95c5 |
| SHA256 | a33a60cd6e74673d6b896e894f17d24d07904bbf33be54a1f0b9c139ac698d10 |
| SHA512 | df990b810f8b7f38f42de192b3fc14fd1b8a04d49edb63ecd1f67c6b754f83b94a73d15698dbc95ce658a0fd996c523f6c704e454ce26263fb1ecde2aab6e5e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 98e1ebe1d47a5c85ff6845eb5411559c |
| SHA1 | a7bff28ca513eb97450ac611924688871e595a9d |
| SHA256 | 5fde89ba9ebc7d9db7da439e9f11918920017ce246b11a07357f4cdc8c517b53 |
| SHA512 | 6ff48d11aa13b959d9f13d172cc203e8afdfd5f513bb4657ef4798acdbc2ccde7c5bcb43689e88a5eddcde71fa98ed5d69515ec0c971251b85b251403feb0766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7095fc1263c54dc2075ebfd21ea01e7 |
| SHA1 | 80c87ec952de4f72731e17ffa306a5caf30642e1 |
| SHA256 | 68f91a7c8e53b114ca9fd61d7fdc39c51393920eb6f8862d2c5616ce3060141a |
| SHA512 | d5fea0eab77cda272940e83d38d5d7df232ccbca762ff850316860b00677b105cf0beb0dabbbcf6deac412fb58d78e6543270cb8b44d7de2ca490b1bfa094bb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | ab6ab31fbc80601ffb8ed2de18f4e3d3 |
| SHA1 | 983df2e897edf98f32988ea814e1b97adfc01a01 |
| SHA256 | eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8 |
| SHA512 | 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f60edc99a3b5dfb1654266f8f0f4e7c0 |
| SHA1 | c77d91c7c703277303e8275b0de3bd354da2d47b |
| SHA256 | 5d79a41da957dd503710d95f9237a9e71310a38048b660916deab979789af07d |
| SHA512 | 4b559d522fb44019a478011a08ee8e6b75d88068f5a7f72d952bdd669630f21713da295907d455d79a42190e93be62ae09ac04db4c0cfd2679b69441064d231b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72429025b80e33bf8d66b71935ec64a4 |
| SHA1 | e800090fc8479baa6d6931049764378cc8b7d139 |
| SHA256 | aa7b4ce4378d456d606ffaf947c92f2bfcb327539aad2fcd6c291c9c0b3f843e |
| SHA512 | 4ca3fb50392a905a9ca3c059aefecfde5c025e5a17dc1b328bd8590f24dec7aad09f06d3555ad787e06461fef2d34f653ea8d4eada4c98f9dcd6cab54f9ed4ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf604a634c7530768b976104f2f93645 |
| SHA1 | 47048ccfca0a0b56eb0acbb7069e918d5ec19dea |
| SHA256 | deb7999b294e0aa5d5d948d2c449ec71a129494543dbd3b340da3537383cf12b |
| SHA512 | c989b49272003745f0af720d511ef87d2cd8bf1f7567a7c68b86043c9f62849cb3f27047287e41c2f13f75f3d8ac669adad34587839e9759acaa986f798dcb31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 069bc3b66d80db74fff0a0be3b193181 |
| SHA1 | bad5a47fc0e666c890e08b36ae4295a637c62287 |
| SHA256 | 1f45f4786c077dc611824062955c79663e7be5310a00b94827b8edc15e849507 |
| SHA512 | e1fc42baa203b13b5e74308b47bd1303406571a4969e60dc6d699766228c34f41fd57c7145c77a268a18bdf41b94e7b99f2d122fb7afbaecad8d08b2d7182f31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 084c0bb9ec475efdd86bf687cfc2e7ac |
| SHA1 | 0f3c789db1da1988f0da66f037d98e00cd9caa49 |
| SHA256 | cf0f4e7c3cfaab2cd8330cf2ad1826ee4c4ecc39a0f1681d36af5d7ac07ae0b9 |
| SHA512 | 0b746f55ccb81bf150ff3f3351b7535d68df655d96c3a352c665c282e2cd8baa906dd7acda17dc6c40dc47e8b329e1e2aa0a033f46b34ddf2bc728a5d3d84389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be1ad8b8882e2c59e04c4947e7d6bdf0 |
| SHA1 | 6716f94a056c8c36d598b92abe6db7ad21865c2d |
| SHA256 | 95e3e2f49976242b88873d0f1bffcfe007e0010a6d4da5a881b13a4e02de6933 |
| SHA512 | 8ce194cbc2b06694ead9d4db19dcbf1a633b21e1a45560686ce624aa25792dac6c333e5c86abb275a7e620c682dd565b9fa18d21cb16c3798a389e531b921936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 71409904bac67cd8797ce5cda4269a17 |
| SHA1 | a0af02ffbee1669ac9311fe1e1faf0a521da4b26 |
| SHA256 | feaeff3328dc1257ed27e5173198f1eb393e79f28006b5d099dc0ec5c6f5c892 |
| SHA512 | 3cb45a5210e2e61e12e5d5408a77615fc2ecbb945443483c494bed56f98f11f81dfe646f5c4bcd66caf6b3c56c6efc0b4148691f7a50a341af4f88fa237f07a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c302c39c66fdb10c13103d1b683b4bd |
| SHA1 | 30ace08b5ad160c244ea8049cfca7eff6843def7 |
| SHA256 | dfce76cb768e10c66e07b1b8b9f3de3dd95b112be6322cdb4173bfec3a9ea37a |
| SHA512 | 170e00563e34cee97518391ba5b28f5e2a09383bee7c88a31660a11a8516ef2f86cad3efe09e34e4e9d9bd3dbbc8f845dfa247f38afed398bc929b2fa7a6bf66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52a0b05a8f8ce939c48d070b8e54b358 |
| SHA1 | 36b89e4b6d3d30727002fa41268bb07d524e0c6b |
| SHA256 | fb7accbcfafa82b2fa975a13d8ff4e983562d7e0698253f2d1b2a00758080929 |
| SHA512 | c4cbdbe7948e96bba700234798703e6165fd802de4b2fa68aea2d91d84035a43378a474848a048cbeffffa8c84d6729112d1c413bdf2dcb82a5db82c20b7a50e |