Malware Analysis Report

2025-03-15 04:02

Sample ID 240826-ezzcxswfkk
Target https://pandadevelopment.net/getkey?service=beeconhub&hwid=ad4c7e6c-a60a-42d1-8d25-2512822d6aa6&checkpoints=6
Tags
bootkit discovery motw persistence phishing spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://pandadevelopment.net/getkey?service=beeconhub&hwid=ad4c7e6c-a60a-42d1-8d25-2512822d6aa6&checkpoints=6 was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery motw persistence phishing spyware stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Writes to the Master Boot Record (MBR)

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks for any installed AV software in registry

Probable phishing domain

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

NTFS ADS

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Opens file in notepad (likely ransom note)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 04:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 04:23

Reported

2024-08-26 04:30

Platform

win10v2004-20240802-en

Max time kernel

436s

Max time network

438s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pandadevelopment.net/getkey?service=beeconhub&hwid=ad4c7e6c-a60a-42d1-8d25-2512822d6aa6&checkpoints=6

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://www.manageengine.com/cookiepolicybanner.html N/A N/A
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://pandadevelopment.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b910bf4a867946d N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6C35.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\.apk\ = "apk_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{0B09832C-0D35-4753-9D6B-04734B3F8759} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\.apk C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\apk_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 176247.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 349371.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 491431.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6C06.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4608 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pandadevelopment.net/getkey?service=beeconhub&hwid=ad4c7e6c-a60a-42d1-8d25-2512822d6aa6&checkpoints=6

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc77046f8,0x7fffc7704708,0x7fffc7704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe

"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe

"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"

C:\Users\Admin\AppData\Local\Temp\aj6C06.exe

"C:\Users\Admin\AppData\Local\Temp\aj6C06.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Users\Admin\AppData\Local\Temp\aj6C35.exe

"C:\Users\Admin\AppData\Local\Temp\aj6C35.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,659333501897357948,10027986214139242334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\synapse.x.apk.v2.616.655.apk

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 pandadevelopment.net udp
US 104.21.60.217:443 pandadevelopment.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 173.222.211.8:80 apps.identrust.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 217.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.211.222.173.in-addr.arpa udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
GB 92.123.142.114:443 www.bing.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 114.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.114:443 r.bing.com tcp
GB 92.123.142.114:443 r.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
FR 142.250.201.174:443 www.youtube.com tcp
FR 142.250.201.174:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 172.217.18.214:443 i.ytimg.com tcp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 synapse-x.en.softonic.com udp
US 151.101.129.91:443 synapse-x.en.softonic.com tcp
US 151.101.129.91:443 synapse-x.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 142.250.179.68:443 www.google.com udp
US 151.101.1.91:443 images.sftcdn.net tcp
US 151.101.1.91:443 images.sftcdn.net tcp
US 151.101.1.91:443 images.sftcdn.net tcp
US 151.101.1.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 150.171.27.10:443 bat.bing.com tcp
US 151.101.1.91:443 images.sftcdn.net udp
US 151.101.1.91:443 images.sftcdn.net udp
GB 13.224.222.87:443 sdk.privacy-center.org tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 13.224.222.87:443 sdk.privacy-center.org tcp
US 150.171.27.10:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 87.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
FR 142.250.178.155:443 storage.googleapis.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 233.148.172.18.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 15.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 notix.io udp
US 151.101.193.91:443 di-images.sftcdn.net udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 108.138.233.47:443 api.privacy-center.org tcp
US 8.8.8.8:53 459bad0f44e8161afd17b85136857261.safeframe.googlesyndication.com udp
FR 216.58.214.174:443 syndicatedsearch.goog udp
FR 142.250.179.65:443 459bad0f44e8161afd17b85136857261.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
IE 54.72.187.223:443 ad.360yield.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 54.217.65.65:443 ap.lijit.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 52.30.53.126:443 id.crwdcntrl.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
FR 142.250.201.162:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 ampcid.google.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 47.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 116.138.244.18.in-addr.arpa udp
US 8.8.8.8:53 223.187.72.54.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 65.65.217.54.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
FR 142.250.179.78:443 ampcid.google.com tcp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 126.53.30.52.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 35.244.193.51:443 lexicon.33across.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
FR 185.235.86.47:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
FR 185.235.86.44:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 47.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 44.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 255.115.95.52.in-addr.arpa udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 contextual.media.net udp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 ce.lijit.com udp
DE 162.55.233.28:443 sync.richaudience.com tcp
IE 54.75.158.40:443 ce.lijit.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 40.158.75.54.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
GB 92.123.140.147:443 player.aniview.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 34.206.117.153:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
FR 149.202.238.100:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 52.2.98.215:443 api-2-0.spot.im tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
IE 34.252.6.15:443 match.prod.bidr.io tcp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net tcp
US 172.67.40.173:443 spl.zeotap.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 bttrack.com udp
IE 54.171.130.238:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 147.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 153.117.206.34.in-addr.arpa udp
US 8.8.8.8:53 100.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 15.6.252.34.in-addr.arpa udp
US 8.8.8.8:53 215.98.2.52.in-addr.arpa udp
US 8.8.8.8:53 243.207.204.54.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.130.171.54.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 88.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 cdn-download.avgbrowser.com udp
GB 92.123.142.147:443 cdn-download.avgbrowser.com tcp
GB 92.123.142.147:443 cdn-download.avgbrowser.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 28.233.55.162.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 199.232.213.91:443 softonic.com udp
US 104.26.7.141:443 api.btmessage.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 c16fdcc9f8e0fa4edae7923a1f88203b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.201.163:443 www.google.co.uk udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
NL 139.45.197.253:443 notix.io tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.252.6.15:443 match.prod.bidr.io tcp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 bh.contextweb.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 www.manageengine.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
NL 185.20.209.211:443 www.manageengine.com tcp
NL 185.20.209.211:443 www.manageengine.com tcp
FR 172.217.20.194:443 adclick.g.doubleclick.net tcp
NL 185.20.209.211:443 www.manageengine.com tcp
NL 185.20.209.211:443 www.manageengine.com tcp
NL 185.20.209.211:443 www.manageengine.com tcp
NL 185.20.209.211:443 www.manageengine.com tcp
US 8.8.8.8:53 accounts.zoho.com udp
US 8.8.8.8:53 salesiq.zoho.com udp
US 204.141.43.67:443 salesiq.zoho.com tcp
US 136.143.190.100:443 accounts.zoho.com tcp
US 8.8.8.8:53 211.209.20.185.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 136.143.190.100:443 accounts.zoho.com tcp
US 8.8.8.8:53 fonts.zohowebstatic.com udp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
GB 13.224.132.35:443 fonts.zohowebstatic.com tcp
US 8.8.8.8:53 67.43.141.204.in-addr.arpa udp
US 8.8.8.8:53 100.190.143.136.in-addr.arpa udp
US 8.8.8.8:53 35.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 us4-files.zohopublic.com udp
US 8.8.8.8:53 css.zohocdn.com udp
US 8.8.8.8:53 js.zohocdn.com udp
US 8.8.8.8:53 salesiq.zohopublic.com udp
US 136.143.190.172:443 us4-files.zohopublic.com tcp
GB 169.148.129.35:443 js.zohocdn.com tcp
US 136.143.182.97:443 salesiq.zohopublic.com tcp
GB 169.148.129.35:443 js.zohocdn.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net tcp
GB 169.148.129.35:443 js.zohocdn.com tcp
US 8.8.8.8:53 fonts.zohostatic.com udp
US 136.143.190.123:443 fonts.zohostatic.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 35.129.148.169.in-addr.arpa udp
US 8.8.8.8:53 97.182.143.136.in-addr.arpa udp
US 8.8.8.8:53 172.190.143.136.in-addr.arpa udp
GB 173.222.211.41:443 aefd.nelreports.net udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.86.8:443 stats.securebrowser.com tcp
US 104.20.86.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 41.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 123.190.143.136.in-addr.arpa udp
US 8.8.8.8:53 8.86.20.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 x-synapse.github.io udp
US 185.199.109.153:443 x-synapse.github.io tcp
US 185.199.109.153:443 x-synapse.github.io tcp
US 8.8.8.8:53 synapsex.co udp
US 8.8.8.8:53 synapse-x.co udp
US 104.21.70.188:443 synapsex.co tcp
US 104.21.70.188:443 synapsex.co tcp
US 103.224.212.214:443 synapse-x.co tcp
US 103.224.212.214:443 synapse-x.co tcp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 188.70.21.104.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com udp
US 54.88.47.169:443 install.convertwithwave.com tcp
US 54.88.47.169:443 install.convertwithwave.com tcp
US 8.8.8.8:53 169.47.88.54.in-addr.arpa udp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 api.wavebrowser.co udp
GB 2.16.170.113:443 use.typekit.net tcp
GB 2.16.170.113:443 use.typekit.net tcp
GB 2.16.170.113:443 use.typekit.net tcp
GB 2.16.170.41:443 p.typekit.net tcp
US 44.207.181.148:443 api.wavebrowser.co tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 113.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 41.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 148.181.207.44.in-addr.arpa udp
US 8.8.8.8:53 app.posthog.com udp
US 8.8.8.8:53 app.termly.io udp
US 44.207.181.148:443 api.wavebrowser.co tcp
US 8.8.8.8:53 api.wavebrowserbase.com udp
US 104.18.30.234:443 app.termly.io tcp
US 172.67.40.50:443 app.posthog.com tcp
US 172.67.40.50:443 app.posthog.com tcp
US 3.222.199.46:443 api.wavebrowserbase.com tcp
US 44.207.181.148:443 api.wavebrowserbase.com tcp
US 104.18.30.234:443 app.termly.io tcp
US 8.8.8.8:53 234.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 46.199.222.3.in-addr.arpa udp
US 8.8.8.8:53 api.mywavehome.net udp
US 3.208.53.127:443 api.mywavehome.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
FR 142.250.201.163:443 www.google.co.uk udp
US 8.8.8.8:53 127.53.208.3.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
SG 74.125.24.120:443 csi.gstatic.com tcp
FR 216.58.214.174:443 redirector.gvt1.com tcp
SG 74.125.24.120:443 csi.gstatic.com tcp
SG 74.125.24.120:443 csi.gstatic.com tcp
SG 74.125.24.120:443 csi.gstatic.com tcp
SG 74.125.24.120:443 csi.gstatic.com tcp
FR 216.58.214.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r4---sn-aigzrnld.gvt1.com udp
GB 74.125.97.73:443 r4---sn-aigzrnld.gvt1.com udp
US 8.8.8.8:53 120.24.125.74.in-addr.arpa udp
US 8.8.8.8:53 73.97.125.74.in-addr.arpa udp
SG 74.125.24.120:443 csi.gstatic.com udp
GB 2.16.170.113:443 use.typekit.net tcp
US 3.222.199.46:443 api.mywavehome.net tcp
US 8.8.8.8:53 wav-installers.s3.amazonaws.com udp
US 3.5.28.180:443 wav-installers.s3.amazonaws.com tcp
US 8.8.8.8:53 180.28.5.3.in-addr.arpa udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.63.153:443 prebid.media.net udp
NL 185.89.210.180:443 secure.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 apkladda.net udp
US 172.67.177.116:443 apkladda.net tcp
US 172.67.177.116:443 apkladda.net tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 116.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
FR 142.250.179.97:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 cdn.apkladda.net udp
UA 176.97.122.159:443 cdn.apkladda.net tcp
UA 176.97.122.159:443 cdn.apkladda.net tcp
US 8.8.8.8:53 159.122.97.176.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.201.163:443 www.google.co.uk udp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 bat.bing.com udp
FR 142.250.201.163:443 www.google.co.uk udp
US 150.171.28.10:443 bat.bing.com tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_4608_TVEOQBYMNZXTDBCL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da1229858f398d7b67bc060615556756
SHA1 d4fa0912457845ccb258792df5d9b98dd4aa3e8d
SHA256 d8c90b4df2710053f471d2d4bc9ea9b237b3ae3ed0ca7d419d81b553f12566d9
SHA512 adf069abb0b3e237598e1063d02652b4b6c83d6dadf348719c1240a6def661d36e8ae3a52720773d2d1ca2d9cf1731d091b688ef32d19fd6e3753418230360bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be54331209996a2afabaccc03bb8fc61
SHA1 ef0ba9b7f09a9afdd61765c20460d11952e7ed55
SHA256 b052ac6b744625f748004f16bcc27309ac8709b2c4fada673212521af84c1cbc
SHA512 7c3016002231120cdbe39eef501023031c5c4e5ddd93158c47160ac712716d20617dca21266f8a4264e26f8ff796b1b8003eef25409172b3bb0024c40c78aa4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f954a7734c85a8e3388d51f98d83627a
SHA1 8bbe2306803818b15efaf4f7fc4382dde98764ec
SHA256 d9fc47b1622f0c3b0b22894ac961c8dc61491a7025767adf28a9075a71a2c237
SHA512 282e3d4823d3974d50e7d046037085d2c39347969f6fee3da028aa7ae9f8bd26bda3923ad0e139182de36b076f95b3e9545b0177ef4a71759fb19839c2867069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6f768cf33058e55c1108755e928b7a9
SHA1 74a459925950f5c4d76583714dc1d92f7acb01c1
SHA256 4bb3bfd9800fbcb9558634a2064dea383d92c0f5f4d9063e18fad183d7ae5eaf
SHA512 6e59f03f1c7089b139688653ace9046483436ec34a404cb81288870320185f7c4651f5c07990124458d976465f758d22462c2e63fe632270aaf1361412cde6ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 493f6cac6ccfb9864ca9f2a7f189af44
SHA1 592cd3f32cf94e8886cc6ea599851085914695b1
SHA256 fab6408384fd474cb8628286a16e47e44e07a4d9541b7cef4c979d308bc9ca63
SHA512 bc6b4bdf1002bc66e6c84f2379346007ab757ecb9b76fb1fbc6047d3c53fa7fd8b208b1e8a4132f659dc13d20fffbfd19024b344e86159fe9ff79b9b8923219b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce7abdb86a8a35fb1cdb139c5d8c3bb5
SHA1 436340c95a5e62553a7cfe224f9895cafb18ac4d
SHA256 77ccf0d654170815ec8b2aabcad7a25cc8183138c49d9d28bac5e0a737b3d0b7
SHA512 7f0de04ce31e3788cad25fcc83a0215f52d12c2c68db3522c84d56c30d3fc42946f988f76f8f9a53e476f6664583fbd7194bd8bbf10a8f91a292a5b383d7041a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581289.TMP

MD5 b1e11003393f2d27c27179141a6fca2e
SHA1 118621362a2c5e37084d9d83848bc0cc6e772459
SHA256 d5728379240f8ebd2d32e03e9b57552a417669fd39feb4555abb830947ae39b1
SHA512 378f9666952bdd2a463839b6db62866cda7251bc1e843f3787d17440b9681b5de8e08a40aa9cd4fd75d6b1b8e30d042538213db30df23d2f8a06a5440dd74a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7263e828a27c173ded3d788b1d291ae8
SHA1 00510c714e692ee5111d5f0456ca8009a6bfe9c7
SHA256 6e391ba209d8b2f91e5fbf7cba8208539dafe5ea038fdd38be911571c8050daf
SHA512 d6c717e2ba79d44ef2f73a33b8b09b55ea4f9bfeff09d37f254b64b2f9f0ac8bd4f0c008b688de875fde13ba6d5c044d00b76b66d7f13b2575ddae401e27a296

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 323d1efeda35454cc0d545a8b7dd5ac1
SHA1 4fcbbf022b491f6d8213a775d44e78711937199d
SHA256 8f214abc60e5ca7dce63357cfe028ab43fdb396a6710b69e6d6a9ca1914dc324
SHA512 cddce31713fb0dd9ea5000468697400ec22f21cc9ca1d05c580c3c0d67f97fbb626906091d1a09e422e30dc19e2d9a08074f9f5d6d48d7aeeb0cc8a64cc13e86

C:\Users\Admin\Downloads\Unconfirmed 349371.crdownload

MD5 0dc93e1f58cbb736598ce7fa7ecefa33
SHA1 6e539aab5faf7d4ce044c2905a9c27d4393bae30
SHA256 4ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36
SHA512 73617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 a1afe33ce7442502a96deee597945384
SHA1 fe34cd78635f5617cf238de6dc746058d6f88899
SHA256 f7eeb570c60aff1435db1daf3767c0672634269789870ef91c69b2b90a47edaa
SHA512 f8bca21c3fd79d63c8265f5dfcba95419eac697b42efb600e7c33d15dc5d9c3e0d0d360da39e14004facaea4cff4dcfc00d7437979283ce0a2b06916b69b8c80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd395aa419a5eeaf_0

MD5 41909a4b932f05bd51b4e4f83b637c5b
SHA1 fb8e409b6fc0f910f2ac2c6b27de1372fc2d6950
SHA256 98622669751f87bea153c1c7e3e7c9d50af781a233016acc21c147eb6314f803
SHA512 cd2bee3196ecb8773dd98d74a32df82ae6edb2562b0abd19e4fcca4fba09f522ae78b89b157c434f6339f9137ad9f87fde16bd120a175755b79e1f9f68fbc0c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 e4cc1ece2f2425b10ae2ccc212c1dafc
SHA1 92609e6d0093693110baa23758382889bcb30da6
SHA256 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809
SHA512 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Temp\nsc62DF.tmp\jsis.dll

MD5 2027121c3cdeb1a1f8a5f539d1fe2e28
SHA1 bcf79f49f8fc4c6049f33748ded21ec3471002c2
SHA256 1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
SHA512 5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c

C:\Users\Admin\AppData\Local\Temp\nsc62DF.tmp\nsJSON.dll

MD5 f840a9ddd319ee8c3da5190257abde5b
SHA1 3e868939239a5c6ef9acae10e1af721e4f99f24b
SHA256 ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
SHA512 8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a

C:\Users\Admin\AppData\Local\Temp\nsc62DF.tmp\JsisPlugins.dll

MD5 d21ae3f86fc69c1580175b7177484fa7
SHA1 2ed2c1f5c92ff6daa5ea785a44a6085a105ae822
SHA256 a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
SHA512 eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f

C:\Users\Admin\AppData\Local\Temp\nsc62DF.tmp\StdUtils.dll

MD5 34939c7b38bffedbf9b9ed444d689bc9
SHA1 81d844048f7b11cafd7561b7242af56e92825697
SHA256 b127f3e04429d9f841a03bfd9344a0450594004c770d397fb32a76f6b0eabed0
SHA512 bc1b347986a5d2107ad03b65e4b9438530033975fb8cc0a63d8ef7d88c1a96f70191c727c902eb7c3e64aa5de9ce6bb04f829ceb627eda278f44ca3dd343a953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 355d1979f59244bd8da4ddfba5bada92
SHA1 9b67a1e5f9c13d3a14adcdb5835b591bdd43484f
SHA256 ea6738a3de43fb62bb2fde6d1359885239acdad21a282e7db51ef3dcee60f5fb
SHA512 5fc319499a74ddd4edc6c0104a70abee5ddacc5c1a8f2dbfac7e722fc34046d034c7b8252e672277eabe2f9955b01f4adcf119404f1810d53a0d48943723ec47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 090543e1d5fc0f6ba57ff87ac321bfb4
SHA1 b8a69cb7fe3cd69b1e87d9364f9c1edb2b5062a6
SHA256 184273686f5ae24886d3ab9db99463a26d1c72162d605f4674b8cb4d9c1b1388
SHA512 7cb46364c84636b379b76137688784d72ac4e4e08425308bd4e8c6f0188e28d5e5bf915a64729d252347ce8cd72e77bce8a12fe5dd9d457bd2ba58e64ea08e87

C:\Users\Admin\AppData\Local\Temp\nsc62DF.tmp\thirdparty.dll

MD5 7b4bd3b8ad6e913952f8ed1ceef40cd4
SHA1 b15c0b90247a5066bd06d094fa41a73f0f931cb8
SHA256 a49d3e455d7aeca2032c30fc099bfad1b1424a2f55ec7bb0f6acbbf636214754
SHA512 d7168f9504dd6bbac7ee566c3591bfd7ad4e55bcac463cecb70540197dfe0cd969af96d113c6709d6c8ce6e91f2f5f6542a95c1a149caa78ba4bcb971e0c12a2

C:\Users\Admin\AppData\Local\Temp\aj6C35.exe

MD5 c79bb78a0bad2559a7037913dd1f1f34
SHA1 a5b36348ad93fdf971201f31136d8c9b056984a7
SHA256 f63b47288af395ac9c02c980592691e2d446fe8b4d3813007433ae262af693c3
SHA512 1bd81cbe784427e54903159225e0fd94c0fab1d9498c11db177d86268f34129e6835759a9a3e3822c717349043930e13168390fcc2f9a74f9699f14497cfc888

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\Midex.dll

MD5 2597a829e06eb9616af49fcd8052b8bd
SHA1 871801aba3a75f95b10701f31303de705cb0bc5a
SHA256 7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
SHA512 8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35

C:\Users\Admin\AppData\Local\Temp\nsg6E76.tmp\CR.History.tmp

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\nsg6E76.tmp\FF.places.tmp

MD5 199d82d11c3c57b35976685dd2c6135f
SHA1 b95c80c6766745ca4049acd19d25e9e60d55871c
SHA256 d1e83b9f571cdd8087d0ba5e2de31ad98ebf2c1156eea86de6ef8dea5fc2adcb
SHA512 972db73c22a683a2a68043f53a388978b72f20b2c1411bc69b662b1e66c31dbcb60f142748c6960242da7c58dcabac46b056f6c612612d062b54e38dbf44c14b

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\CR.History.tmp

MD5 6518738a3b900945b9c9973a457ebe9c
SHA1 29a78052f06ecd7f0c6e703f0c644ca29dd37596
SHA256 caadee75fff05e5dd2dc1f63aeb78f04cef6e00ce6ef30807a94ba5cadad6239
SHA512 0c570aa78cf8e0feac210dacebdde675ac6e1530627100fcad6f7701619507fae4bbbc9ffd2bebd8df505450a8ef87ccf47cdf4482ae327157e8647bbf5209af

C:\Users\Admin\AppData\Local\Temp\nsa77FD.tmp

MD5 92ff3e51f55a2f70720c07f67acd3ca8
SHA1 4aaec240b744fa049bd6d2043106e9b5ca138bdd
SHA256 607783ec67ab3cc77fc9298011d53f2c1bb6b0882504c0164a167f787599532f
SHA512 47117d866fb6932bb0d6bf00e54a6e26517127be5f84fcdb9759372cbf6da2db4e7faf830793c215ecc94f6d080087b7a28663e4a358c9e1659e0986b3b1b93b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5d009cc6df1372b984afdbe790d9dd7
SHA1 d532b2b09430b6567174a8c9394e1cafe38b2bab
SHA256 e0097b7fcf3395851ec9fbfab7406181a1a3d6cd64f6abcd44deffa57abc9585
SHA512 e7df6c0019aef94b4f5ae8f4b6bca8d9423e7ee1a3001b0ff7601cfae458002002487543ee83ab92a879c8f9ea85a4664d2a4321f750550936361883dcfedf9d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d2a562921bc7463fd7915c5ad10d2c3a
SHA1 bfa7b8b3d5c5e1dfbf016e8aeeaad0acef5a933e
SHA256 1f60efec9a405df58de1962ab2167fb89949110aad106e86c335ff7bf7adf626
SHA512 aaa245d164018fd0173fb60c857ad39adee4e1631005f642368b8f3eeb33b49c7f53568f1a7ed5d8f4a11c8ba57e1ed10ae3a6b55e79ce6fab1fe6f4ca0e0e90

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\sciterui.dll

MD5 f40c5626532c77b9b4a6bb384db48bbe
SHA1 d3124b356f6495288fc7ff1785b1932636ba92d3
SHA256 e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
SHA512 8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\reboot.dll

MD5 c845234dd1e1cdf6f63ec1b025b75742
SHA1 150dc042b54e3dc34172d5a2507125eaf619d14d
SHA256 ca418ce0992368c09827a76b0cca14070b9c518badc95085c7d71034784fce5e
SHA512 b08b899e523da279b9e56306b237eadc6fb91fe460b0872bb6a4b163d3c83480621d2e5e70d1de64fc9d751d8704dd4ab8400d5a901846e4775f4d34977ce605

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\jsisdl.dll

MD5 5121c566ac9315a53e558bf62600f9b6
SHA1 6da036314afefeb8c1dd88cc6eab0efb432a3b4d
SHA256 d88e38df30887c722fb837278ee3782914574414c741cdfd3bd6126799fa3167
SHA512 4f6de42af54cec8e63bdfc54ac250a5f5cc09081e9ae85d0cbbcad952f58727cc4cf68501a020474539c51a771537993bc12272496fea5eea924d7058f76fbce

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\inetc.dll

MD5 650e0e39808140a1da5abd3d27880c7e
SHA1 b2ec540caf946ee5353f52227e8c9942cfb42f22
SHA256 aab155dcaaafebe4b84a9aeec6ffbce9b484a99b316657ee9b7a98b346f9538b
SHA512 9f00d912c123b1b235f0b63154693d294b7cf2c0571fc9bb462ba5c9ef350aa79680436ba4a094c9e28c867bc79bdeb96b0622d153a107bd8a9631d99e4fa6dd

C:\Users\Admin\AppData\Local\Temp\nsr6F03.tmp\AccessControl.dll

MD5 d4fa24f021f155ce9214dccf812c3b7f
SHA1 864001ab7d2c87af00b7153cd096e0454b3f4e9f
SHA256 3b0889281ff6367bb736690229f461bb4ff34b7437f54a5c71b877a104c0f876
SHA512 de1720af369890df89c8550d49b4e3e2e353e4a21ef30be5ebee9216e312a57ede9f7919e71de592d0bad6e482d48fb759dd1d1323caafa506634e9f877f6213

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36184d97b14ae7939a82c7f0ffa39945
SHA1 d7a3cbd4db86d787a694d382289fd6b937966228
SHA256 763c608b878b6754d67cb19339d06b51a77b2f8b3902bd3a30f9d267065aed8c
SHA512 2899780aada5f14c2bfb2df656cbed5d3a7c1bde3fdf6fd1f79db0dc7b1b6c3f2792268e10f8eaa75c621f8de3f9f2d8d0836476ebd172897ce7fae29e2bf2a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 238a07c3ecd1d85c06660df850d013a8
SHA1 2cf1f5a2d60af148c1a07f48d9f0d75b2cb35100
SHA256 e7749b1bab6c6c37e22a4279fa0c71116e010b4912621b242b50354cc8a0f64d
SHA512 ce3217af6dc7c6e69a29e531a4af6b91d9e9196b221d83d2678da8765433bea4a3eb2da278635ad925c22ef189538e8e234ba8e9582845fb1a4515f2fe8922ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4fcd25098a6d9be44a07c0df04fd923
SHA1 574be665425f189394cdeb41c05880f2636fe4d2
SHA256 cbe948520fdecaf9c290478be19b6e5da140273714319c88e3701f4f850ec2ff
SHA512 2a484d7ad969a9d0cc847bbf76f57c4c321b8d9bced5689a9ede7b5d587ac5157638f3714ad64b81999412c4e9d35111f6da4c0e0708ab4cafae7a275064cd40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4bf50681e2ac254e8cb12c264bcb4d0
SHA1 d42b1412ba9758543d326260a231bd5c1df85633
SHA256 8731a630e3d145349e71d669df098aeefd996bbbdedeef20005fd7834fdbcb18
SHA512 a2f3a698ff1cc4c90cb4bfe50beb6fc3e85f0ece54628626f47e98c476d3c71f740e4f770f1eeaae6b260a4a473b1762488f5b79665a5324ec12293ef3b0d3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea3d0d1edff1b2b20a8db064eebb50e8
SHA1 fe5eb2645b577094f11ee6baaa45c1956d17aaf3
SHA256 b1a5884faa9fb662cf88ad05a0b771414c208542d13a4071a36347e6153062fe
SHA512 e3a1d965e6693536c9893c6afc996c0bf0e1970bf25f1dbede085ae319a9c08dbcda8f4d415046bd2f68696010353e47c68a3fac994f0f98eeea5be5da16a601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a61407e4d057fcc1bd96f4ed421068c
SHA1 0bf93909e7a2c1514eac2e520b0dbdfbd3bd290f
SHA256 5d3e59286fc0ea1c8ab1eb15c52545f48b183a9a361a77e470daaeb5842f2dfb
SHA512 75ee697d08e6cf374061f9c1bbfd7e02e89e07e7a586f9be06c18532fed8d390b02c67230572b9d5cfdcfaae02e0b68c979a698ed3832e6d721515f38495790b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

MD5 9708e5224c10eb91f435950128a72070
SHA1 cc66f87dad487f1db80dc78942a7016d26725ae9
SHA256 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d
SHA512 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 619d67bbc5eeaf621057f316e61073fe
SHA1 1079075cccbaa0b19c7543c684e43c22d78a2f18
SHA256 5ec67054caf0be85471d49a02eb0867066490e548a166d725a0e5369015d1700
SHA512 24eeee0f05ecb5a67ae44c967edb07d584a2994825833f5e89dddb708a64c9bc43c0643586b9f35ccd1dc39ea0e9bdad1fe085cc0fca9f4bfa02642a6de12516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df6ab3f2cf1f105d_0

MD5 0be67db79568d26fef9c8d361d33c474
SHA1 a03098160fa51febc21ad399ddd77e05fe9118a0
SHA256 eb8efaeefc9c55c0564b0cc6feb54e28ac683f1eddd973c5b9c075b7e08139fc
SHA512 10b1554682e2fb6f3dcc1ce97a454baf812dc36c03ecf810d47e552c6a84053c4456bbd28b02186474c894f933fbb07cc1678aeadd70ad36b05b6d5cb9c7c6de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c53b917ad0adf193_0

MD5 2e71c3f91feb933dc50adee5b3d9ee81
SHA1 a25fb3624dee4db4d665fab2d2825ffef5aa3cef
SHA256 53a309e24b860d75db0b1a25963c39a8ae8fc686c263c94a1fc51899da8a4bb9
SHA512 cfb6db46207f9ccc0d549a59da660c573377bab12b04e9fb37343c4fa51aa0c9d050960a728d0c7abefe578752ec1e4fccaa067521b1851472da525c83c4d89d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

MD5 8fc04f0a1a15bc42f5a832fd31f447a6
SHA1 1fdc1cbefb2a9bc601fb299241022d695b3013be
SHA256 8e5e82e50f588067cd159c159fc88735d4123d3ce180b0708d6e2535b048add8
SHA512 2e3d44c486d41ee24ae02e0dd8fd206b3f797885ca304d40777327d61ee494b3fa77ed1c7b8fae1a2df34120efab31fe63e2053ae44b8faa7b2976adeeb094a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 d2703f7be0a853ff492492d3f2990eb5
SHA1 36b48920b63cdf6380a9a07e9506c80126ee7593
SHA256 7b63deb9087a0c5a621e44fe584d9afaa23dcade0e4f5a0731da2c02abb6b5a3
SHA512 d1585122ab24e8b0a1cd9152e44bbe007879bec9adcc0a8d6f9b850e829fa1f040d769cc74a8de99b3c5b279996c3552b8afd85d6243bff3287f6739e4847b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0ee576b-598c-4e7c-b765-ee7857d4d546.tmp

MD5 1490183ae6f0c547250cce73afbc4e4e
SHA1 c230332c8d10e14b995c62ef68ad1cbf28b6930e
SHA256 1bdbb8c493f826f8e11a9f5f251483dc33032f608b22da19c2cfad4923b1cd31
SHA512 e8a6a0f847200082b264b9c97e1da17e71c270c020fada9ca0412e839ded418ec8af870c8522023d5206655e94f026d6d4d4c8057fc63537f1af005e35a23dd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5c420720-9939-4766-bce4-524f2abc1364.tmp

MD5 257df274aeade2ea8639cc266a253a01
SHA1 0fe69b1d6381402ca59779ea56912d2463d0728f
SHA256 bd204fecd31c5e6b64509a9c19e4bf09a6bae180fc580583df2261eeab2a0781
SHA512 b4e9b5e11ed664a6362cf449e62366a413e189fc10aaa035999ecfa67b6550b9e594cc43fbdb68d59c08ad0dfc3c9a22b1386e778c4b9b66a0a42d5cf7e6346a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d28ab9134a3ee5adb9465531216a652
SHA1 b58f78efd4185991ad274a474587363bcb949b74
SHA256 5dc2e6f71f154d591288825e5c28a0315b99b75029c0ec58788ba508e31b8b7a
SHA512 88e28b619b264bc1783199366c3ad94b394f3b6cfce21fd031d960e3e24fff2a2caacc4cc42b25d29746d2b4b3cada721275018d7a7c15115516d0f412265dfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6653850d9968da3dfa788b175865c0a
SHA1 b202aea3bfa259597a78fd6ca61dba47869babba
SHA256 902fe20396456c8707c3f12c88298c91f7870b3de6cd38b4f32bf3d4c06ed1db
SHA512 e4934903816ec5939eebb66929088a600162ba603eb120ade86549fa97f64c681cefe56688495546ed9448aecfa9785f3da15fa4fb8f1e405c7d0b8c8e9e49f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 99cc892fb7da07cb1954396578adc039
SHA1 0aa3be3c88fa96a68012262fe01ccea9a0beb43d
SHA256 99483f22165f9c9907f3293bcb8dd8c937fa6abfd4fadbc5711dd555ae786eb6
SHA512 f55596c6f5a794c35689a82162a28db219809a17b7b502f0ace311777e58771602e3a3f6ee012e670668783598b2bf7cd1c74611de9ee871acd666dbe19d0d6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f612d931e8d52514e20485d08613c89f
SHA1 d37bc0fa507d732baf0206b5eae25a6899ae429e
SHA256 68a97bd13d1972b6bd63d6982724eac91fb0e844efdfd7b0725b64fc7db714d0
SHA512 4fbca3f35d231ef3c25c30eb3dc2454872d7b8e06a7728c57bd96094e2a2466134495e7a9047ac5fb2df42a03c10bc074920a30faa777834930c1b7c252760da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e227d6ea1b45a8cd928429a5af18c5f4
SHA1 a1d3d0bb8f96767f78c8a468aeea9c905c2ae31a
SHA256 d848a9a892df63a7717e4061df24d15330a29cfbfa458d32bf2c9d8c6655bc2c
SHA512 531761d2ef35c258601db23b5b69f94167d99bbf9c7ddc432010fc1b5994353077e91f072d6bd64b773ca95a42d69d6bbb5e0ac0552a7cd422baf4b5c2904393

C:\Users\Admin\Downloads\Unconfirmed 491431.crdownload

MD5 c9db6b5c84be13a43ad23cc204e4bc52
SHA1 94bd6634303205715fd04f8aa10d75158390e4d9
SHA256 77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
SHA512 9273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a4673b3211f0b886ac6d68f2d4cba2b
SHA1 84d5cc1a5d3ee58976bd500568917487cf732a25
SHA256 27d3839144dbec9ecc796528507b63bfe574a6794c16f04ceb3fd0e5c00facb5
SHA512 111f6ddf95d0d00fc323bafb8a039f7877d0aa42e43a5d69d8360a1a4e8c8dba7266507bfc8bc7b19ec121482edaaee277fb5934eeca5c3f15689801c42d3d79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e62da1903775d92eb4379ebe2f3f02a3
SHA1 8120eff58815a1ec05dbc22380c45aaa50e453f4
SHA256 e8efdf7cbee6e03314681b76a715243eb24d35ed70beb156184638216de1af01
SHA512 674af5251414af48d485e6be3318237da1aa9f52db70b14f50a2ef8c19f03ef699c2d52c91bba73dc1e81e0f36894f1181ac52c4c11ec7681585d878edb989d9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6ce28a47da94ff939c432e5ec68ae105
SHA1 e33a03a3aaa5bf8df781b5dcc8808bcf993ea043
SHA256 f99e4c643f39e1b0d1ece815bfbea64db7b07fe66024763ae79252bfaab79bd0
SHA512 8e4b9959de0518659b38a9a147f53b55cbf465b52c6a8bbbf4924ad1e4496763bd3b6a4fda9da8e4e6f25816af1ba874cc5deb3685fb17cede11ccc8f51692d4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 209198edf9d54cde6328bb5115f66bfe
SHA1 33a2608616599243f904300126bc803566c04fdf
SHA256 f9228a9822e26660ce6b94b2773e3add82dea8d7a997a0c47efa3092b9b53473
SHA512 a96e20bbd4032d108c2090fca71cb3018044709fa9540d306a5ea8b59112eef8fa0a7b306547fab0e4ec1271f0d079b13abe46cc85266f1649b9603d18f455a9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 48283caff60269e4343def5374b8ccb8
SHA1 ea649aa7cc6df0076ee482c50152873013812dc2
SHA256 f4973ca0ceaf3b3a9dbbd7ec414ce4034f685f88c76f890b31db946714930722
SHA512 b20d6a3d97dc66b0e93247273509beaf8e66ba0aa505f67b64f290ed8ef8bfd73daf462f97c22190104011f3a990b470b33bd573288af9999533ec90112d27ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ccded5e6ec6d7ff0cb4fec1ebad268e
SHA1 6d1862c3c5cab8dfadc892018048b981c27ace07
SHA256 af6a32b7b13219300aeedf385b9e376b8a6a5089c74f85b61cd60adcc8375c6e
SHA512 599053066d3b2ad7a5eeb4ba7e01104cd1b76509d003d962091d2c2d8ac4fdd579c4e6807bae1be5cc5fde90c2ee43bf72e911610aac067e7f8fd32ff27facfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 294273f846f7728b84e18e49d7a6d4b5
SHA1 7453b4da805399ebb3ecd11cecb50463da208eb4
SHA256 1f04bacc61bb1ead7dd3f9022b897f74bb96b31814f900017d892b23fd39403a
SHA512 b2fb3faff7d0261df10f7da42781a108895bd28bfc2949a5afbd7590a29d4bee1e0bdb8f8d0cb84e2258cf4954bdd0ddb28568dcc202710b1beb9bd7583f9176