Analysis Overview
Threat Level: Known bad
The file https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Obfuscated with Agile.Net obfuscator
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
System policy modification
Modifies Internet Explorer settings
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-27 18:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-27 18:03
Reported
2024-09-27 18:08
Platform
win10v2004-20240802-en
Max time kernel
266s
Max time network
265s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Install (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Install (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Install (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Install (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Install (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\control.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Install (1).exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Windows\SysWOW64\control.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." | C:\Windows\explorer.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 584674.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 982142.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 280727.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 604002.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 807806.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 856015.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 385064.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 439214.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7532 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8216 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9164 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x3c0
C:\Users\Admin\Downloads\Install (1).exe
"C:\Users\Admin\Downloads\Install (1).exe"
C:\Users\Admin\Downloads\Install (1).exe
"C:\Users\Admin\Downloads\Install (1).exe"
C:\Users\Admin\Downloads\Install (1).exe
"C:\Users\Admin\Downloads\Install (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F82C.tmp\F82D.tmp\F82E.vbs //Nologo
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\F8CA.tmp\F8CB.vbs //Nologo
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3855055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.130.133:80 | motherboard.vice.com | tcp |
| US | 151.101.130.133:80 | motherboard.vice.com | tcp |
| US | 151.101.130.133:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 192.0.66.177:443 | www.vice.com | tcp |
| US | 8.8.8.8:53 | transcend-cdn.com | udp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| FR | 52.84.174.81:443 | htlbid.com | tcp |
| US | 104.18.40.238:443 | transcend-cdn.com | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| CZ | 65.9.95.62:443 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| FR | 3.164.164.49:443 | cdn.parsely.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | embeds.beehiiv.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 151.101.193.91:443 | s.skimresources.com | tcp |
| US | 104.18.69.40:443 | embeds.beehiiv.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 104.18.69.40:443 | embeds.beehiiv.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | api.parsely.com | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 18.206.27.202:443 | api.parsely.com | tcp |
| IE | 54.155.18.159:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | 62.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.164.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.69.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.skimresources.com | udp |
| US | 8.8.8.8:53 | client.px-cloud.net | udp |
| US | 35.190.59.101:443 | r.skimresources.com | tcp |
| GB | 2.19.117.93:443 | client.px-cloud.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 8.8.8.8:53 | p.skimresources.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| US | 8.8.8.8:53 | scdn.cxense.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| GB | 184.87.178.55:443 | scdn.cxense.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | tcp |
| FR | 18.155.129.5:443 | launchpad-wrapper.privacymanager.io | tcp |
| FR | 18.245.175.21:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 35.201.67.47:443 | t.skimresources.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.27.206.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.18.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.59.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.67.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.91.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.178.87.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | video.primis.tech | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.180.2:443 | pubads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| CZ | 65.9.95.50:443 | video.primis.tech | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | pubads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| FR | 3.164.163.15:443 | launchpad.privacymanager.io | tcp |
| US | 8.8.8.8:53 | tag.bounceexchange.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | api.cxense.com | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| US | 34.120.253.250:443 | tag.bounceexchange.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb.primis.tech | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| DE | 167.235.124.25:443 | api.cxense.com | tcp |
| US | 3.5.25.40:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 89.149.192.241:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.253.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.124.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bounceexchange.com | udp |
| US | 8.8.8.8:53 | pd.cdnwidget.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 34.149.130.207:443 | pd.cdnwidget.com | tcp |
| US | 8.8.8.8:53 | events.bouncex.net | udp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| US | 8.8.8.8:53 | assets.bounceexchange.com | udp |
| US | 8.8.8.8:53 | data.cdnbasket.net | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | ids.cdnwidget.com | udp |
| US | 8.8.8.8:53 | page.cdnbasket.net | udp |
| US | 8.8.8.8:53 | view.cdnbasket.net | udp |
| BE | 18.239.208.23:443 | geo.privacymanager.io | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.98.72.95:443 | assets.bounceexchange.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| FR | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| FR | 18.244.28.96:443 | js.gumgum.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| FR | 52.84.174.60:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.157.201.67:443 | api.cmp.inmobi.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 34.98.72.95:443 | assets.bounceexchange.com | udp |
| DE | 18.157.201.67:443 | api.cmp.inmobi.com | tcp |
| IE | 52.212.222.41:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| FR | 3.165.136.57:443 | aba.gumgum.com | tcp |
| FR | 18.244.28.96:443 | js.gumgum.com | tcp |
| FR | 99.86.91.54:443 | c.gumgum.com | tcp |
| FR | 99.86.91.15:443 | gumgum.com | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 8.8.8.8:53 | 40.25.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.8.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.130.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.72.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.201.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.222.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 52.210.163.17:443 | id.crwdcntrl.net | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| NL | 63.215.202.140:443 | equativ-match.dotomi.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| DE | 57.129.18.113:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 216.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.200.67.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.163.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| IE | 52.212.222.41:443 | g2.gumgum.com | tcp |
| CZ | 65.9.95.50:443 | video.primis.tech | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | idx.liadm.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 54.236.148.108:443 | idx.liadm.com | tcp |
| US | 34.111.8.32:443 | events.bouncex.net | tcp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 18.233.92.203:443 | rp.liadm.com | tcp |
| US | 8.8.8.8:53 | server.cpmstar.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | krk2.kargo.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 131.153.148.3:443 | server.cpmstar.com | tcp |
| US | 131.153.148.3:443 | server.cpmstar.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs-simple.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| IE | 54.154.67.26:443 | hb.minutemedia-prebid.com | tcp |
| IE | 34.246.81.179:443 | ads.servenobid.com | tcp |
| US | 89.187.176.168:443 | ssc.33across.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 63.32.50.184:443 | ads.yieldmo.com | tcp |
| FR | 18.244.28.86:443 | hb.yellowblue.io | tcp |
| DE | 52.57.244.1:443 | krk2.kargo.com | tcp |
| CA | 69.50.175.178:80 | tcp | |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.148.236.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.92.233.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.14.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.81.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.244.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.67.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.50.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.176.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.148.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| FR | 99.86.91.66:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 66.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hashtaglabs-d.openx.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 35.244.159.8:443 | hashtaglabs-d.openx.net | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| GB | 2.23.204.244:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| CZ | 65.9.95.105:443 | public.servenobid.com | tcp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| IE | 52.49.215.42:443 | ap.lijit.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.246.81.179:443 | ads.servenobid.com | tcp |
| IE | 54.78.106.223:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| GB | 2.23.220.28:443 | hbx.media.net | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 35.173.27.194:443 | ssp.disqus.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cdn.dxkulture.com | udp |
| US | 34.199.107.8:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.204.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.4.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.30.197.18.in-addr.arpa | udp |
| US | 172.64.145.29:443 | cdn.dxkulture.com | tcp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| NL | 185.89.210.212:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 34.241.121.80:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| DK | 37.157.2.229:443 | cm.adform.net | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| DK | 37.157.5.84:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| JP | 124.146.153.152:443 | tg.socdm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 54.160.160.188:443 | sync.srv.stackadapt.com | tcp |
| IE | 34.250.188.101:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 52.5.188.254:443 | sync.ipredictive.com | tcp |
| US | 64.202.112.31:443 | b1sync.zemanta.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | u.ipw.metadsp.co.uk | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | tcp |
| JP | 124.146.153.152:443 | tg.socdm.com | tcp |
| US | 64.202.112.31:443 | b1sync.zemanta.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 8.8.8.8:53 | ads.dxkulture.com | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.106.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.27.173.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.107.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.121.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.188.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.160.160.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.188.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.47.18.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.132.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.153.146.124.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | 31.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.126.55.45.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| IE | 54.155.18.159:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | comcluster.cxense.com | udp |
| DE | 167.235.124.61:443 | comcluster.cxense.com | tcp |
| US | 8.8.8.8:53 | 61.124.235.167.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 35.190.59.101:443 | r.skimresources.com | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 35.190.91.160:443 | p.skimresources.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 35.201.67.47:443 | t.skimresources.com | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 44.219.247.140:443 | api.parsely.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 225.99.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.247.219.44.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| DE | 167.235.124.25:443 | api.cxense.com | tcp |
| US | 34.120.253.250:443 | tag.bounceexchange.com | udp |
| US | 54.231.162.193:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| GB | 142.250.180.2:443 | pubads.g.doubleclick.net | udp |
| US | 34.149.130.207:443 | pd.cdnwidget.com | tcp |
| US | 34.111.8.32:443 | events.bouncex.net | tcp |
| GB | 142.250.180.2:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| NL | 89.149.192.241:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| IE | 54.77.143.176:443 | g2.gumgum.com | tcp |
| FR | 3.165.136.69:443 | aba.gumgum.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| FR | 99.86.91.54:443 | c.gumgum.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| FR | 99.86.91.24:443 | gumgum.com | tcp |
| DE | 35.157.41.160:443 | api.cmp.inmobi.com | tcp |
| FR | 18.244.28.109:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.162.231.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.93.153.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.143.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.41.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 185.89.210.212:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| IE | 52.19.187.77:443 | id.crwdcntrl.net | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.187.19.52.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 18.233.92.203:443 | rp.liadm.com | tcp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| DE | 167.235.124.61:443 | comcluster.cxense.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 131.153.148.3:443 | server.cpmstar.com | tcp |
| US | 131.153.148.3:443 | server.cpmstar.com | tcp |
| US | 89.187.176.168:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | krk2.kargo.com | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| IE | 52.16.131.72:443 | hb.minutemedia-prebid.com | tcp |
| DE | 52.29.199.5:443 | krk2.kargo.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs-simple.com | tcp |
| IE | 54.220.176.242:443 | ads.servenobid.com | tcp |
| US | 34.111.8.32:443 | events.bouncex.net | udp |
| IE | 52.208.197.29:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.199.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.131.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.176.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.197.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| US | 8.8.8.8:53 | hashtaglabs-d.openx.net | udp |
| FR | 163.5.194.31:443 | prebid.a-mo.net | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 67.202.105.24:443 | pixel.33across.com | tcp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 34.203.22.14:443 | cs-server-s2s.yellowblue.io | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | 31.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.22.203.34.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 5dc3c2245f0eb7df646e29cd7fc730f3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| GB | 216.58.213.1:443 | 5dc3c2245f0eb7df646e29cd7fc730f3.safeframe.googlesyndication.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 52.222.169.25:443 | connectid.analytics.yahoo.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| IE | 54.220.176.242:443 | ads.servenobid.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dsp-cookie.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| NL | 89.207.16.204:443 | equativ-match.dotomi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 185.235.87.122:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.177:443 | gem.gbc.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| IE | 34.248.75.162:443 | ce.lijit.com | tcp |
| IE | 52.31.163.216:443 | ap.lijit.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| DE | 57.129.18.113:443 | wt.rqtrk.eu | tcp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| US | 64.202.112.31:443 | b1sync.zemanta.com | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.210.82.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.163.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.75.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.195.13.92:443 | ice.360yield.com | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| FR | 18.164.52.4:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 92.13.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.59.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| JP | 124.146.153.163:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 54.204.123.228:443 | sync.srv.stackadapt.com | tcp |
| IE | 34.255.48.142:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 52.54.151.52:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| JP | 124.146.153.163:443 | tg.socdm.com | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 25.234.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.48.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.233.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.123.204.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.151.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.241.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_3224_SYGGIVJHGGIQAUBO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8aa73d4660ab43105ec7f6063c818f64 |
| SHA1 | e01875b89cb550d7c46634b8a1546304c08b0001 |
| SHA256 | 585cddc67c68bff3d9891f67c37aedc84bd770d9a0a76191732e7633418322ce |
| SHA512 | 138698a0126381d8914b3fbfe4d0177d27ca629d344e2ebe88eebce356034b611818a9e5c21f70133683cebfbb900b19e4c1c07204f68d5ffb8d561789d5e7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\30f71a09-319c-4a43-a1be-2ed50cec5f37.tmp
| MD5 | 1b50f60229337a428616012441146911 |
| SHA1 | 9778283552cdc06f7a18de40020c49283b1f550d |
| SHA256 | 1b1b3025873accac2f165c8a216f081f5631875ff3e1693531717d249dec1fc3 |
| SHA512 | 03c263ccd2317ee73dafe3b99ec91914328f2313034ff29e8fe894531db839df333d1a5bbe9671994680d00349088c2cd8ae60618eaada669581eec75087ca05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d20790256586feab2458100f1ce33153 |
| SHA1 | f715ef1a9a55c14bf0a7afae093bfad5714d5d7a |
| SHA256 | 387f9c8894b463e1e52b078e2fd6b3e3192f8639ca5d1a7b036cd2e5f1bc682f |
| SHA512 | d33b2f0827fcbfbfdf6c96a6b259d5605b5a3eb7aa64e2c9f9f360e7f2ab9a34cde1a0a293c9fbb7a2f2dc9289f1caf6badcf18657d5d54535bc628bead4fc44 |
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6067231223b060caf5760b4a3ceb771 |
| SHA1 | 310594535a62265634a0b673de351fa53cf1e3b0 |
| SHA256 | ace58cad5a0d4ca78554f7d1ec071b0437f15c8983e96bc9c1c9fe7ae1afb8e5 |
| SHA512 | 668c5c38f85867058c75f7ba579e0833a6a9bfff48c57ec34ac4ef697a26c5c278e84b3b612cb9ba429d28335f03991384e6ecd68f5a4ae84c69d07906e8866c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e9485476b2f993fbf11673ab13626ec |
| SHA1 | d7a45c3ac9ad143f8cb4d96c8e09a0f207f3d217 |
| SHA256 | db6e91e65c4ad92414f1e03ee4d026fcb6438147f174960272ab77abdb1fb923 |
| SHA512 | d7bbaa327ba7680bb1897589d97cc609042250b2c98c5f1622bbc428478f6355216fb7629375a839eb855e98a729ddf2937866efbdea0e2cc43dedd881b22308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dacf.TMP
| MD5 | 81250c745c1f95c01ccf25015d6a2788 |
| SHA1 | 9cfab360e4014faedfa8ea91b57401983a6963d1 |
| SHA256 | e5fee3efb6b4d1190fd18d721297f9a31af177166c7c5e9f3e8745c5762e743f |
| SHA512 | 5e61602aa1057ab61e5374d3e438ad428c4b24c6cf9d1464c2d5b5f0deb981a513aa53621dbfb0edfb25338f11adcdb6d6ef3997f4df904b00b8b14968f58756 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0203fbd4794837370f6dc5ada73ddc2f |
| SHA1 | aef0634f3775254edf414b33f0191851b65cebc7 |
| SHA256 | c1c0cae536da6f040bab3a405f6ad834ef09696865205bc5a638c3913fd525c7 |
| SHA512 | f1d2ce60b9fd2566c70ebd1446c840dc0129319ec2d59e16ea0bd30e87db2e4f0225da3f0d1266d95c2b008acd1ec463379d3d29a8c0c3eaf671a88cb04a6345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ea9b4753f7396fea26442e059667a73 |
| SHA1 | 013d1be078e5d1cbd94d36803122fb7220846ef7 |
| SHA256 | 6a6cc14418dc7c480f98484e53dbf99ddf6542120a113629423a97147519a414 |
| SHA512 | 1e7e23e10c6ea0f23fa7ef6a4d8964940db63493f53ed2ffafd87bbfae3be1364c7d90ce2b2bd086b1c847907c3e2c9da53be32d9e52149479198cf1bcd95598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 552c94911b4d9413d92d5095a0c64b11 |
| SHA1 | e9fe0f0eebf35d168d2d889b5367fa7a12f299c2 |
| SHA256 | b687ba320a6689a39d8a01f8c10dc8e5d9f25465dbea04c2851d4d38e040fa5f |
| SHA512 | 1cd929ccb9992a26cc3b5c9210138d3f30a46f5388aa6a123dbde986956a74ddfb2d529b860fc3c924b6435197c175bd004bbe309834340c3ddf90484c7d8a5b |
C:\Users\Admin\Downloads\Unconfirmed 385064.crdownload
| MD5 | 63d70dd07743db9a91723d39b5132d36 |
| SHA1 | 901c389a60961e339873d512a25dcadb93b225a9 |
| SHA256 | 9f0a872cb208a96cf953161ef22d310b611ae92a2db554a33de2e604906ee1b9 |
| SHA512 | b88b0b7066255d517b2c51c23a219851e3eaa0e75284f4f4062b6a8ca8bced6c85e9d37bc9f5197fa7e286837faa4ea393928d2572724ddec1962779259611ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | f942900ff0a10f251d338c612c456948 |
| SHA1 | 4a283d3c8f3dc491e43c430d97c3489ee7a3d320 |
| SHA256 | 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6 |
| SHA512 | 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 262625b713a3e6b902d4a1cea1e37b88 |
| SHA1 | 13056db58e7bd61eaf97aab0728a04e32a7ef095 |
| SHA256 | 76343773db6fdef302c84af2589de6d4445c90e6b2d95be37692423f898d4dee |
| SHA512 | d7db28c0249ad2c904b35b0af519f9db60412bb8353bca06a0a70dc92330e97fd2a8e81f260fdffe1eee881225d04b994c9dd0136ab7f4efc7af1fb91ab08418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 109084e058c7b1dad9922a7a2917acd6 |
| SHA1 | cc306e6021e0d52319ca2ca631c060a3d6b28beb |
| SHA256 | c247fe0662c9430d2f58827f01c2bdc5789f1024d587c6d95d25a43bd2d50215 |
| SHA512 | 84839804fc6d6e22edfad2eb7fa39d3c4d81a2780bf372cbcb1ae13db73213a91671cf27573c3a5f4b67a0406beeadfd0be2f8bbbd3b8506efd21f1ecf8fa3bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d632c4cd2d4013e38e500a7f6e7bb4ef |
| SHA1 | 208fd60fdab4afec6b1716e77c302be1ab1ee569 |
| SHA256 | 299358fa3eeb2c3027db3b7e5d0eace19a545d9f0352c5ac22d71f08a57a2647 |
| SHA512 | 3187e900e21c1cf11e8b98544c0a69cd11bcf849bc0baa36b0ec82ca9bfa0a40a3bc786d9c0715399a479731a9f2e2842d01534389c8f62dd66f4740eff7823d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5fe855beb713e5eadac0a4a4e5608f8 |
| SHA1 | ff3be6a7ce37e358cbee4299d36a8ecb1adcafda |
| SHA256 | d4205d4120d6092e56e56377379acc5637a2201c6d18c0d8683f5cb5c56f0a04 |
| SHA512 | 56220429ddd7fcc7d038c881b5123888558f9133c175973206066304c282f6b52c0d393882946767ab5004f6d4def39e40f95b60779cf9593fe60840cc46a707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84964bee0e5f048010a7dcad107c4d24 |
| SHA1 | de5a8c9e9706c73702501c25276871424660e479 |
| SHA256 | d7fd1892a0e43d255c55f7cd69f8fe23d2c8987f8a0065114831869a22311a8b |
| SHA512 | d716e3e1cbf03296536448f1eea6b88947c5167d4105dfaf6c5e8eae62dba579c48e01e63235a49816e069ae8a8d935fd07706b27eda3e02f8535a923b024a4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96b44c2c679d4633a7fff75fd7ec5642 |
| SHA1 | 24b362cac7d39170ecf066a3efd3723d3b390cc7 |
| SHA256 | d49100edb9d1ea6905dee2f9833319b521ccbffb8ca0734248cc943c1cd315f6 |
| SHA512 | f3ed623ea22bfc7e110a0f7403bb4de43b8d23e7ef9c2cb5118276f8e16ae33a033d249babd623e864665b647d113ffd27524ac8a13a8cef81c9cf3d74dd8daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54bf032340a8613fa6a8f16583ef0401 |
| SHA1 | 2a5ce81f9434853687425bc9ab88f67d667a4eab |
| SHA256 | ae067e3b003cd0fbc4dc94fd15b54acb21495896144d3a839ab225b9e9226e5f |
| SHA512 | 6ccf91a0c4fe54176355de8ac915aace7939e536dc0fb2e562c7b53acd58a3d7d517d8ebf32c877ac3feb27ee2ed8a5bd961db3103a0f7f5d30faa2695e4db91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 053e0ced17d18e9fb1ec6b48edd7aa96 |
| SHA1 | c902fb34a7680a256b8b213ff15a3b4fd36f7df6 |
| SHA256 | 95ad29c5892d55007dd67dc973e40d596f771f63ec223e6e48b4f8cd77037053 |
| SHA512 | b0be076639035d933587a2cebfdfaf5002322005ab9ac330bd67ddedf8438fd7df8588ef6894733a92eb65d7fecd851e0bd8a1ee65c7c0c137f56ad437af8904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a6c8dd579ba266fbe42b7591d3ebe7a0 |
| SHA1 | a70675634fc6d82e9083f18deb08961f31bdd6b6 |
| SHA256 | 97ac620aa40ad29576ad50351709afbb2fed4e49ce7e29922efacf41b9b25e69 |
| SHA512 | 6d7bb62cfc99d5c26bbd5164dd234f7111cb8f8c84937277686c2d14c0c901729f18aa0c8050451e50751cf7e0b4ca1a5e701ccd1130dc49a4da1daf243b8df2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd99068959679f008710f68b0ed38beb |
| SHA1 | e86058906cfec5aa9c5751c0d4f113866a30d4a8 |
| SHA256 | 0f1dd2905c485c6ce8db8ab3d29f8ff479d209b9aa7d7737910dfba7017378b2 |
| SHA512 | 410cfc599aba63bcf68b169e47e77302d6319ed364fdea73fa6c86564a20cb4c5beedba6fbfa3b3bf3fff991eb4dfdf68d97e30b09d77e61bad43aeec0f8be28 |
C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload
| MD5 | 2949c1a5ed0da748d949ac59dbc15059 |
| SHA1 | 9fa86b84cba147b2806f4e11dd76f38dc358c202 |
| SHA256 | 2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a |
| SHA512 | 65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66 |
C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2892eee3e20e19a9ba77be6913508a54 |
| SHA1 | 7c4ef82faa28393c739c517d706ac6919a8ffc49 |
| SHA256 | 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2 |
| SHA512 | b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f48f57459c47a1e28ec6989d2d83c94d |
| SHA1 | 37a58811d57b0015548392f1012e1beb06c2cc53 |
| SHA256 | ed4373b5673713cef9d0b165ef9616b94ed15092602ed825eaa1c0c1442fea06 |
| SHA512 | dbd8ae3c2dcd8227cf07b2d0d541ad2728238b503e129505d4c089e29c4e17c7ef02b83065a493c069a50a9c97ef10f95fd995b6b57a94e63bc1ade2308ab4f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a50cb3fc8e45d38b23de23d758cb2972 |
| SHA1 | 2b94f793ed42de48f7847ab8215e4411229f8f62 |
| SHA256 | 0783176fc5400ac4a977d54a310e488638214db948917a61f3ab7465196207f1 |
| SHA512 | f4cb7bd42f629c934298ba98a0de4e9ed6e62df85b4441576cecfe38eae0a1fba45c796f8d7ae9521aa9c4a2851dfbd047e0998bdd628fb7ce5ca4c6a8417375 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7637b7784fdb4cdb63a9b6785b57ce7 |
| SHA1 | 1b44a988fc02ff118d1b75b4f3107b29f5879f22 |
| SHA256 | 36ff75e601956055391c1de2707ccabcee08519fdca704054b3693e31834fbb4 |
| SHA512 | 63bdc1580e263ee0b53d1d66bfa95bbe87dd27edc642f361855a2869618554472445094d228c8e81e1d8d1c2c8f565c7d8a60032ba74444b7885dcecac49216c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9030e81b2bd37bc83406e90201de78c |
| SHA1 | 8fce39caffadf71fbfd530007f5ad4002f0b6a4f |
| SHA256 | 8f9ee57a8af433d8ebfa280ff3e75f854ec29937f67c6b3f07736cbcbc1f5ff1 |
| SHA512 | 2ca438b68488d43905be7cfdba1e4190ff5755c4811ff34eb2488f86a371e8bfab877cf0c5a18c38c8501a5b415243386e85cf8e5e8914838a875ca5e9e005a4 |
memory/6132-1103-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 293355dcac2b063be0abcb4454e519dc |
| SHA1 | 1fc7326f1f60b0f5d6575e68d4e138f02751d4e8 |
| SHA256 | 452770440c4cc8c205580c38899a04b7b5c757a15ef0ee33427652d3a1315b20 |
| SHA512 | a148a7bb99653104f0e057f41be523e9991b578d0c3be27035fa274665a28633c0813cd100e33a1d2ff609665bbba434eef69cc540541924b8a3f68daf239599 |
memory/5308-1179-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a7ee53a3718235cdb9c7560eeb204cb |
| SHA1 | f83d71edf8807fad874155a46f84530879a89dcb |
| SHA256 | b70026fa35f0c7cb7aba2732e1accee7b8e5d3d96c5efb3adb915102862d292b |
| SHA512 | e7d2c0d8ffcf71b1a0e55031f6b11910d79b83d2c3990a912970d2b7eaec9d1c171772094347e72358117cf4159632b733f7f7fdf5e76f1d62ad6a2b995f76e5 |
C:\Users\Admin\Downloads\Unconfirmed 807806.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 33b9bf97b044af1a44fbf90810bb7271 |
| SHA1 | 223d9d769271f8f0861f6f87fc901879e7b5e1a2 |
| SHA256 | 19b18d6b5fc840557b340eb229096d1edee27238e2a188aa4fdefdc5536ce944 |
| SHA512 | ef99e627d0c17af7c35cd4de3cd27a2e2a37a6bdc382f8a9c2184c02397d91e5ce6b4d5b60f7c80f075badba8befe73c5ed71c4e0e7f25d5488787e0bea82082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c63ec9d47b7a07eda1f629d6294d6a43 |
| SHA1 | 1de8a48cd9412e9d1f9e6eb598856930bd489984 |
| SHA256 | 2491165425b036909472d7555fd998181268e4e3b2356bc84e2a94ed00d42006 |
| SHA512 | 7a34e3bdcbe0feda5df888bb8c6b23ee46531213f31fb0a5e2029880bbc00afdc219d016048adaf8c4e70cded5948df9a493f299f60f31fcce26235386203845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4489c05fb26b49f8f68717645d7e246a |
| SHA1 | 95473646b425413fe4c6fcf7288f71b9f50ab65a |
| SHA256 | 51adcc60dcfa41b4c946791ef55c4dd48cc9610a083d0918b2250f3d7c6ec72b |
| SHA512 | 9578d48f621aca7209faaedc3fe9a30104451d1fb1aede07ffec65a45384ce1af8e07b27ba00ae88c4fd498e24edf2d52aed046181af556a4fbaee45433eb349 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 698758bb4dad4a37f4af1c7d6608623c |
| SHA1 | d457a5fb5875aab41e98d3ace761306ffb09a7df |
| SHA256 | 3e014ed3689cbad19fda92a9b7c6f7637f4a5a56464738230530aea89835b707 |
| SHA512 | 6bc652e0ff2db97c22f3c83472f87e0787b3ff22b52a11ec0208d9ab7fafe2876f5850890989f6d880e8814727d77903bd642c5090757038621b7ea17cc31eff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | f9011d1c9cb587502ac597b11a92297d |
| SHA1 | 45b4f005956f2264c65530a5fd0d7fab02bc0998 |
| SHA256 | d4beec683ef1d85a61016733dae270d3f27266de01268b9ec9de07e655964f53 |
| SHA512 | 62357a1b440246e89fa3c092a67cce3cb3d3a80691c177668d34e95b4e9945ddead48c03438828c5d00c714f49e6cacfe0010219defa48b67f388586616b1fa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | d96d8feb07377e16605e9fd84ee2429b |
| SHA1 | 5ed0df1ea1176aaf447943d5fae1b23016224c1b |
| SHA256 | 05e4fbbce248f3a6b242d1dd3b23f10cf2d16a87da782be306f40825c85359b6 |
| SHA512 | 40173e024545358d4245ec05ace4e7489e8fb777079d6ba79b85dd23e5646c6f4cb4637eae56df49c326b890da9783d80c5de9d0175ec134d58909e149ee9b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf221f8298b1e008809bb5545b1dda55 |
| SHA1 | c6a80ddf970ef369aaa8c09b0834f8731aa46324 |
| SHA256 | 56cfecac99665718d97406da872dbb3bf75efd900f1b3f20aa6e887b86ea7f49 |
| SHA512 | 47f375e24f0ba7ec997a3c4c9c25f9ad3f60affb396f41d79ad7af65e5b329c2be01f86d8607416275cb863987cb4389a573e7cf0ced23c19147bed48ccbfa1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 41acbdb9f199bad29557182cc932387b |
| SHA1 | dd3e3b10bd201f127b20c0afd5c265829b3eaac5 |
| SHA256 | 89523bde902861729d99a4c33c90942c5d3d5aa46f6c6a6ff8c0283ee5ec1bba |
| SHA512 | 7b9ac70c67c6f7007708cacb61caef8ae1928e72f9f567aa2894b33efe3b3d013fe940f64d07af409a33cab48fdcff3c7dd6e547d6dc9b851f1698001bfc46e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d87eba76e21547589cb267b3efc6728d |
| SHA1 | 2f96bc49b4ef6f0a035a000b52604824706a6327 |
| SHA256 | 7cc783995f5cec05c360223b11d78360f690f00bd69fbd982238f04093017ef2 |
| SHA512 | 70e27065c2e9b3d4b791b04fbf69135c3f74f1166b61bca43e83c527a01fc15f4248dc227c23ea7125b83e7e4894442c0456c22ce9374e6b7a92c8a30082db66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f4447381c4f0f78ff943393b9260966 |
| SHA1 | 34938e450751e7eb3560094246e36681212dddf7 |
| SHA256 | 13dcbaf370310383587a904eb0e9e9d9960c457934e353eb6982dfea099d8b36 |
| SHA512 | 6cb505cb44201c8edbe80545702989a51238b0898b4539766b563aba0f0ba760576789cd9d238ed02ee51097e55f8e1c04f770383d8f56e6d4ac56fbada45810 |
memory/7416-1626-0x0000000000080000-0x00000000000AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/7416-1632-0x00007FFE6CC40000-0x00007FFE6CD8E000-memory.dmp
memory/8028-1639-0x00007FFE6CC40000-0x00007FFE6CD8E000-memory.dmp
memory/7416-1640-0x000000001C5D0000-0x000000001C792000-memory.dmp
memory/7416-1641-0x000000001CCD0000-0x000000001D1F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09cf2fcf3c0a6f0290e9c79e18db597b |
| SHA1 | 33275db31255905068e9a2ff0608bf6af919c029 |
| SHA256 | 992acb6d32067073b32418a516776e58b098f170357977250d2f63672d60ac26 |
| SHA512 | 942c6b95987936ec319569436a2cc84b08d0d841a3d6899e3d6309729dc282a113a3524a0b794b36e1f9f0251a940e775615c153356d3c29041857123d54f2da |
memory/6132-1745-0x0000000000400000-0x000000000040E000-memory.dmp
memory/5240-1746-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f5ec1336259f974a20d5a14b10a5fe3 |
| SHA1 | e162435c6ddff74d12d721c7e34ce46297e554f7 |
| SHA256 | 660b2d65e0993bcc3e7e01361209e9decafcc9c2f1b3f6cf7d7df4b257946409 |
| SHA512 | 9923fd0a9702276f3f7fcddb4255054887ba77ddd7ad7657778801f751fb3d18ce9e0a4883d181459c7911894d7ab47cdf803218cf354c481b0789d00c66ac93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddd0a329fe368e0713423b97b99ba63b |
| SHA1 | 54fd8ecd2e48a40c6f42b02cf5c8f68e8df17b5c |
| SHA256 | a44fd4449e87e1b26eee776ca93526be1e2d4e9a5bf9c45c4143523bdcc43fcf |
| SHA512 | 66d25618633bbc9f7aaf282f1cf4b5a785d5c8c1e864531e47587c931f9b86e267bb5656dae47bc5cbd4df0b79e29c2f68678e09f6bb472e513de055285395e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e1f07fe9be8ee006baab5a42f66f3fa7 |
| SHA1 | 8665aec995c984a4ff7e6c94d024cc270c013e64 |
| SHA256 | da33d6d16e4339a0c9e9fb04c6e2da6ce5934e243b6e2d7b273bfbf237ef47e5 |
| SHA512 | a534f1e3ed6f836a2adf0ae7fd7a6f7d9604337bab08ce9576db6200373d7c0d8e5b691323dc5b201a058833fa0af6ed9fd32789a2a7e33045031fb70db5409f |