Malware Analysis Report

2025-03-15 04:05

Sample ID 240827-p3vt1staqq
Target https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE
Tags
defense_evasion discovery motw persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery motw persistence phishing

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Adds Run key to start application

Checks installed software on the system

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 12:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 12:51

Reported

2024-08-27 12:54

Platform

win11-20240802-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE

Signatures

Downloads MZ/PE file

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{efeb71da-4b7d-4471-a893-2c8eca651a01} = "\"C:\\ProgramData\\Package Cache\\{efeb71da-4b7d-4471-a893-2c8eca651a01}\\4kvideodownloaderplus_1.8.5_x64_online.exe\" /burn.runonce" C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A

Checks installed software on the system

discovery

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b63f186ec435d5ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b63f186e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b63f186e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db63f186e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b63f186e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{66568D2B-C798-46FA-BB0B-093C8339D7D9} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01} C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\ = "{efeb71da-4b7d-4471-a893-2c8eca651a01}" C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Version = "1.8.5.116" C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\DisplayName = "4K Video Downloader+" C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Dependents\{efeb71da-4b7d-4471-a893-2c8eca651a01} C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Dependents C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 654801.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5028 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfef63cb8,0x7ffcfef63cc8,0x7ffcfef63cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9468 /prefetch:8

C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe

"C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe"

C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe

"C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe" -burn.clean.room="C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe" -burn.filehandle.attached=584 -burn.filehandle.self=592

C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe

"C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe" -q -burn.elevated BurnPipe.{BD788FE8-A5DC-4CCC-908E-289599B095A9} {8805B296-FCED-4558-8DB0-33AB3D68916B} 6828

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe

"C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe" --regkey "Software\4kdownload.com\4K Video Downloader+\Analytics" --an Wix --av 2 --ec "4K Video Downloader+" --ea "before-install" --el "x64" --af ""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4960 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B4

Network

Country Destination Domain Proto
US 151.101.193.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 softonic.com udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 13.224.222.112:443 sdk.privacy-center.org tcp
FR 142.250.179.68:443 www.google.com tcp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.139.192.54.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 112.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 151.101.1.91:443 di-images.sftcdn.net udp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
US 151.101.1.91:443 di-images.sftcdn.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
US 104.22.74.216:443 btloader.com tcp
FR 142.250.179.68:443 www.google.com udp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
FR 142.250.179.91:443 storage.googleapis.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.74.232:443 cdn.btmessage.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 151.101.1.91:443 di-images.sftcdn.net udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.253:443 notix.io tcp
US 204.79.197.237:443 c.bing.com tcp
N/A 224.0.0.251:5353 udp
IE 63.32.216.206:443 id.crwdcntrl.net tcp
IE 63.32.216.206:443 id.crwdcntrl.net tcp
FR 216.58.214.174:443 syndicatedsearch.goog udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 104.26.2.63:443 wct.softonic.com tcp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.211.116:443 ib.adnxs-simple.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
IE 52.215.209.19:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 142.250.201.162:443 partner.googleadservices.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
IE 52.214.206.94:443 ad.360yield.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 94.206.214.52.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
FR 142.250.179.65:443 522f161509f239b18c218a6c8d9e9c87.safeframe.googlesyndication.com tcp
IE 52.215.209.19:443 ap.lijit.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.116:443 secure.adnxs.com tcp
IE 54.228.205.114:443 ad.360yield.com tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
GB 88.221.135.104:80 apps.identrust.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.26.2.63:443 wct.softonic.com tcp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
GB 173.222.211.49:443 qsearch-a.akamaihd.net tcp
GB 173.222.211.49:443 qsearch-a.akamaihd.net tcp
DE 46.4.139.58:443 s.richaudience.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 49.211.222.173.in-addr.arpa udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
IE 52.94.220.185:443 aax-eu.amazon-adsystem.com tcp
GB 108.138.233.27:443 api.privacy-center.org tcp
FR 142.250.179.68:443 www.google.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
FR 104.115.88.227:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 185.220.94.52.in-addr.arpa udp
US 8.8.8.8:53 27.233.138.108.in-addr.arpa udp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
FR 142.250.179.78:443 ampcid.google.com tcp
GB 74.125.71.156:443 stats.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
DK 157.240.200.14:443 connect.facebook.net tcp
DE 162.19.138.120:443 id5-sync.com tcp
FR 142.250.201.163:443 www.google.co.uk udp
US 130.211.23.194:443 api.btloader.com udp
DE 162.19.138.120:443 id5-sync.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 139.45.197.253:443 notix.io tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.74.227:443 p4-a4axtrghxuese-o3jfsay6th2k74uc-if-v6exp3-v4.metric.gstatic.com tcp
FR 216.58.214.161:443 cdn.ampproject.org udp
FR 142.250.74.227:443 p4-a4axtrghxuese-o3jfsay6th2k74uc-if-v6exp3-v4.metric.gstatic.com udp
US 34.120.63.153:443 prebid.media.net udp
GB 95.100.244.20:443 contextual.media.net tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 52.71.88.198:443 sync.srv.stackadapt.com tcp
US 54.243.98.238:443 api-2-0.spot.im tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
FR 149.202.238.100:443 ssbsync.smartadserver.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
IE 34.248.137.99:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 54.90.152.160:443 cs-server-s2s.yellowblue.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 104.91.71.145:443 player.aniview.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 192.132.33.68:443 bttrack.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 100.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 145.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 99.137.248.34.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 238.98.243.54.in-addr.arpa udp
US 8.8.8.8:53 198.88.71.52.in-addr.arpa udp
US 8.8.8.8:53 160.152.90.54.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 111.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 192.132.33.68:443 bttrack.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
IE 63.35.37.71:443 jadserve.postrelease.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
NL 64.158.223.137:443 equativ-match.dotomi.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
NL 64.158.223.137:443 equativ-match.dotomi.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 71.37.35.63.in-addr.arpa udp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
FR 142.250.201.162:443 cm.g.doubleclick.net tcp
FR 142.250.201.162:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 215.249.214.35.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 44.227.9.220:443 www.4kdownload.com tcp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
FR 142.250.201.162:443 cm.g.doubleclick.net udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 151.101.1.91:443 articles-img.sftcdn.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 162.19.138.120:443 id5-sync.com tcp
GB 18.245.143.7:443 js.adscale.de tcp
GB 18.245.143.7:443 js.adscale.de tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
NL 185.172.149.104:443 static.4kdownload.com tcp
DE 178.63.248.57:443 push-sdk.com tcp
DE 23.88.8.123:443 push-sdk.com tcp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
DE 23.88.8.123:443 push-sdk.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
DE 3.66.23.182:443 ih.adscale.de tcp
DE 3.66.23.182:443 ih.adscale.de tcp
GB 18.245.162.115:443 script.tapfiliate.com tcp
FR 216.58.214.66:443 googleads.g.doubleclick.net udp
NL 139.45.197.253:443 notix.io tcp
DE 23.88.8.123:443 push-sdk.com tcp
IE 34.242.110.69:443 frstre.com tcp
US 8.8.8.8:53 69.110.242.34.in-addr.arpa udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.248.137.99:443 match.prod.bidr.io tcp
US 52.71.88.198:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.248.137.99:443 match.prod.bidr.io tcp
US 52.71.88.198:443 sync.srv.stackadapt.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 93.123.17.254:443 dl.4kdownload.com tcp
NL 93.123.17.254:443 dl.4kdownload.com tcp
GB 54.192.137.11:443 widget.trustpilot.com tcp
NL 93.123.17.254:443 dl.4kdownload.com tcp
US 34.213.215.111:8018 sa.openmedia.co tcp
GB 88.221.135.105:80 e6.o.lencr.org tcp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 185.89.211.116:443 secure.adnxs.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 prebid.media.net udp
IE 54.194.124.85:443 ap.lijit.com tcp
IE 34.250.95.85:443 ad.360yield.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 185.89.211.116:443 secure.adnxs.com tcp
IE 34.250.95.85:443 ad.360yield.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 34.250.95.85:443 ad.360yield.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
IE 54.194.124.85:443 ap.lijit.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.179.68:443 www.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 95.101.143.182:443 www.bing.com tcp
GB 95.101.143.182:443 www.bing.com tcp
GB 95.101.143.182:443 www.bing.com tcp
GB 95.101.143.182:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 bing.com udp
GB 95.101.143.183:443 r.bing.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 95.101.143.183:443 r.bing.com tcp
US 204.79.197.200:443 bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.201.163:443 www.google.co.uk udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e8115549491cca16e7bfdfec9db7f89a
SHA1 d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256 dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

\??\pipe\LOCAL\crashpad_5028_GMZRLQCBOVMSXNTV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e2612636cf368bc811fdc8db09e037d
SHA1 d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA256 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512 b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c97183d91234d9a2795c7d935fadc898
SHA1 af953f633876c60e4da56fbea794e9b668a052f7
SHA256 2baa83482e8591abf180bb385c9845f74c2b63c892593980d84b0d5e56dd6ba9
SHA512 937edb7a325e86434c3a4af2ceb3e9593d320239c65b09a707fc59c9cda4b59faac71291c9b931159ebebf5516fa333433932984413e1b05da4f68c867e9d3ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 2e7026b2c2819625ce53fba718a7a75f
SHA1 c036e4dc352f6b3124115370042986fa8d738573
SHA256 a3db7bc5b01572574cedeecc39e68351b04fceb870046e52e70a34d413bf154a
SHA512 c9b45f7e6fc188a2c04343078dbe49d84174920c0654c54f841b141b1b010d56de34c59372816f24524bee138e0bbd8ac500af391dd17cdbd4cfc73f028d82f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 9a65987303ff9bc2785b78203bfa10ad
SHA1 8683082508749f0e5ebde075d56ab33722ffe82f
SHA256 67f7b0ad5a72d3043a6ad6b9d38e6f70335fa5e0b6d75059e65c61d6367ca4c0
SHA512 1cbb1662dda538ea63c515fe12950a48a798da97a8923db30dc9a8f9458b62c660890887c3ccfa1f614b40ffb092d40aaedd84ae134b844164d6a99e45390d36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 043e0b9cd03cd9e7e70d52caacad86c1
SHA1 5100eab8228b1eaf7dcd3ff63a2a20ba2e5fc2e0
SHA256 846705df5fed4c41668f90ac5944da974ce635971222f2fd6600a29584547908
SHA512 12a03e60af31565643e9f617c8f5d0295f5adea64aa3a97079a9056a762c2ba629d508227041a40723d2099667d6fe18c07226261439a0bf1ff93de0b022ae22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcf8558994d0190ebe8d1390022ae56e
SHA1 10818dc0849317c378a9428c8b256f008e2e0674
SHA256 819ffff79c32a616c7bf6c11a3c343d4fd1f49c9455f52d522d7f30cbb1a5c63
SHA512 0b27a6b08cc5516e1ddd611ee2beeab4719545d37ccffbabca32337c9ab157cd0afa378bb5f214172620f8c5c51fb387568b18966687ddd1018da9201b3b28bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ffb08b716a0c83a807bb8466b8e535b
SHA1 768b284622bc4e6e25ae958493f214b14ac9be38
SHA256 bb4be9449d24ec9ccbf3e2ce5f4a9b564036e7dba343d0ce81fa25dac210e5e9
SHA512 6b53cdb1b67fd61117ec74c15cac8b5f0a2c7de6c4942fcb73214049c86b039a2f85734511b6e380743dc658aa334563f798f3acc8e36eade57d5ead6b000ca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdef.TMP

MD5 762b0d9bcb0bb8843a902ea923f32c92
SHA1 2036ed3cc9c87de8c52012c238aeb021cf20544d
SHA256 229650db872b4f1b31e3519205ef1e68d1bd9f20343ef1fb523a30bf3838cc2e
SHA512 4a1ed4b2689e9422389e45bcf4b93dafecc2f12911aacdbca483968b0cb5a007391bc2701e6a5c9cf7a6fe3eb16f83a5b467821ce5e23d610f3f53e742a74358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e93848e7f29b9126e8c2ed6b0bc630a7
SHA1 10c9807e351a13104c0ee913fe7002f6324199d6
SHA256 4e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6
SHA512 54c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 681684b98337ff2d590ec8145f8f95d4
SHA1 a3d12dd3e20be6520c06bda3c188ab58478370e6
SHA256 6ed6c1fd7cf2572a27b0de9b5797bda243394eef1cce39c5583b9aa8e9b6ca26
SHA512 0743b836ce01b920723eb59e79ceffe2a068ec1dfb55523ac7850ebd9c432788677f0327c9ce8b27aa60d9d8e9294b08bdda53c20651f38f1cb0be073a859a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 19a3928e66f3d99256821c74031e1947
SHA1 08a85904578fd955c4b5d14d8aacfc47099bd35e
SHA256 77d1e5595cb083b74750469dfd43e97c099def538e8dbf01b74d6aeb7b283ffc
SHA512 16ae3675b5433081db6d7841bf7cc226c04e096b0751a6ada8028aef4ac41e87cf67e2d047f76df1fa487efa14b69858236210804a149df4c9c878f85e44752d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 e108cc3d1cf6dd5675e64f40ce87fa10
SHA1 6fb4b6b9aba31ef89135c0f8d88ce83f8bc77e57
SHA256 dd2a649fd2ea6bd6af87a03b9d3c349e2c4945890ea6773ccb59943da5bc0222
SHA512 e4b61694779d95b8c784d49cedaf4cb735122f295a2bcdcda55a61180dd1d6cfa5d18512bb1190eb01d28fb3bb12f6ff95850ce7ddb6a89b419ee8ab13fd59e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 5072a6ef7d0e660d70d2666a29f9f40c
SHA1 4083c4b29008491236104e1bd4fcd7c20d5b1969
SHA256 2ad270b2b00a19d543083eeeb243c3302c1687e2de25d96c71fbee1664b3eaa4
SHA512 ed0bd2811cc58b560354c3cf8158b7203b761e47d793bea3d00466f4d10a515b65ea947f88a9b08efb076d51a45e5b8986a528a3921851761306b901f60a81a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4c1ffe713b793bf90d79c2f32a4129cf
SHA1 e6113904135d4e92c94dbbfa70c8dba8a17439e8
SHA256 aa0f62854f993a49a676956c84e24c6564acdf1031aba68c5fb5f9f1d3a7ab80
SHA512 f4bb906bf8183f63b2a2db5aa8b22ef7c5e6082c0384b73f909c8709980096c845d5e468e61a8a2b5fbaab8ee071694b6afe1be60a930c71c8567dc219d4afd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 ea38b36b69f8ff5c455637737115221e
SHA1 3d5276103c751b9f6d8b608f42254330869e7230
SHA256 b07df4a10ed3c583a76621db79ca5764ded16e8a6873723188e6bb0bdb5127a3
SHA512 0fa6f23911dfb5d0d39521dd179e055bec4202585c52f20c7d8ac672a2c9cc4ba7e25d0e1c3a37ca52cbff2bd626e51667e32af4cff3377ded302402cf070d43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 bfd9a9963f8b1fc86c4075a7d4eb3905
SHA1 a9aa1b77df53e2728edd839acac685b1ffe62287
SHA256 5fb423c3ce2463404c10f01552dd72629f88806e557381b3945fdeeb0f686423
SHA512 b93a25ece5c72f28cbd20483b693cabe1fb9b86cc3682b2b1246fdad22333b470fbcda090e3dff42720185192a05a03ca341082d6b60d5cdca3b9ac2273bc31c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6c2839990a382e7d8ecc7a6eba5c743
SHA1 63c3b8976aefee0378796e7a7c41de783ab4f06d
SHA256 8e287c97289fbc126d17879c303e2fa7c1bbd37854afa5ee003b63ccfc3ca481
SHA512 3297ca91769e30b073a3362cf181814120e5b518e936e32799919c9bd501e99bf01d4c0699e8bef2c42af967420d61f61fdee47e1f4cd5a09764b2be20a56010

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 29cebe17a7b69c1f1d5b2670285a2a66
SHA1 33e37cc197d725d832544ff82615ffdb2da014c2
SHA256 51e2b52df407f06c21afc0a8c28a2be5322e93f69497ec7d69e7cc7fd07839cc
SHA512 4e28b8c4de489f1794e97752cacc2691a164f03efc19b686e030a24c767f37967b22e858eeae7b6a5499d12a20aa600be8c324b9b6d5e027adc44b23b2bc9461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 592a193443e50c2fee58aa2fdc26a324
SHA1 4cd3a50beb62547bc7f1de816ae480a071bb8db5
SHA256 e1f6bcee8bda99ee1e162e9ac53af2bd1510e14bee56a8c01391fc64c756ec41
SHA512 12d7a6f40d948d9289115f9cac584febf4a6c4a222c255e68704dd2ec50023091211ac9ac86623d16bf9de06dfcc391fcc6c1df41dd89332431d69fbca86673e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 a85641dbbc2e737f08a83875d8e7706e
SHA1 6e4acbef413babea2733c3c689ccfd7788e2091e
SHA256 c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db
SHA512 9b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 70cd9e8a26b7fd9cce37b1fcf45e8ff5
SHA1 75ca118e8717576ad26affbef5effd063389a2f2
SHA256 1f71111a8391727fc1c8f8d2dbc89ac61083f4ca88dda8bfe7c1c7af6427c5ac
SHA512 b09007f94b7a37dd638ac2a2a9adec4e7e7f1e0854073cf7454005387a25ae828d0e6e1f04fac1735e4be20ac764ff43b62bad303525afab7b338ed5f4f94c64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27eb4e5359ab9fda9c210ea180a5a628
SHA1 2513daa5299a99d71438b917b2a3bf4b109344fd
SHA256 4958106ed7294de973a9e2fa5f30c960f73f48fde72781dc8755a6daa3b3b796
SHA512 a2ee3c6b842eb220d599a67d12a1617b8931afd000e8139ad6074dd937c8b6d6b1b23739a734ab59b5b29287ef8ccbaa94dac8d9529be0978cf7f9b9ba914da8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 7846cc807df882429656a0d2dfdf8b66
SHA1 1745b6a86d67bb5112142166c4b9779b56c34758
SHA256 95fc7477e77b4b79f470ebcdceea3846bb44b8eca0bf95c0c6ce6c6bad80176b
SHA512 42c79cc34e41efe8da9e3ef8a8ba35fee12cde198ebfd17c8d5ef5f3e99eaf284e0d17dbc099563d384d5333c443c8336c7b5b09c5e9cda7717e92bbb7da93fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 97a3bed6457d042c94c28ed74ec2d887
SHA1 02ce7a6171fb1261fde13a8c7cbb58992e9d5299
SHA256 ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67
SHA512 6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c82274529552445a4c43e5f615645d85
SHA1 5b58222a43a6f06bfb6d21ba2a7865ad10fb7827
SHA256 e6ae0079b4f263f2b84d33d39b127b645b5cd32b165b1132a703bf56a58c73a8
SHA512 9cd82fb9559928afa777d46a894bfd7341975cbfa355ca665fd50513669c4d5ccf4dbe012ab67b2cf14e3809611b7f1db23dde7d9fbd336a2d2e86999585a7e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 f63e56ec82507fa448d137d06cbc4272
SHA1 5485ee7a2ff9368c7f380a215b93adc15eed542a
SHA256 0038efbc659769d0c93e78070a844b9068e98826c7cdcfb80981ef49a829f9dd
SHA512 6c4108da2c95d8ebf90add765f3ce1fd5a81155cec952744aed283507c1ecf5cb41de5fed6cd5b451241ae6fed5277d1216ce6ad3b9468cfc9cc48c52cc2220d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 79cf44db94eb465700d65a45a527b379
SHA1 a9ea6a3d2b3a3a61bf80caa643b077dc7fc10787
SHA256 78996e6ffff1656b85b4b50393b4a9f1133550694f87e66f9c2b937bc7dd2c4e
SHA512 7a2edf730c401e21b69b86528489adf587f4b830ceba0af2834bc7c69937e754c0a3e18ee9a174910391846a94394fc87bf927fb101fe899275bf072c804a519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 b1c9b4614e5bdd3c01840291a460d30a
SHA1 aa90709d680f481a7ae16aab2bceab65613733a2
SHA256 4b6efc87cc0da37f9a510f963df1dac2ebc392f93996346d9ba8fd1dd4636e77
SHA512 c105d5ffd554542038b03c4afac16a7a04193eb96e23e5416f35f158b6bb121eb10c4bcd3d53ae8f07df25f403b93be9de41311adf6f23a06f9054a4a4d63f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7079ad47d945017a7842cce44651d6ab
SHA1 06fda9a4c5fe471952f788f777be0fa7f488161f
SHA256 276e4ca8a15c5f3e22990633c1d7d22a629f61e033dd74a0a8a74309ad2790e3
SHA512 52e20005856654cd4d40cfb7afc5f0d83ff1a3e575c77a33a9338244217cb26ed623bb50649a719dae6d193c2c91d77021fc5522e4b7e0bbef94b5e66df605d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 9708e5224c10eb91f435950128a72070
SHA1 cc66f87dad487f1db80dc78942a7016d26725ae9
SHA256 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d
SHA512 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c20c64d444c6329_0

MD5 7c2bb35a05a0ad6d84e5bac595178776
SHA1 6c3affb0c608b5a55f48138839d6a87abe8c0b6c
SHA256 5d4d2fcfcd74110be8b961d053ce9564620794f1b34750af1df2971a08bd562a
SHA512 a3b8c7a5f5079b4a5a314908eb517b13d742caf53221af560b4bb591dd6e5f5aa63172c6ec59836a3ad477a2ed79cf15286b6608e946687f318761140bb39fac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bff5583eae22165_0

MD5 3759cc7ff3e657da65bb79c37d456df0
SHA1 8988b6e587eef1a318c921c187eddae1471626f0
SHA256 7f5b185e32bf794c45eab71fa895098825a0e9ad4faa063b603d6a8e7c504be1
SHA512 680955322dcab207675ec22809e7a4f6c0ea810f3031e1776683b61b23d0082392192240e4c71dd171f11b5cb20ff695dbaea6fa3c5a337087fbe18b3046de5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74ba8acae62956ca4df948c763c0205b
SHA1 d33c5fa170453d414b2f80a55a97712ee74a3d94
SHA256 70e001070ebeb7cf49ae51eef91ed01000f2a745a6fb1a440d06bf084e5fea90
SHA512 fda3745c24e2613bb037b74017f4983c3f3280f8d0196d476d73f9bb16110997be5794f353ad99c5c5af62a978605cba12ec02d5458d292fc86ce66185b08659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e2507e4be625cec492258883b199091
SHA1 521964bac3bcaa41c69525551761fb743cb27a17
SHA256 f7a6c3fea386722528691749fb7bd1acbd8cf1ab25fb398688fc484be39b819c
SHA512 c552667436814144925a424e7e458e82ae5fa04e2de2a030e3c7698a1cc2d458d65c7b0e4b5282499d0edc92eafc3ad4f9a3925c8557ba554afa707b371e8fa5

C:\Users\Admin\Downloads\Unconfirmed 654801.crdownload

MD5 c4dc6e0553abe19480e18a623fd0ed16
SHA1 5e09cd0c63f0722cd61b9e6a088e838210584f47
SHA256 6f108a32d56aadf46556fecb32ddd550b34366a93d240ce392244e2bacf8b47a
SHA512 ad079eb6e8a68391084481e63909316fb9e7c73fd7834ad932b0fd9788893ff46cd34931bd8c69ac4391be9ff8cf2df02cc86b6a3428eb3a54d8f3a6199b1040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5b00dc43aafa9d19d8bfa7ef50ea8a3
SHA1 44f2e3be1b33564c04b68873555326a24cb2ca43
SHA256 459b3a3cf027afd5a3b47b5addda3ca89082113864d0ffce2cb0455d03ffecc1
SHA512 b364795fb2d8a963fb25709ccc63f060c93d90459b7bc4e55e57d30a51bcc79d788975c0caaf70674fbb00d30f003850b4787acff60109a038a23a4bf0c7de08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ec62cb18bb8cafa84f8e1b3654230b15
SHA1 258254157f214025093b8f67db325b42526d3262
SHA256 e1ad27b99d58cd0e93e4d63f2c92cd7f9ed83e2ad0ddfb422119cc907369eb72
SHA512 a066042044c77de583da32fa56cca83bfcb2fa55e23b44c364d278f18eea5e6da415ac3a01f0add3af7a48da1a28fc2c678d0286e1c0983caf5a2ae58f6fdbb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea5d3984f86bbd143e395ab846a1bb18
SHA1 72dfdebabc0e630a541771d936fbabea5cf45e0b
SHA256 ee78b94f639e3a2a071fbcb48f62922b539e196b6deb6d2ad004c7cb72da33ce
SHA512 26128bdd4d7c669605d904ee69aa95bad8699c9223b24f290325487211b9c045135d1e551d53867e6ba5bb0d60a25b95a8ca6e921f82ae957b61a5e1c545d6aa

C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.ba\logo.png

MD5 0bf1911014ac159acc884ef38dd37d2e
SHA1 e36be8cdf1cd4c1145c0e572cd6f1b747ffdb8e7
SHA256 37fecc5656210a96ef13153d4941c564143a172ef762a81116093cbbd6bf503a
SHA512 5a0bf6fab4b1fdfe7077aa37e533522df0d17d62faf6eee7e81ddd883f9a7290c4cc3b94b2581992aec5ca6ac0a39e4d3c45037cf13a85d302080d2c80bd428a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 087a99468d63e9ae661aab62934b9114
SHA1 cbe6c0d133f4213a0c43dbcff294b743df0e8cd0
SHA256 ae8ac365881ed594acb0b98e1f51e66946309d807bdec5910c975e6aa49c869f
SHA512 1544d5770b64dd57a10c64054b588e6f36cdff73816b972d51cd4b152b63aca52bc23737defcf0df42216bae6ae8de8a78749d4599b4b5a0351dc51192a552b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4386ae3b95f9c916c39f239c2bf366c
SHA1 548cdbea87c4adda3a7aa2f6bd3f77de40102102
SHA256 6b2b9c51baa1403e857dbae738b040018aed3159d4090fd659aa82f6123a1d2b
SHA512 6cb613aaa6984b6fbd47f278c6e56315a4f01de687703de1db9323d77458c7e70ea0c23b3e86e7bd59297faaa683c9511d54b2e46abf996033e147b17fdb3b97

C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe

MD5 29c60670558fe72372fc97433e62e344
SHA1 5913dfdd13df3163158b154db2a3ea1afd745121
SHA256 2ea10014606de5a86740472c7d105fac97baa97ee2dbedc20c9681b8d901dc80
SHA512 9ee4327e53eec434b6b44e60c59b606ae2f8fbfe47c2b3148312fb3c02abc5739dff7031c5a9b79864990c265a2ce83cd32552a80b280eb515fce10b06176c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 a4da976dde535a4f11ff4c9d57a8a56c
SHA1 fc4c29049db6d81135507dc3736cb638340f55aa
SHA256 6b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9
SHA512 e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 c0b6bb8bf06770448a0226486a3fa5c5
SHA1 11324fc181adb507aae8bd8f06018dd0980f4cf2
SHA256 51b8e76e663104d57b8772579bdd2803c2f0d92e9420f576729e0147d383530b
SHA512 4e47255d0cc444f87e367f61a245d83aacb82a911ca0045a25e3aa4ce9bd9c000a4e0d80092b57662cd3c054c3677c0848b5c23afb466ca9b70357ed27b7a097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae28b7c6de21019eaa63e5f5c361d872
SHA1 f89e10d3f5c7aebd1a16c90dd3d8581073fdae1c
SHA256 4d84486d1c4849687889d38ed976b5b4a5fb8281d0c956c7baad29665704f86e
SHA512 97493b53daedad619925c2aaec2f67fde37b90cbe2c29c3d06d66b6bc2be491f784b17f24135c5c90b43bb7a0393f22fbf51e26f0943a862a5f9c78dbd6bde41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2f416a3a5a2ce65a076dcfc03ff255cb
SHA1 9ae40fbb7d168f211d03cddd853bc2fb0b17daaf
SHA256 0a78193dbf37143042900415e7abdb9ca443fac1009dc05fa1716037b24adcb0
SHA512 e2b309a1472ff72f690ffb215197dfe2b51dc3120f6ba4849d50c5171741fe2060493adc9823a29f55f60af7d779b4ecca27171e33bbf001952f4fff9f62a9a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 46932e572f660c5ef8cc0d8533bcd04e
SHA1 b4304f70613b3202589e187d0bbc3ef61de566b4
SHA256 5d98083fb8986e6edf8de09026b18d6d53fd5cd59b02e9fe28c432cb4d9785be
SHA512 a64f9e80b9512f222533e18837f1e2989f4b400eef560c31c119b1c80b3190ca7e10e513aeda01f1ff466aec8452061e3b1082297e24f603824207da9c8252fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4538df11ba23a07865b2a4c98f31bd61
SHA1 eabac4b510f70b35e1ecabcfa04f274a88734698
SHA256 c6c1fc7d43d914f90b32b5d87bfd7a11c36504b175a51aea012691dbab79b8dd
SHA512 397142c2ef3e54d0129713ec123c38b3bae08f2c065dc101d7c3b1af84ac784e68d0b29745c2b1205a2a35ba0ade8771cf24684f74ee393e39826c615c4a06f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2224012e63c5816705929508a590a96
SHA1 3ee4f2a2c6368b357e2246f30c3fd29fd540822d
SHA256 32642cfad58c5f07ecd234d905dfe49a1f2fd2654543e2c8a2c4f93872b9a045
SHA512 ca006b622b83ca7d888c9d3545075b17a433af9520e00943fcb84918a43dc161b42844e1860579ac0acd750ae3d078620079dae6c0e7b2a34776837643dbc392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e97106d66f47a521e9a8f02e5718658
SHA1 8d2f91861972995b1a937ec9c6b41ee47b928a68
SHA256 9e5b27ffd2592c9fcdb08c3110b4bcba8ee09e825a55e805fe3b5f93fc6653de
SHA512 e9ffccb181bf34e6833526a55f0c6824729ed64ded9006774b2789be5442c434fc6a3d049794dd790e8e347ff6cb552de6344dea20e76523f890708e7884f0b0