Malware Analysis Report

2025-03-15 04:17

Sample ID 240825-f9228syflj
Target Cosmic Client Installer.exe
SHA256 d56658c16fc6f9dc2fea0db1d75663e796f5a6a00b5b7f0d4585bf5c91e25e44
Tags
defense_evasion discovery motw phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d56658c16fc6f9dc2fea0db1d75663e796f5a6a00b5b7f0d4585bf5c91e25e44

Threat Level: Shows suspicious behavior

The file Cosmic Client Installer.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery motw phishing

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 05:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 05:35

Reported

2024-08-25 05:42

Platform

win11-20240802-en

Max time kernel

437s

Max time network

438s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Cosmic Client\Cosmic Client.exe N/A
N/A N/A C:\Program Files\Cosmic Client\Cosmic Client.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Cosmic Client\Cosmic Client.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Cosmic Client\Cosmic Client.VisualElementsManifest.xml C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Cosmic Client\Cosmic Client.VisualElementsManifest.xml C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI39D1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A01.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFE0A980B41363C540.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{D57E8D13-81A9-4958-B3B6-FC525A68543B}\icon.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFA0B855D310FFA6D6.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e583573.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI371A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF08563879E389E26F.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI37D8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3817.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3904.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583576.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI36CA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3719.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI373B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3DEA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{D57E8D13-81A9-4958-B3B6-FC525A68543B} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF05345E6152BC90BF.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI38B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3953.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{D57E8D13-81A9-4958-B3B6-FC525A68543B}\icon.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583573.msi C:\Windows\system32\msiexec.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Opengl95.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690377780930181" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\ProductName = "Cosmic Client" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\Version = "16777216" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\ProductIcon = "C:\\Windows\\Installer\\{D57E8D13-81A9-4958-B3B6-FC525A68543B}\\icon.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31D8E75D9A1885943B6BCF25A58645B3\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31D8E75D9A1885943B6BCF25A58645B3\AI64BitFiles C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8D73033480118DE4ABA3DE0019A38982 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8D73033480118DE4ABA3DE0019A38982\31D8E75D9A1885943B6BCF25A58645B3 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31D8E75D9A1885943B6BCF25A58645B3\TileAssets_DefaultBuild C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\PackageName = "Cosmic Client Installer.x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Cosmic Games\\Cosmic Client 1.0\\install\\A68543B\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{EA456C75-73C0-49A6-BDE8-B1CBB88A6A26} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31D8E75D9A1885943B6BCF25A58645B3 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\PackageCode = "B2477FD12BE3D454D8DAE50131CF800B" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Cosmic Games\\Cosmic Client 1.0\\install\\A68543B\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8E75D9A1885943B6BCF25A58645B3\Assignment = "1" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Cosmic Client\Cosmic Client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Cosmic Client\Cosmic Client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files\Cosmic Client\Cosmic Client.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 910482.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Opengl95.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2856 wrote to memory of 5076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 5076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 5076 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe
PID 2008 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe
PID 2008 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe
PID 2856 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 2528 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 2528 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2856 wrote to memory of 2528 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4544 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe

"C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D245CEEB3898E0E5B983646736CDD945 C

C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe

"C:\Users\Admin\AppData\Local\Temp\Cosmic Client Installer.exe" /i "C:\Users\Admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\Cosmic Client Installer.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\Cosmic Client" SHORTCUTDIR="C:\Users\Public\Desktop" SECONDSEQUENCE="1" CLIENTPROCESSID="2008" AI_MORE_CMD_LINE=1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5D2B70AAC98DFBFAE6895D4666EA6CCE

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1BA3ABA5F15C793EFE52D6D2D7F63791 E Global\MSI0000

C:\Program Files\Cosmic Client\Cosmic Client.exe

"C:\Program Files\Cosmic Client\Cosmic Client.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf448cc40,0x7ffaf448cc4c,0x7ffaf448cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1688 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1752 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4532,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4704,i,5308839519106016478,15441687493966308923,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files\Cosmic Client\Cosmic Client.exe

"C:\Program Files\Cosmic Client\Cosmic Client.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ConvertFromConnect.snd"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf8733cb8,0x7ffaf8733cc8,0x7ffaf8733cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5384 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4738409809303236497,1352160615077217316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 52.72.178.6:80 collect.installeranalytics.com tcp
US 23.156.128.93:443 cdn.cosmicclient.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
FR 172.217.18.206:443 clients2.google.com tcp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 172.217.20.206:443 chrome.google.com tcp
FR 172.217.18.202:443 content-autofill.googleapis.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 142.250.179.99:443 beacons.gvt2.com tcp
US 34.86.82.41:443 e2c26.gcp.gvt2.com tcp
FR 142.250.179.99:443 beacons.gvt2.com udp
US 23.156.128.93:443 cdn.cosmicclient.com tcp
GB 92.123.142.131:443 r.bing.com tcp
GB 92.123.142.131:443 r.bing.com tcp
GB 92.123.142.131:443 r.bing.com tcp
GB 92.123.142.137:443 r.bing.com tcp
GB 92.123.142.137:443 r.bing.com tcp
GB 92.123.142.89:443 r.bing.com tcp
GB 92.123.142.89:443 r.bing.com tcp
US 13.107.21.200:443 bing.com tcp
GB 173.222.211.41:443 aefd.nelreports.net tcp
GB 173.222.211.41:443 aefd.nelreports.net udp
US 13.107.5.80:443 services.bingapis.com tcp
GB 92.123.142.131:443 r.bing.com tcp
GB 92.123.142.137:443 r.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 opengl.en.softonic.com udp
US 151.101.193.91:443 opengl.en.softonic.com tcp
US 151.101.193.91:443 opengl.en.softonic.com tcp
US 151.101.193.91:443 opengl.en.softonic.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 13.224.222.58:443 sdk.privacy-center.org tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net udp
US 151.101.129.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 58.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 104.22.74.216:443 btloader.com tcp
FR 172.217.18.219:443 storage.googleapis.com tcp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 108.138.233.27:443 api.privacy-center.org tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.6.141:443 api.btmessage.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.227:443 notix.io tcp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 27.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 141.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
FR 142.250.179.65:443 88073a155daa4bbe95e5eafbf095cf50.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
IE 52.17.251.242:443 ad.360yield.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
DE 37.252.171.149:443 ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
IE 54.154.69.222:443 id.crwdcntrl.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
FR 142.250.179.98:443 ep1.adtrafficquality.google tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
IE 54.74.68.84:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
GB 92.123.143.201:80 apps.identrust.com tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 222.69.154.54.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 84.68.74.54.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 201.143.123.92.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 35.244.193.51:443 lexicon.33across.com tcp
FR 216.58.213.78:443 ampcid.google.com tcp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
US 34.120.63.153:443 prebid.media.net udp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
IE 52.212.87.103:443 ce.lijit.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 92.123.140.19:443 player.aniview.com tcp
US 18.214.118.225:443 cs-server-s2s.yellowblue.io tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 39.146.119.168.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 103.87.212.52.in-addr.arpa udp
US 8.8.8.8:53 19.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 225.118.214.18.in-addr.arpa udp
US 8.8.8.8:53 dis.criteo.com udp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 52.215.131.87:443 match.prod.bidr.io tcp
US 15.197.193.217:443 match.adsrvr.org tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 54.157.210.214:443 sync.srv.stackadapt.com tcp
US 52.2.98.215:443 api-2-0.spot.im tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.49.168.145:443 jadserve.postrelease.com tcp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
NL 89.149.193.120:443 rtb-csync.smartadserver.com tcp
GB 108.156.39.126:443 s.ad.smaato.net tcp
US 192.132.33.69:443 bttrack.com tcp
NL 64.158.223.140:443 equativ-match.dotomi.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 spl.zeotap.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
FR 5.135.209.100:443 ssbsync-global.smartadserver.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net tcp
US 172.240.45.78:443 sync.aniview.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 192.132.33.69:443 bttrack.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 87.131.215.52.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 215.98.2.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 214.210.157.54.in-addr.arpa udp
US 8.8.8.8:53 120.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 126.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 145.168.49.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 140.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 100.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
DE 157.240.27.27:443 connect.facebook.net tcp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
FR 216.58.214.174:443 syndicatedsearch.goog udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
FR 142.250.201.162:443 partner.googleadservices.com tcp
GB 18.245.143.68:443 js.adscale.de tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.201.163:443 www.google.co.uk udp
US 130.211.23.194:443 api.btloader.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 3.64.223.109:443 ih.adscale.de tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.121:443 uidsync.net tcp
DE 157.90.33.121:443 uidsync.net tcp
FR 142.250.179.98:443 ep1.adtrafficquality.google udp
NL 139.45.197.227:443 notix.io tcp
NL 139.45.197.227:443 notix.io tcp
US 199.232.198.133:443 gsf-fl.softonic.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.215.131.87:443 match.prod.bidr.io tcp
US 54.157.210.214:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 89.149.193.120:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.120:443 rtb-csync.smartadserver.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 92.123.142.114:443 th.bing.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
GB 18.244.114.102:443 cmp.inmobi.com tcp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 102.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 145.160.16.104.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.21.206:443 a.pub.network tcp
US 104.26.13.133:443 app.fusebox.fm tcp
GB 143.244.38.136:443 a.omappapi.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
FR 142.250.201.163:443 www.google.co.uk udp
DE 3.125.91.136:443 api.cmp.inmobi.com tcp
US 34.160.128.112:443 api.floors.dev tcp
US 34.111.152.239:443 optimise.net tcp
US 34.160.152.31:443 d.pub.network tcp
US 104.26.13.133:443 app.fusebox.fm tcp
US 172.66.41.8:443 api.omappapi.com tcp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 136.91.125.3.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 8.41.66.172.in-addr.arpa udp
GB 18.165.242.6:443 static.libsyn.com tcp
US 34.111.152.239:443 optimise.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
US 104.26.8.50:443 freestar-io.videoplayerhub.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.94.44.225:443 pb-ing.ccgateway.net tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.160.46.1:443 fid.agkn.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 35.94.44.225:443 pb-ing.ccgateway.net tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 104.22.74.216:443 btloader.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 34.160.152.31:443 c.pub.network tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.160.152.31:443 c.pub.network udp
US 172.64.146.150:443 ex.ingage.tech tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 52.49.95.118:443 c2shb.pubgw.yahoo.com tcp
GB 95.100.245.39:443 a.teads.tv tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 18.202.87.254:443 ads.yieldmo.com tcp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 225.44.94.35.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 150.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 39.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 118.95.49.52.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
GB 18.245.187.55:443 rules.quantcount.com tcp
US 34.107.140.113:443 s2s.t13.io udp
US 172.64.146.150:443 ex.ingage.tech tcp
GB 18.244.179.12:443 hb.undertone.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.22.5.69:443 p.ad.gt tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 13.224.222.44:443 cdn.undertone.com tcp
US 34.98.64.218:443 u.openx.net tcp
GB 18.245.187.110:443 live.primis.tech tcp
GB 13.224.222.44:443 cdn.undertone.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 pixel.advertising.com udp
GB 143.204.68.124:80 crt.rootg2.amazontrust.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 35.165.193.253:443 ids.ad.gt tcp
US 35.165.193.253:443 ids.ad.gt tcp
US 35.165.193.253:443 ids.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 35.165.193.253:443 ids.ad.gt tcp
IE 54.78.109.69:443 dpm.demdex.net tcp
US 35.165.193.253:443 ids.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
IE 52.49.220.58:443 pixel.adsafeprotected.com tcp
IE 176.34.142.178:443 aam.a47b.com tcp
IE 52.213.80.71:443 pixel.adsafeprotected.com tcp
IE 34.240.49.129:443 on-device.com tcp
GB 18.164.68.61:443 cdn.browsiprod.com tcp
US 35.82.199.87:443 events.browsiprod.com tcp
GB 13.224.245.118:443 yield-manager.browsiprod.com tcp
GB 18.164.68.61:443 cdn.browsiprod.com tcp
US 8.8.8.8:53 118.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 58.220.49.52.in-addr.arpa udp
US 8.8.8.8:53 87.199.82.35.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
GB 18.245.253.100:443 static.adsafeprotected.com tcp
GB 18.245.253.100:443 static.adsafeprotected.com tcp
GB 18.245.253.100:443 static.adsafeprotected.com tcp
NL 185.172.149.104:443 ajs.a47b.com tcp
GB 23.53.175.107:443 servedby.flashtalking.com tcp
US 35.170.136.221:443 dt.adsafeprotected.com tcp
GB 143.204.68.97:443 ai.browsiprod.com tcp
GB 18.245.143.70:443 ajs-assets.ftstatic.com tcp
US 35.170.136.221:443 dt.adsafeprotected.com tcp
FR 142.250.178.134:443 s0.2mdn.net tcp
GB 13.224.245.96:443 agen-assets.ftstatic.com tcp
FR 142.250.178.134:443 s0.2mdn.net udp
GB 18.165.227.113:443 cdn.flashtalking.com tcp
GB 18.165.227.113:443 cdn.flashtalking.com tcp
US 8.8.8.8:53 96.245.224.13.in-addr.arpa udp
GB 13.43.169.70:443 ad-events.flashtalking.com tcp
GB 95.100.244.38:443 cdn.flashtalking.com tcp
GB 95.100.244.38:443 cdn.flashtalking.com tcp
FR 142.250.179.98:443 ep1.adtrafficquality.google udp
FR 142.250.179.97:443 yt3.ggpht.com udp
FR 142.250.179.68:443 www.google.com udp
NL 185.235.87.65:443 gem.gbc.criteo.com tcp
NL 185.235.87.249:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 35.82.199.87:443 events.browsiprod.com tcp
US 35.82.199.87:443 events.browsiprod.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com udp
FR 142.250.201.182:443 i.ytimg.com tcp
GB 74.125.175.198:443 rr1---sn-aigzrnz7.googlevideo.com tcp
GB 74.125.175.198:443 rr1---sn-aigzrnz7.googlevideo.com tcp
FR 142.250.201.182:443 i.ytimg.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com udp
FR 216.58.214.162:443 googleads4.g.doubleclick.net udp
FR 216.58.214.162:443 googleads4.g.doubleclick.net tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.201.163:443 www.google.co.uk udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com udp
FR 216.58.214.174:443 youtube.com tcp
FR 142.250.75.238:443 play.google.com udp
GB 92.123.142.75:443 r.bing.com tcp
US 8.8.8.8:53 75.142.123.92.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\decoder.dll

MD5 dca95f4411a1c7eeb221c095c9ef8196
SHA1 b6e7053dd667cf6b75dc08bb9c1b5fb0db403377
SHA256 51e89bfa578fdcdcb324f5caa2c36c5cc8f1dbd73658bed39445c57c722b91f4
SHA512 c21351975426f072f8c2c601e0cc88d66813e855a8537cabaf5ab13e8416d36278253a64d84654bd44ca80a912fb48d35787834c63a8275d1265bd435a84a0e0

C:\Users\Admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\Cosmic Client Installer.x64.msi

MD5 d3ecaa109d218560f01669fdf2ac1e6f
SHA1 1172963e65423d143acf801caa204a7009ccd495
SHA256 2938851b5a339bdb25b4a255460cfde3739fae15bad38a9f6179676565935e73
SHA512 bc0d52685f1451cfec30877d8dbaf71d9115926a901db8c53b508ba38971c2791076a9fd5c3592000204108afc5e985e7a2bc024b3ae3f9d9e0b352962e3b12c

C:\Users\Admin\AppData\Local\Temp\INAB612.tmp

MD5 98f245e028c22b01eb8b03d4ae49a691
SHA1 42943391949ad55ce97e67d2866263d05f2a76df
SHA256 0ecdaabca537db2f69583be76bbb35c1ff1dee8528caee4d6da627b79629ff20
SHA512 2dcf6cde6f160b044f15f707cbc319e95eca8571272657cf70f244264b7127442b286b2504cbc83106c28133a156d0317719278070abe87f5c8f2e6c0850051b

C:\Users\Admin\AppData\Local\Temp\MSIB653.tmp

MD5 f21b7303582dc0bf18fc734df1245043
SHA1 306de4746ec0fa5fd6f67127060640abb26f2a9e
SHA256 58e954de5dbec06179e7c749f321555520c8fcfbd9d3b05cc2b0110573a507d4
SHA512 0170f83e53e28ad09dcf00649aa7e4c3d9e8cead49b54971df594c60062f8f4ed5b3c18588942fc038337a1f2478fb039e213fbadb55fe5091fdaaf28d9911b4

C:\Users\Admin\AppData\Local\Temp\MSIB6E0.tmp

MD5 a4dc5a2f1ec789a2d113980f2f104497
SHA1 5202b40f78daddbf2614d58bcf9eab6d505f5e97
SHA256 479a7e0f97f95193547cdea9de3637ec28e815527cefaeaf03ae3319abb61c89
SHA512 3b793f203030321e61e4caed8752cbd334bc93b22948cb51f1b1563b3dfb063689f3aa230d07043eaa6bf9020def0d2695012d622291285f7dca90b0a08ad3d6

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2008\DialogBitmap.png

MD5 6510afb538382b7e753e850f9c0c948b
SHA1 072b34452fb39ba802cb0d7a421c6b93d662c3c5
SHA256 b54b99a43de5f00bd8a1b304cd2a2a174a7782f57a28833e3cb05ef10ddd6d59
SHA512 929222ddf5a2dfd1a229fcb1c13e440136f2ee43f42f84a52db93ddbf00cba64d9df9a5be217efcafcde35ff55007f5b6315b880a04365907caab6dfa2e89545

C:\Users\Admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\tracking.ini

MD5 a5c15ec53b7f485b47873c1dd022d826
SHA1 0e1bf524d90edff2e68e8d6b840d90c63fe6410d
SHA256 62bc2d27f810060df5864c17f9a0da7f1edf8d4e3784a755491e8444b79d3af0
SHA512 13ab7b48ffe97ffef5c9d00c0cef7e63f045996aa731c9b24cec2bad5fb9de5b4915431af8e061d880e1383ce5778e04d922bc8fcee3a886f7e2e3fbf108e360

C:\Users\Admin\AppData\Local\Temp\shiB960.tmp

MD5 9055f8ba2eb52ec3d998d9a10201227e
SHA1 bbbb67ed2c844f6b99824072a615317596ebe5cb
SHA256 be69a9ade29f36d5da7aeff9dcfc521cf226b3b8a9d99e465be9db3cc56143ae
SHA512 207b8c264cd73ec983ee431fd7647ab6e80d37bd3aec0a6ea4474540607e77ea75d8389cea20a18b7d312dcefb71d630bb96895793c1d106bab0f590a56cb7b8

C:\Users\Admin\AppData\Local\Temp\shiB94F.tmp

MD5 f3e7e0f26f7b44239f025e014ff7f67f
SHA1 6ee448271f8716547147674ced00c9c89c8270dc
SHA256 796824b4240d8ec77e739d4611a79ceda4a9b618143b2c6a3d0d12f20053e1f3
SHA512 1a590c313b56bd04e8f945650a13600c9eddc4bc33f252fd7eb8a7cf42ae285de906c93265e962229326dd24279db658351e7fff6446536e374a74c12f33915d

C:\Users\Admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\{C49A6333-766F-415D-9809-7D7D90B12403}.session

MD5 cd3e349bf9ec44416ee7321bc65f04c1
SHA1 bb41f662709799dba3a282d589d22ca9ae7a9b67
SHA256 d432ba7146e54af40d25307e1f6b6db05193c1b1fe258932788ab925f04b8fa6
SHA512 82e2705d0323a138057cde58abbbf4fb43bf7bb0152d5d75045a83eed5a2d9f8541db906326b8be937a2b5918f4f1990d0a9dc58d58232fd70093d4f963e39f9

C:\Users\Admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\{C49A6333-766F-415D-9809-7D7D90B12403}.session

MD5 8cc7b4423c11110eeb4bbb3f8a0a69f5
SHA1 b62559847c21ae9f7aaf888e2cad3c939a5f8a6f
SHA256 9a2e9fcf1efb87751538ef70739dca3ec57067a55d4f95b7ae047a154e89bef7
SHA512 d0c8bf0841209808b99dff6172ba055f68b1b54578fb30ed89f1e157a72df1040434501b0c11aaaffe4152c3d2a4e25038434f307045eb3078ada19c2da5227b

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2008\TopBar.png

MD5 791bf34ca5eb766baa804907e5be0a02
SHA1 f1f2e77d07f28f30e0c8a8964d8af2aaf38883ed
SHA256 d013f617a1e3d0f204ec4a7b3964a3d11508f8ea22b7618427ecce243f70bf1d
SHA512 75bd2a214d9a4a0e5c8a1e58df29531989557bf4910e452fe2040f3e24904b7ed6b0aa65082d01eabade91819a60d51b6058befa618bea9032d453341bea2532

C:\Users\Admin\AppData\Local\Temp\MSIB362.LOG

MD5 bc10088f2f400c154b525f87f21d48f6
SHA1 f4a382ff81b8b07953810f104ae5fce51f02b7e2
SHA256 2f030b5d8584712e2e91e339492d884dd7441cbad6ec4b70b161b452fe7bcfaf
SHA512 71da5c1e4c2dd6e499712376a2e0cac29cb34d62ad6abeb2b78a1e6bfc292b71dff7cc9db9fdf4a47e98eb0e0bb29d557099f1c268377d8ae6da798d1637eab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBF

MD5 95c5966efa1ea4b64becfc7c9182d727
SHA1 2288ecbe17e1d895b4a34671079bf1a636a54f01
SHA256 d9b309c6b305b87cba6364e80ca7c54c0930152ad3579602666e4178acc208a9
SHA512 89e0da2aeea8b0fd8ada8c7e8a970907c0e242c6aaa5db151775427fc503c11c63beb4316302cfab03e1bc7be7c68c0b3049749ac781ad6ea4e09d99cd739c0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBF

MD5 5c9c44e09793e7d9dfe322421cc6155d
SHA1 83bc565991a1ea7012c2cff6951b337b68b8cbad
SHA256 711ffc933b7d5e909ce29a20a537e6cc99bb3af4eec082bd523e2ea5155174a6
SHA512 466ff4555946b2ef0cdab0574881deb5d93618f9ae14f5b462650e6ebc901e5c2c842ff5c0e1fe19d896379e4291c314deb3ac8da75222db1c5390cccebc84d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EC49180A59F0C351C30F112AD97CFA5_B1F00FA1D2ECD5D781E44CEE5DF6C96A

MD5 44d46029015d0996b479f07d340def97
SHA1 92fac9272660e411653eac971c2fa1561995b4b0
SHA256 6a4f5ba8d514a4e98a94bebfd66be04c93d058c9d311507c5ea0189e1ba54b24
SHA512 580a3949181bcecbc64eb205b07a36331009a408be7899756d7a58a2874244e769526670e6bd963b6090930b49f0f030c62632d88bd2cb9c59e7010b4812ae8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EC49180A59F0C351C30F112AD97CFA5_B1F00FA1D2ECD5D781E44CEE5DF6C96A

MD5 bf71a46d24fbef026136eb3a5a2bf22a
SHA1 d4c5c43d305aad1d99119b5668123e49c8e284a6
SHA256 dc05eb6aa9e74bbf85c981effb1e3216698e68dbdbc59a09e3f03baab48e40cf
SHA512 54303cdab0add3af60fdd823265a8f072b9c47906f490dca523119927420e9dc2a67ea3ba029631b559e13e2b180acab5082e5e0d43fd059f52926c834b99be8

C:\Users\Admin\AppData\Local\Temp\shi34E6.tmp

MD5 b40e4304f279119d9345be970babce41
SHA1 f76f5b30e7c333efcba1d4e19215ef1fd21d6943
SHA256 06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7
SHA512 ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299

C:\Users\Admin\AppData\Local\Temp\MSIB362.LOG

MD5 94e770d93a86e58223c06f0b2937b669
SHA1 fe12b45dd34f9c34bb54baa243732a506980dab1
SHA256 6c13e1ee5939d58c98ec4dc70c1d103edfa31812c3c3133e1eeddfe0e1538db9
SHA512 093e833fc347729587888ae559828748f4e48b0fa26f4e422f07ccc11cca2a221769077124362ab150774ada9d00c080d3eb10f8900de5d5e11811f7c1a80c9c

C:\Users\Admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\{C49A6333-766F-415D-9809-7D7D90B12403}.session

MD5 0c13c16cfec268dad31a19f6dc9df9b6
SHA1 281f575cea903fa06eb62ee7be29759d1cce5096
SHA256 54a1bc769f80ce214eab07383551ad85d0e72ae4eda9d17af86e8d4115d6ec78
SHA512 b6443eb5c46a097efae9704ee1cf6b1266991787c3bb8336512d9b8b236a5eefb3d10820e9f3ae869a070addf540930ee85059221f1ad1212af14d9788a97257

C:\Windows\Installer\MSI3904.tmp

MD5 378a7a638a288c872eed3af1d0690e04
SHA1 73ce4b56c5d2cb0eaa819caa293f1ac88794e4f5
SHA256 9cb59f48ad2bba9765282f52a62a820b3c2a541f7b66a7073a52c7b72546b5c8
SHA512 29f91f4abaecf71983bc889e72f6541dfe7073b1b2b0431b11a5d91d57bf03cc36fe2c247e2aa904b15c491f05b4b2a72a240ab3f461801af5158066e5c1be84

C:\Windows\Installer\MSI3953.tmp

MD5 b66e907173d0227148df492b2b86d0ee
SHA1 d67fef2085072e5bea5b3ddc3c418f5b3498c190
SHA256 4caf1985dff85af2b2644a9a464b0c237852b375b24da600db5b19a7bc745970
SHA512 f0315f0095b29b9bf0193e6ef322fa5276ac38e208abb0daa10f577443617a780f5e8035e20b331eb54191400c3da64fdb8233877200379a9e867d8c6c6c7052

C:\Users\Admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\x64\Cosmic Client.exe

MD5 1ae7fd67f161a54e42cb38467eaaa074
SHA1 4422296214fb00af482d996b496b66065045cefe
SHA256 65c17e58b495bde09cadfeab5bea5d7a1200c6bd1ba1bacab2529b62c245e28e
SHA512 5fda620794ae8783b337bd7da29f4d601d9c0f21816adbaa1d460073ad92e7766b2ed0cfa5cddd99cc311e3ffbb5ea3ce78d877b63e9d2cec52ca44404e312e8

C:\Users\Admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\x32\Cosmic Client.VisualElementsManifest.xml

MD5 bcf3b44f1bb63ee4d851e7e447d4122d
SHA1 22c39f88bca33353ac57c83f8cd144e5a99a4441
SHA256 1cf413e8a073162dfb9ea5e82230949bb52c66b19e591a5ce18dfa36b4676838
SHA512 aee62b9c7a5fb494d19f163c27aec1c849ae074e67e8607e8401d26da9b127b55e0a1e05d244764601a065e1daf59635376f876b91215dd545b1457584eb9c41

C:\Config.Msi\e583574.rbs

MD5 390a69a3347eb2a80340a26069d79066
SHA1 e36de3d34bc9c968d15157145c1bb22e60581b44
SHA256 535a0469d7d6c02cde6228480413ccbb8342f5c5ca9de612583c348ba3811827
SHA512 68a8d3f2af3965f94b90cbf6a1119216744156ee7c06f3ebfeb67e847d2cd2654b2fe64b45839acec4da5490a62625869823e9cac3a70c45849941e9bd3da57e

C:\Users\Admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\tracking.ini

MD5 783cb5293c1f31ffb1db5bfc59ad7268
SHA1 5db88ade3f9f85ea7989b93830fbce2c176652e3
SHA256 bd6cbd8d540bd40b8fe6a27f13bd6c1a421ab1eaf6def9a780c647340bbd1c60
SHA512 49b2a59d390be9ac45a30e9279a6df335bdfa68683fd1349771f3dd7cc8dceb39539f193e7794475a2f0fbbd7d0ec485932b214bb01f211b211c80fdf4696dd8

C:\Users\Admin\AppData\Roaming\.minecraft\cosmic\bootstrap\java\legal\jdk.random\ADDITIONAL_LICENSE_INFO

MD5 19c9d1d2aad61ce9cb8fb7f20ef1ca98
SHA1 2db86ab706d9b73feeb51a904be03b63bee92baf
SHA256 ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9
SHA512 7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

C:\Users\Admin\AppData\Roaming\.minecraft\cosmic\bootstrap\java\legal\jdk.random\ASSEMBLY_EXCEPTION

MD5 7caf4cdbb99569deb047c20f1aad47c4
SHA1 24e7497426d27fe3c17774242883ccbed8f54b4d
SHA256 b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a
SHA512 a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

C:\Users\Admin\AppData\Roaming\.minecraft\cosmic\bootstrap\java\legal\jdk.random\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

memory/2436-1330-0x00007FF65ED10000-0x00007FF65FD9E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 51aa73fe7e7426f534eaefdedbcea641
SHA1 91c02ec571e4b35859d3f58a20b45c1fbef28c4a
SHA256 7f8ec938306c76d67dd4e446724ba668a020967d14e1b7588e1a129cb7d71cd5
SHA512 62d4c5c29a4f2af5df4e0161a71c381d0e51acaaee6f94d5f6c40e752783de2ca7078a6af2466020bb82a4914f52647e394f13edde2cdbe792477b6cf6d56e41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5318295989fbbca0f839702f9991a80
SHA1 0a08da73962f42c661bbea00c6135772835b79fe
SHA256 0bfe7daa092fb98a68b773ec8bb3c04f4de63604c02056e097f9bc7db8d8e2f9
SHA512 221d2f505cefc7535c422550e4931656e72739cce53b62fa4434778e48b709f0bec676c927ebdb94f696e1d76d507c71070d1edd61acd514e6a0500ae5fa9ef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44d2c275-00f6-4b18-9ebe-17fd4a15c9bd.tmp

MD5 d1ed57b777bc35e54fa67f0705e792cc
SHA1 21c3a1510e04a765287d646e50c95cb6003728d8
SHA256 4b5d61c7e50f66397fda9ff759119a2ad271c3f11f6502cb365bbdad4e410bde
SHA512 4f783c77bb20a5ff2cc2fa2d7961ad0f78c0dbe8e6b2b021c0293df79d7785a2658c523a66b43622d22c69e0289e5484ebe62f5555f2800cfce3c91f0d4818fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 49f47a12beb6631028d09aff3004590e
SHA1 5a6a8c1d24c91bad4172ad8dbf3df38a6436d177
SHA256 713441d1a96a95577616bba1ad29c123b5bfd68ee1b50b15c2d14f8f88b678d4
SHA512 ba70c370ff8255718570cd503d73c31611edf7bae9fdb4f8deae72abca5c10808e4d5668f1b7754b855f37f44e228986699c6c837e64af6a1f55744df2232d8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0059098b9c4a042c11c61f28559b430b
SHA1 5be2c7b36ec5e588024f81f89e1750867ecf212c
SHA256 744d8675f1ecf5ad3293a244cd0ab48c7b9414a7c4fe5362dcaabacc58d274f4
SHA512 388752da7c8225cd8cc8825b3c667000688b4bd946bc85f28e92e23592adc7e3ffc3e60933fe9126a40319012e21e83e4e634320b1c5d4869881b8b77a4e8f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e110418ad9781fe9e12f1cceb2092957
SHA1 a43adcc8b930aa8e4caf811fa1af510dc7855c21
SHA256 d0208858f35c2ff5ef12f0922e2bb15eb2fbe27c56688ffac815012763fa734d
SHA512 788285e48d1bb03ea9b18dcf255f8ef5c1b3313064ba51fb8dc7ec2df597abb54950459c2e24bcffcb0ba25d23ab7c90b06b8e32bcc9ffe8c99a5a089a50628a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0699120df34a6e88f7fbb8d8cada1d7
SHA1 76c064c727187fa2d3921d0e9bfa1ec160988a6c
SHA256 e2ca873ea0dc519c1b65ceea9a2c5a98f45ca559240634d91f08346bd76de855
SHA512 59bb320412b5e8c6a7f8fdded5b50e6596c60252dff74cc631ae2ed0166ac2df7afb633c7f93ad91c15b8fbe4a27cd5c6811c846fc92ca5161b0698221a949e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c026f6d06aca68c5591a84b3298622f1
SHA1 e75d005dd7d43c074e7ffbb92607edb5b58b5fde
SHA256 7dd35019edac269be5696a7d2ca838113f8bb8c52c196c76d4e437044ec73405
SHA512 7c9d7e5bb6a315c830b721061dc73aea31f8a23db6dd7f86e043a4e053a4c8dcff4337375cd2ba88d2fb4fc5879cc3c17542358354c066fc736954a0a6467bf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f53f5b2dfcb466be5e924a200f5c6d77
SHA1 2b9b7d7be410335c57210aa925520be5896047e9
SHA256 cac440c47c064b1dedaaec17d2bea048b017349ce924706a7b13cf28ec968393
SHA512 69c3202994dad8c67dec1994a32bea87d655b1c000ed6db3b24fa2521b0e12fbbee86826898b83889177e05f7502cacfae729313c510896bef49097f69fd2816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16ea4ddd5d480135de04e3fcf91e4ec6
SHA1 dd807c0304a4f06a823c397863fc04321b97f5fc
SHA256 05c56f36b3ba071bd406b2e782ee31facd8c4d4b4bc895d06d52c79a2622e28f
SHA512 8a12b53280f94fda6cbdbfdeffff346b1ca09b980b43f1add01a6b7549cc1e352b1e66ca37fcfa1495bd3b808de076c1a74c0fd88eed78605dc6c58fe4cc1bb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15a8f38b9e6cff8bea27ebe6fea25dc5
SHA1 a0b3f753ca5a86dadd3a557347a1efed7478da9c
SHA256 7aa4b514a8e13ccc3f048c59486f7404fba99b2df18be19aa56b56ecf1197e14
SHA512 0451a08a557193306977254de7835bfe4446055bb20eec97995069cb38157f2ff638b92ae36de1637587355e1a99a8b763b0347f8f97028453bd7a656f972652

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33e44200a085083c941f3a28fa4890e1
SHA1 b38ffc839506cdf1ebd03f82eb44b219b8ac27df
SHA256 edeed0d2bda4fc1c09bd657803067036ad86333a31f649047297b00a2c919bc7
SHA512 51b0137e81587ccd2f2dc5bb917741ab46901d8f34f3e6a16e9b0cccde2a61d180359d520d34ada4ce59ed49a9b5550987387ffbec2bb97d6ebaf419c8ad66c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c6ef714780b57229182e15d570e08c6f
SHA1 05258f025bf92e5936a13b3bd0b22e1a808c4e75
SHA256 cd2cc579a49056964fd0fd289948998040ccb9b5e149b9ee7479aa762a176e8e
SHA512 a2558054e2e302c0daa3f0da62e21c26bf22ba6e558dcd4304101414f78e1149c50995e773cbfdead27a1f8e96b45c4a9f8082b967c6a31925e0625512f152f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc7abd25b5de5ec6011415ee84b4e6bb
SHA1 9557a933123f5a1320dae328f25cbd1b4e429762
SHA256 7aa338406bfa514708a87b3919e450500b66924df1019df2fb6ce1d0570e3026
SHA512 132cd7cbfe5f7b185b7ba7664848ad7b599c845e72b2b4e395fb9ecc5cd004c226f91106352e575307c3e281eac9c4c430ab906894c04ab5f038ece55de9266a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4a99d4fc57e1b9c865c1e8acc8121123
SHA1 ee931ecec7107e0871acf2d294914ff5818efc30
SHA256 352bf09c6e278460fc3b5af502f65ce599070bcd83ebe541c484b488ef3a5b3a
SHA512 6913cf840f7df511f9814fdb5ccaf6e4ec24dca1d46bee54b6feb1c21d884e6e2d3fa8baf7ab9fb0e344c1b9a4c75bf4db340dec286cee558ffb5d1c7ed55a7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 00e9284c93929a6811c9572bc4146e66
SHA1 11f95d3f1c276b2a1069040d2cf99aaabd550380
SHA256 92746797757d1a6d2b173189aa51fd2bffcc15e3a7fc96717d8ab3fd0c4a1b5d
SHA512 10acbda964d8f2a22e3989377ee9a63a279ad3dde9b6558f9eee06f63eff341ecf78b56d1d03aa3bf73f4ac436bbbf61726f67e3fe877087f9c0206773b80c29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bc8b266140dc0dbad195156ae235aa3
SHA1 772ec0226fc92bf1b5b52ca483305175b39ec772
SHA256 e99c25bbdd2c83a30bbdc2b3a3af4ee5144baf884432a1260b3b2eab9bd51234
SHA512 4d162aa4b446d04076afb447b45174d8f2d897e233e0859f95b57d8858182d785c1b1388d4da3bcf56147cdc1ee0653f344c2781dabbf0a1222c82540acb0878

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3f469c74301ff3167c80bcc133a9aaaa
SHA1 fab1b860ad9122a31bb79d09b92370c73896149f
SHA256 d286fad0662298491fcea4885d46436a3f2d76189bc5c6026b31117bb1d71958
SHA512 cdd643398e0401d7040d0943565358bd297edfe435a8336b8da8ef8e6170ae66a5c3e98e98a0f926ac9825c3efbb1edd485ad83e65326e48d3330f9453a4dd5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 0889ed8e80aaa55b5d49fb707d275349
SHA1 1f6a3b3b456dd36b5212213dcc21cf6211686a9e
SHA256 a3fab88f3842a24549906243f1970dbb36df425528b4d0f16fe865377d973348
SHA512 b854b13d42ebb0f0cacf19af3db9975429558b27237c12226db53b25141b17cffcaa1ad0dff727145147567b40000b562341985bc30404f81f4863331fb4dcdc

memory/3912-1624-0x00007FF65ED10000-0x00007FF65FD9E000-memory.dmp

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 9ccb891f4429ef66f5825fb089fe3d46
SHA1 1a7147fcfe7e3e159d419323da73330884d66452
SHA256 b2ecf190818dbb8aab82d403de81bd5738e535f010433f182a0a539858cd0f3b
SHA512 a2ec4c57bc832f89d669ac6a6c35abdae90fc34635215172d8924740b47c3a6f0549cf074503d2a16ef2cea4d1eee1e86e25d4588c115cf9cfdf4126ad012e85

memory/1528-1649-0x00007FFB00F10000-0x00007FFB00F44000-memory.dmp

memory/1528-1648-0x00007FF79F060000-0x00007FF79F158000-memory.dmp

memory/1528-1650-0x00007FFAF40A0000-0x00007FFAF4356000-memory.dmp

memory/1528-1651-0x00007FFAE46B0000-0x00007FFAE5760000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b0177afa818e013394b36a04cb111278
SHA1 dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256 ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512 d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9af507866fb23dace6259791c377531f
SHA1 5a5914fc48341ac112bfcd71b946fc0b2619f933
SHA256 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512 c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d686a57288adfa67123d16a481f23d1
SHA1 05f1447c8a9fb283a2494aa0f271904739100af3
SHA256 89004a8ea37d6318f4ff0c51fc789e9a38c260f19a524ad8342f8ac810d33434
SHA512 95b304f05072f552d85e5ada7e1ecb720f5dd6293a4d932479cc16ea3557444feda1f69a12d048ad7ef2c2146ceca865c392ac912d302c4b164d132ae44edb64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e558ce030993fc24c0bb8125677306e3
SHA1 9ca43884f25e9b9853e376aa4979842ac2cf8438
SHA256 32844e8374ec7a1c360c23ed8b93b0bef11bca148be11d9b5c059626d0d06a41
SHA512 2add7d81d85b06f3abb32673cf7ba92972cf7182154506640da5b797d990c83d0f00fed7b48747824a0029d03102681afef01e2bacf6b8e8c32e4d8804c0bc95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1534ea7f622b9613fe5b0e036bbb74ff
SHA1 ac1feacc84eb9c1692fb45a4ceda83b9498c4099
SHA256 f18403011ad067f3735dab72ee8296be4fab8de1302e38f847aad7253dbc4ec2
SHA512 73043605044ba07e8515a70793da43ae391a44210541f5dea76841a3d0aa07adefd93ce32b28fa97825551a14ae8cf089a547e5bd716b90c08765d4ab107caff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b5e6a19b85eac1477be231a34b8bea4
SHA1 03361493c33e1f69bfcd83131f0b4f85f94d4806
SHA256 2992b21d4eec02706bea4f33044d3408d548363c89829752e00f5f9e18d6ce3a
SHA512 28b435130afd60fd9e7c2972f737d0bdb0cb00459171868f2d92bbf67b6dddd65b44ccc55049f0ca360919b6b355b584749b6bd3b5530eb95ed84bd5dff77190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad2f1.TMP

MD5 06450d87b65cf38789f9022ff4acece8
SHA1 c31b60cc674492f4acd5dcde940133086128e03b
SHA256 7ccb29aded2b7bd4312ab4723a6a79a54b994d2e21eeb72d07759713a347f571
SHA512 b7b6927223ccfbb883715f05470e9b5e480c72096b6efd9492b7a3b8af091f9ab821d8a0ed615d7a3f1cf113a648d85e97083daf3af639336afec41f6bbf56aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a44ae172fbdcae068945d5320d56270
SHA1 fd45e31f74bc746e89d3b97cc3c044837a61cfea
SHA256 0dd3703fd649d106ec159f6f32920e55449b308e17d9296d5a3969711eb888d7
SHA512 ea81ec0cef807409eb49d35d53d34a3464c5762c8f0a8bd7527fd9bc4d8b22a2631548b1d54764b5f2feddeac374436396495714b4a5e98bd8f168f7d13c6ff5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 e4cc1ece2f2425b10ae2ccc212c1dafc
SHA1 92609e6d0093693110baa23758382889bcb30da6
SHA256 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809
SHA512 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 8266eb9d769b0040c61f9107b9233d0d
SHA1 7d84098b0f5a6b1fb73333838e071558086938da
SHA256 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923
SHA512 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c524f2269e2d070ee22b878bad8e949
SHA1 0c1666d1f8862eef2b30f7caf534f916698bdf27
SHA256 66cfbfbf097e49ebeae4adcbd151f4c989a8546bcddc8fdef0f0e0d4edd39736
SHA512 08c217c7e31627f9dd08fe647d804bfc5d2de7e8a8e77afb43d05931302e7f9a2214d4abad3f847bfa70b403cea3439c647c7acfde4d13365ac5760fa74ef2a3

C:\Users\Admin\Downloads\Unconfirmed 910482.crdownload

MD5 edb0a9c371be828d2b5d2e90c5c89cb3
SHA1 77bd14205694ef7901f2c19757e0b5abf51c489c
SHA256 a84f934eff0f0950b8e6f6df6f121f5107983df68ef42dd3e12671944e95c6b7
SHA512 072738012ba60faff263c5670cb6f653833abdbd5673fc1aa96fed5aee8ff7edd8995052e1c779847406232a6457083ac2ee58e6666c479e33e4cf035c9c08be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f1db54ec9bc0907808119093889ee6b
SHA1 5634742ed00846416fc79cfbdd14c3aeb667a632
SHA256 a982fa563a7dde0b537fac374bf8442c4cfa8adfcaf6f5c826dcb4d14b9a69a9
SHA512 ba60a11f6879b10aff3e6021f591a5d3bd4802a8c5bd10023851fc1ca284acbc50875643730cc9645bc21a926adaf824871d8b32b853de6e8f776d96baf66cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ab68a1e79619f946173d8111e2f6beb
SHA1 2bb5ed4eb7b344dcd817800913be3fdc6dade4a4
SHA256 4f758093f1f455c8be300954daa1242922a0cdc21af84c8a7360532df630fbee
SHA512 945746bc92c53fa2881d13b10e2e128c74f0e5e20e4765b477ca2ced472241e24e654f471065d16f9dd97389b94c4ef4e6da8b0e1335ce72553c0faf230b0b5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d64cc3ad516fa6535a43db5672a4175
SHA1 54bf452054f1ef611074234ec479db2fa3d2686a
SHA256 a244e1f2d9f36c37f3278fb6469c726c73a5c7dcbbefbe9be068990c747a034d
SHA512 a20cf3b55abf4fb7755ad89bcaf84fc6bcfa522e24159d865523b8298a18c7416ddff9eb15e7088227c7341680f79016fae604e5a072701ad723f267c8df94a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fa6bf77d5b6cc0ae6ad05d6f25b9103
SHA1 10dced953e7142729aafb56c3cfa552690900641
SHA256 d54bb7925533d2c63ae692274d886171fa5224b29e30fa0ab2f10e2a46b94165
SHA512 140e489a54944b141f500ced8e06a9983cac2a4004a528650886c6d7404c1fe5f42bf0f40c3f300c36b616dd5d0e8be4e2ed4a9ec6b90f8436eada1a403d71bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a6c851bf4643f7b814cde5df4d84534
SHA1 ab190ed6c90e916283eab4df3167018cc76f7eee
SHA256 52953f7d747bcf320dc455ff0ff043d9ad7916057fba364a86c08eeae703fc46
SHA512 262a2af99cf18955d2821d810940787dffe539f8dc5f739e5f5b2e05681a9f88a79506fbe8f625480291dfb7fa7bdd12e2a4fcbb14d1e1a94a1660889e262b29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 60f8cd04587a51e31b51d1570d6f889a
SHA1 88574c41d0ab81721b275252464da5c7927a4835
SHA256 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb
SHA512 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 ed124bdf39bbd5902bd2529a0a4114ea
SHA1 b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA256 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512 c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 038c1f469deb6932520d09a340856ebc
SHA1 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e
SHA256 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451
SHA512 fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed5ab59fdb68d9cc92fcbab4ff75d9b6
SHA1 22022321a163cf19be5fc52889fb0c2070f8c1e5
SHA256 327269c64ba213307f6e24707545a6f785de9067a6443d56965a7eba53ecb2f0
SHA512 70d404708f07d50bba9e5e4a4563f0aef753e3b7fbe7f38614997df070d926e0f96b74c6cadfb2d7e38023952863f5ef80317a88a44daa27fd6196104321fd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 82dd36b20c9ead36a4a8d61b53babe42
SHA1 a073d9148d6758355228c8f0eb4e85d6615ce03f
SHA256 12058501f2c5921721a18f7204228e9adb0e99b55f7b4ea622eb26e7523e7080
SHA512 9a90b1d055f2f81ef540fd33953123c73f1316ccd64df5caed179a619a74653008cad8b347df2f556839108aa224497f67efbaf71a9a9a5284eb222fa5e582a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\273eb4a783b63298_0

MD5 ae8400a41acc1beaf3b9e74b0c29a126
SHA1 25e7952ff67a4601d24055295bf5ef71409b7ded
SHA256 901ce12a88ad8665e72423353445b24aeb0e4a3641f24ece53f458314be46674
SHA512 2dba9ca0d1001bdfe263f4e7e3e15656692e60b8ea8e45c822218f36e517b1001e884be552dd63cfa9911b647b05fa44becaf2fd56ff017a19950295b4469362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 e4238a28c80a41be3ebbe4a8adf48ade
SHA1 71f547f182abc5975b1a4d23d8af09b002a55415
SHA256 8fa2a0a5a9b9ce281533a0eab7664952472bd69f0db702391178d458400d4572
SHA512 62c69f88c6e0f63dd48be7c9268e8d616cd8c0bcf8731e5b09aed145e9a52f3d5c3c4905c41ba5bb790827a66820a6f9aea2a71a41c4cd8d95636452056f09cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acb6e842b124c54cb031d89582e9fbbb
SHA1 53a13a6eef9fa8a952e559dbd1bbc59d8c2aa6c5
SHA256 fd5adadf6c00984f2393e5b1a20bb1773c06125faf316246e296d52369f52963
SHA512 ee1a6ffafe047d5d7e53f3ed7aeda601db48ccaf64027606463bce716e0342cbf61cce3bc5e799a240b750e773b387c64ca064f67a791996bb8a923b82007346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2b9167d2af1d6f65f56ecb66e5eab96
SHA1 aac4d5004d60d05d75b25d5409b154276eb06af0
SHA256 587a1ea0ff1c7e3639272b0e28611860547b56983369f53413bce11b326017a0
SHA512 223fe44c03da6b1524ebb1aa6f915021fdae7639ed38e9ee6fa1399ead340d5718ef2eb13b4d3689aa87c791032f6756bb28f8c5c2bdff50506504618a0a0ea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb5cf48fea125a65565bd7df94ef4f49
SHA1 23a5418865e7acb6fcf6e588d177b19ff28cfc2e
SHA256 d5cb22d99157f4b8f9f4fbd732c8155c0ce47f29d1ed7c5a7049c349b63a59e7
SHA512 14a22df50de8dd5480987c0337d3f8dc68fb4708e3f0ed24c416fd7bd5ad2f0b3d65918514df6d8674e6f2ac9b32cbaaad821e121f3127dab7533edba25740f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da997d4b294ede7731a293ddfd5eced9
SHA1 986f36b173109fba1bdb153545d4a8288d2f1eb2
SHA256 decfba48cefc13fd9cd982a90e788d789eaa1c82dddbd89c5ca72812c346e331
SHA512 a1841fda61ba3dc9247f2515a148e66e746147023c99ecebb90399343f3d8a40854c4d1feac4eb3f25e1adba431c6169c9c7ac7f5f26ea351d3f6a27de64f518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bda9831a580a081175aa2145840d93c5
SHA1 22bce79aeb896ddfbee7183ef782ba1b415ed19b
SHA256 31299933969e0aaeb0168869b36de8adc6db8dc0990c3889b0bc8d7a11ee3163
SHA512 fb938261f860cf8aaebffc71bd1e872f601c07d08e6bdb5954afc30d683d4841a3d971d93dea9fa3bf6a0c112c5c086bc731193cf24b30529e47c0c10b7c0edb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0d2283b0df70bc0217118f5c6d1fd836
SHA1 0aaa2e0daa0f0671fbf7817e222fcd777be523d0
SHA256 fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb
SHA512 16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 bc2a0b079634e3f46f0a4c571885acd8
SHA1 3a711b7135582edb09cffc9ca9e7541399e3cd58
SHA256 4c6256e6b242b944801944e28268bc463ca9023aeae59e5c5c83037f693d64fd
SHA512 357a3c860e81ba963d2bcdb402fb19ebc3aed45f14e68b7079b65ffe7941aa5114315cb58cb3a0d4467f524287eb3dfd00b369c89c8e152833c428d8840ca377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35b5747274b439400cfb4ad05975e12d
SHA1 54f955785c29ef5238fd46da72c1688a887d79dc
SHA256 a312fc7a0b2b248a88cdbfa7de0affa201b60bf1c42d4d6f60a114ea2ec1a890
SHA512 09c78ed2a92ca9fac04a4ec34b3ca056e26f9550c4135132775ecf0225eb11b2a6ecb5a5fd6b45de9954908a4ddbb02b3f8060413d11eccf2d17a9b12407f723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e6fb48568d97382a966f55ada07b62b7
SHA1 267eb3a01555a383ea78a3a191e795aefd3e6ee9
SHA256 93ffd422034902247cdbd80355700931a664256ad0f1b8f3d18044408efcd8f4
SHA512 6aa542371900b3634e262117542b5efcdd92c4b430078e980f29f1fe2b4dab210d5aadd07fdd16250252e5c8e3f08b7ce3d42af3e47ec2252e218599799a0efd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c7d82092142c1baadc33d5887f6be0a2
SHA1 25113c89e0fac986d3dfff03fbb4e24b558d435f
SHA256 d7e12618b44ef87c9e1c848e441b2697a5386b5531225a50fc578a92f5248266
SHA512 d6851be51a89e97f6be4be384ab60cf64d6ae753d4ebd51893ad604635c4b2b1327d6e15c9b18caec7429b5daf46da2cb586d03a74396c6ee7d937c3670c5b6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3087afa7c1e258f3ef5e8af187bb1306
SHA1 1756fdddf60364a1bafad3325e210dc411631fc7
SHA256 6ffe6affc6dba1818df004999db7f560d27bbb0c83f202ac47c69420cc524456
SHA512 644a978a83d7c07feaefe06bacafb64d80c9452689ed53a317d2dd69f122729f346242834499d31b19b5214bc50103289a089f77c75e6b25279112c20ec90eca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c7e4f.TMP

MD5 5d58cbed29afea07b3237813e0a49501
SHA1 eb2770b90aedb085bf0dcea8eb835836bbf69c54
SHA256 f0911622124b424db4952be2506ef7e949ffc6520a748a2344fae14e3c497bb0
SHA512 400700d59a2eec82e52097cf35791a5b7ff88cbbd6ad26d327b70df3a412c25b104a76f86a7453db6ee83261064216b78f79ef21a310b9a8c9d4f01670bd3433

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e527508e0003d893c751ddf20c60f8aa
SHA1 b4033c5fa92812c0841706bbc965c0c3a3fdc16b
SHA256 c4631edd3d5768068a10fcfb122c780fe9f05b32afe156ae48dfb22bd4d78d2a
SHA512 dbc3df3beda11aa50f4327fac63133d068e344a1e6b09dc44921bf153932dcfb020fe9e09adb7c43a05858af38f3e08ed51fce821cc7f195a7c22feae5b10a0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4bdc3e3a1c814c65b5c73352499b015f
SHA1 e5bdbf8f7e2fa241937d747e65a50898ea7c2bed
SHA256 00e1400a6809de1b85ec5810a249a62777b60142ab0be0e0173e816d8bedf099
SHA512 ed9741a8f6baa6ee29eec8a9f0a23550f7a696d9c2f17ab571e408339839e7c9b184ae6386055682dbaf4c470590273123c5aee2cc2ab83a35f43adb90642d30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 6646660a402426d233a31df12057c97e
SHA1 3587ca32ecd9965dd3ba3bc52b3d7436f2d99c1d
SHA256 e76ada0aa2a19d88d5c47d89e81ac6b8b116f91a30bbb5c5fc334e8a90684dfb
SHA512 da8988bda6dbcc148caafeb8a801b4923b4daffe4d114dd462b5f29898956bbd2bb2f6249e569b94028edca70a79096eddad5385535bf9f5e1819fc2b821fe4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99733d9b87a976e897537a0807848eff
SHA1 c29e513635a9d5224660e3d1bd56e9beec0a5c8d
SHA256 4c9b77a728ffb250688073de0e9d48f156b0bb825cb41c4fba265ba949bc2e40
SHA512 039d94f23fef9c1a524dc85fa67e08a10be102682a118a1402f71293ca88e4ea190f07fbf8f5d8d850fdf37b20f010d0f1236362f3031963d4bfd5b5a502d9ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 76a326d64477d335fd8cebc99de69bf2
SHA1 1b967804d625d9d6a63d0c7940d6b51799f4c4a8
SHA256 9db40910e449505b1773e2f95541beeca744d142c7beafc02868e7a990248fef
SHA512 8b5b3e6cf43b7005c8dfe9cf2cd2115e2e44b615e7e312cec33cc5b197734bdacf439c953592d092cfc0db592332bccb956d65c4abdb714d02ff6e3743056241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cce06.TMP

MD5 69f4556ef267fa5d8847ebd271ffef0b
SHA1 da955be84e25a1b1cd6f5c029ab926646a50fd40
SHA256 e22b4361243d59e6d18324ca64397ce6c46cee1bfcf16bec92e76d43a08a0816
SHA512 b8276fc7b14aefe7fba6d78be74933f895a6493c0901ea5c9caa971d890d8f7d454bb76dcedf49aedc0e6a85a02b46953ededd4807bc515b60c953d342718269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ccb0ec74584ddebaa00feceac9a6d6a1
SHA1 2088e15c00ec5a2fb296ec079c45ed6b1253a748
SHA256 d4e89eb71576841997bd3786b96d437bd2d08ca00e9256715e052429caa05596
SHA512 6d7e1b18f148ed928f5b86cd1da232fa4ef919e3d7f553191186e0b2cd25923529f6a0fef524037f22757556d75576f4c0eaba9c157ee0fc56122c15e44537a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de8692a7-8545-44ff-a768-d718c02f9bd0\index-dir\the-real-index~RFe5cd74d.TMP

MD5 430edbdae1420c689bf05178ad967995
SHA1 33a93494c3f5306b8f772604542fc88fe8d24cfa
SHA256 a92a08cc95950eb85e09b6e9b5398e070406195a463542881d6e65fd3f029972
SHA512 84bfcc39b871b9b863e9dcea0378c3fac4a08614a6f1bdc9f7e2cf0411a2178274bd9f73c3c89d2eb74d5c68edaaead342c72a9cc5b0eea622c5bb54b3806222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de8692a7-8545-44ff-a768-d718c02f9bd0\index-dir\the-real-index

MD5 ef5c1de604f251ce4252615bc4795089
SHA1 7ecf05038269e415979552988f8ce46b0739e985
SHA256 f2c4f1c368a96f5b62ace24a2539d8943e39518caa6e4a5ed7c7ec80bbe671c3
SHA512 874153f476e3424ddf19964b08f667a0e5962f0d05891222cbc2d67af159f016c61ac777428ba2330a9f58c46f42068bd28bd194eeeaecfa7f54732666fda6d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b1d3aab-ac4b-4009-9618-60be1f23b24b\index-dir\the-real-index~RFe5cd8e3.TMP

MD5 c9b1d9732a3967a909a2be0ae5830eac
SHA1 85c20621fe909e611f181d5f89314c5e73a239af
SHA256 7f07c929282b24e5d54b414f4bbca1ee7ea27e383eca59abf5db28d7cc961556
SHA512 bd834af846bbf05d49405dca65cc448c48091d77048d0aa10cb342ec93f141fa30799ea7007c566b2452d93e0ec3603f6861267821392e588ae9885ecd43c432

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b1d3aab-ac4b-4009-9618-60be1f23b24b\index-dir\the-real-index

MD5 e8323f70fc01e8c6c54edd22fdfd9699
SHA1 0b4e54c2164179afed0b0d17e73054bad02d2013
SHA256 cd4e4162ec4d71a496162b94a2bb9f231d3ffa280e8b6162a647cf0973ea1ac2
SHA512 83667f311fc5051cc5871c5b643f406d8c39f5afabce356b4886e276225a4d54f9bfd3bb4053233b27111512fbed2c7b11efb8322908a2583de6917228edaf6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c605e90b2c56cf2987e75d8c2cc871b9
SHA1 a696050da0008339c72d1bff63517ef3164b62a9
SHA256 0d825575ef3140a457359dcd6ac53250ac8a466b7f6cfbde57b5b5b961e86476
SHA512 f238537ce947f36c05aded1891345f17bf496458645028e830b5c8fa4665bff1faaee909d3c9dc0bb2e4c392acaa18c9b6a46d897ac7774084767b1ca1550a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 59b90b3f6f93e77078b2b4f1fbbe5842
SHA1 e8d10af65d0306b39426419da9babfa3d8fe3c52
SHA256 e5ab4b5c124f63bce502f4c5931484af168053fb5ae75b78f87a3181cd3d7ea7
SHA512 e7f5a0bd1b4e9171b32c8d362afb4fe68812fe77e3131d12b0b4f184732beca2f789e2a18f62eab67b19081e38fb72601e7739a865b4a5de0fc6c9ba2a444aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86007c71848540cabf07f7c2c6049e72
SHA1 999425d188cabea0d9ce5e0e38c68ca35f303d1b
SHA256 043027709a1d68568b86d73d292940e475df865b3b91085826a74098f0042006
SHA512 dea064bf838b70f0440eb80f7814d264ed9aa0fb09f2962fe56eae6642ce86db9663051bb38c84d63a46471dd4e94d41ee60ca1bbe5249f650098eec622ab2cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20ba1f96ead4b0ae9b5ae3d56550290a
SHA1 be505382e1f37465dbc59679618d2c4e1ba619f3
SHA256 b18217194dd15ef70b4d49b635a7fac7e6c522e707b3be7b94fc5c529ca741ac
SHA512 b7678fdaceb3f18d04dcf3445a581b952ef052e69ea3ed8fb386049b34c6ee6868519a3de260b0b09d1baa88f9850bd7c84a425c8724ea2db32eedfdd74b9ebb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b02730dd909095810ea7676e6352d827
SHA1 38b9e5aef085710bf87d655cf62058c0d7028108
SHA256 3c3edaf88145f9c6e429d4d0c4c0eea45879d1a929815476e48db879f893443a
SHA512 4cc327b2c4ecd54faecd37ec202dad92e97897c0387b94f3f3aeb9628b184976bb25bb5e5d1d23982e28d90e8c2abcba28e92fa33be42ef7e6ef45d0b56f6b43

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 77811b18e84ba593f9b641c57e2a36ad
SHA1 a912c7daf0695dc913e5e207d2e9d0468a625ffb
SHA256 9583885ebfb7c74a4121ac4d123283ad26a32ff1db3c97c97c065d246c177b6e
SHA512 b7659779b6ed5a47beaa1229866b8cae40b76857485f58fde66d6ed6bbe06ee095bf7290bcaf02559a1413f25e8691242d564124c1792416f098866414bc30df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc7180f4ff3a9b699d46ed457b071903
SHA1 672a106fa30b6363b78bd904cd490c990ff3e02b
SHA256 b2c7499281cac25135fff68aa9f05c7b006ef167d082c24cd5c756bba70769a2
SHA512 39f34cd5bc00aa0183238f72536da97847cfbbf1533a29d8a98871f24271c149c816d8914c892d5b7cba6daaea22876c8b04e818e46f38c8ba92c6d683e4e50a