Malware Analysis Report

2024-11-30 19:33

Sample ID 240927-wm463swbna
Target https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe
Tags
agilenet bootkit discovery evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe was found to be: Known bad.

Malicious Activity Summary

agilenet bootkit discovery evasion persistence trojan

UAC bypass

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Obfuscated with Agile.Net obfuscator

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

System policy modification

Modifies Internet Explorer settings

NTFS ADS

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-27 18:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 18:03

Reported

2024-09-27 18:08

Platform

win10v2004-20240802-en

Max time kernel

266s

Max time network

265s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Install (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Install (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\control.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Install (1).exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." C:\Windows\explorer.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 584674.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 982142.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 280727.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 604002.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 807806.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 856015.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 385064.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 439214.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A
N/A N/A C:\Users\Admin\Downloads\geometry dash auto speedhack.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3224 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TheDarkMythos/windows-malware/blob/master/MEMZ/geometry%20dash%20auto%20speedhack.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7532 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8216 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9164 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e0 0x3c0

C:\Users\Admin\Downloads\Install (1).exe

"C:\Users\Admin\Downloads\Install (1).exe"

C:\Users\Admin\Downloads\Install (1).exe

"C:\Users\Admin\Downloads\Install (1).exe"

C:\Users\Admin\Downloads\Install (1).exe

"C:\Users\Admin\Downloads\Install (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F82C.tmp\F82D.tmp\F82E.vbs //Nologo

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\F82C.tmp\eulascr.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\F8CA.tmp\F8CB.vbs //Nologo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\F8C9.tmp\eulascr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5604663766307043407,11931904088999049885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:1

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3855055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:80 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 softonic.com udp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.130.133:80 motherboard.vice.com tcp
US 151.101.130.133:80 motherboard.vice.com tcp
US 151.101.130.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 www.vice.com udp
US 192.0.66.177:443 www.vice.com tcp
US 8.8.8.8:53 transcend-cdn.com udp
US 8.8.8.8:53 htlbid.com udp
FR 52.84.174.81:443 htlbid.com tcp
US 104.18.40.238:443 transcend-cdn.com tcp
US 8.8.8.8:53 live.primis.tech udp
CZ 65.9.95.62:443 live.primis.tech tcp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 177.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 238.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 cdn.parsely.com udp
FR 3.164.164.49:443 cdn.parsely.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 s.skimresources.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 embeds.beehiiv.com udp
US 8.8.8.8:53 stats.wp.com udp
US 151.101.193.91:443 s.skimresources.com tcp
US 104.18.69.40:443 embeds.beehiiv.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 104.18.69.40:443 embeds.beehiiv.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 api.parsely.com udp
US 8.8.8.8:53 p1.parsely.com udp
US 18.206.27.202:443 api.parsely.com tcp
IE 54.155.18.159:443 p1.parsely.com tcp
US 8.8.8.8:53 62.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 49.164.164.3.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 40.69.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 r.skimresources.com udp
US 8.8.8.8:53 client.px-cloud.net udp
US 35.190.59.101:443 r.skimresources.com tcp
GB 2.19.117.93:443 client.px-cloud.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 t.skimresources.com udp
US 8.8.8.8:53 p.skimresources.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 35.201.67.47:443 t.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 scdn.cxense.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
GB 184.87.178.55:443 scdn.cxense.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
FR 18.155.129.5:443 launchpad-wrapper.privacymanager.io tcp
FR 18.245.175.21:443 cmp.inmobi.com tcp
US 8.8.8.8:53 connect.facebook.net udp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 35.201.67.47:443 t.skimresources.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.27.206.18.in-addr.arpa udp
US 8.8.8.8:53 159.18.155.54.in-addr.arpa udp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
US 8.8.8.8:53 93.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 55.178.87.184.in-addr.arpa udp
US 8.8.8.8:53 5.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 166.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 21.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 video.primis.tech udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
CZ 65.9.95.50:443 video.primis.tech tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 launchpad.privacymanager.io udp
FR 3.164.163.15:443 launchpad.privacymanager.io tcp
US 8.8.8.8:53 tag.bounceexchange.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 api.cxense.com udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 34.120.253.250:443 tag.bounceexchange.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 rtb.primis.tech udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
DE 167.235.124.25:443 api.cxense.com tcp
US 3.5.25.40:443 ams-pageview-public.s3.amazonaws.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 8.8.8.8:53 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 15.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 250.253.120.34.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.124.235.167.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 241.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 api.bounceexchange.com udp
US 8.8.8.8:53 pd.cdnwidget.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 34.149.130.207:443 pd.cdnwidget.com tcp
US 8.8.8.8:53 events.bouncex.net udp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 assets.bounceexchange.com udp
US 8.8.8.8:53 data.cdnbasket.net udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 ids.cdnwidget.com udp
US 8.8.8.8:53 page.cdnbasket.net udp
US 8.8.8.8:53 view.cdnbasket.net udp
BE 18.239.208.23:443 geo.privacymanager.io tcp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 34.98.72.95:443 assets.bounceexchange.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 js.gumgum.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
FR 18.245.175.156:443 aax.amazon-adsystem.com tcp
FR 18.244.28.96:443 js.gumgum.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
FR 52.84.174.60:443 config.aps.amazon-adsystem.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.157.201.67:443 api.cmp.inmobi.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 34.98.72.95:443 assets.bounceexchange.com udp
DE 18.157.201.67:443 api.cmp.inmobi.com tcp
IE 52.212.222.41:443 g2.gumgum.com tcp
US 8.8.8.8:53 gumgum.com udp
FR 3.165.136.57:443 aba.gumgum.com tcp
FR 18.244.28.96:443 js.gumgum.com tcp
FR 99.86.91.54:443 c.gumgum.com tcp
FR 99.86.91.15:443 gumgum.com tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 40.25.5.3.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 8.8.8.8:53 32.8.111.34.in-addr.arpa udp
US 8.8.8.8:53 207.130.149.34.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 95.72.98.34.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 60.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 67.201.157.18.in-addr.arpa udp
US 8.8.8.8:53 41.222.212.52.in-addr.arpa udp
US 8.8.8.8:53 54.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 57.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 15.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
IE 52.210.163.17:443 id.crwdcntrl.net tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 63.215.202.140:443 equativ-match.dotomi.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 wt.rqtrk.eu udp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 216.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 72.200.67.103.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 17.163.210.52.in-addr.arpa udp
US 8.8.8.8:53 74.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
IE 52.212.222.41:443 g2.gumgum.com tcp
CZ 65.9.95.50:443 video.primis.tech tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 idx.liadm.com udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 54.236.148.108:443 idx.liadm.com tcp
US 34.111.8.32:443 events.bouncex.net tcp
US 8.8.8.8:53 rp.liadm.com udp
US 18.233.92.203:443 rp.liadm.com tcp
US 8.8.8.8:53 server.cpmstar.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 krk2.kargo.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 hb.minutemedia-prebid.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 131.153.148.3:443 server.cpmstar.com tcp
US 131.153.148.3:443 server.cpmstar.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.89.210.244:443 ib.adnxs-simple.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 163.5.194.36:443 prebid.a-mo.net tcp
IE 54.154.67.26:443 hb.minutemedia-prebid.com tcp
IE 34.246.81.179:443 ads.servenobid.com tcp
US 89.187.176.168:443 ssc.33across.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 63.32.50.184:443 ads.yieldmo.com tcp
FR 18.244.28.86:443 hb.yellowblue.io tcp
DE 52.57.244.1:443 krk2.kargo.com tcp
CA 69.50.175.178:80 tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 108.148.236.54.in-addr.arpa udp
US 8.8.8.8:53 203.92.233.18.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 86.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 179.81.246.34.in-addr.arpa udp
US 8.8.8.8:53 1.244.57.52.in-addr.arpa udp
US 8.8.8.8:53 26.67.154.54.in-addr.arpa udp
US 8.8.8.8:53 184.50.32.63.in-addr.arpa udp
US 8.8.8.8:53 168.176.187.89.in-addr.arpa udp
US 8.8.8.8:53 3.148.153.131.in-addr.arpa udp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
FR 99.86.91.66:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 66.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 hashtaglabs-d.openx.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 35.244.159.8:443 hashtaglabs-d.openx.net tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 id5-sync.com udp
GB 2.23.204.244:443 ads.pubmatic.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
GB 2.17.4.21:443 contextual.media.net tcp
US 8.8.8.8:53 public.servenobid.com udp
DE 162.19.138.120:443 id5-sync.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
CZ 65.9.95.105:443 public.servenobid.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
IE 52.49.215.42:443 ap.lijit.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 onetag-sys.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.246.81.179:443 ads.servenobid.com tcp
IE 54.78.106.223:443 ce.lijit.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
GB 2.23.220.28:443 hbx.media.net tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 35.173.27.194:443 ssp.disqus.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 cdn.dxkulture.com udp
US 34.199.107.8:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 244.204.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.4.17.2.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 105.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 42.215.49.52.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 172.64.145.29:443 cdn.dxkulture.com tcp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 185.89.210.212:443 secure.adnxs.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 34.241.121.80:443 ice.360yield.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cm.adform.net udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 us.shb-sync.com udp
DK 37.157.2.229:443 cm.adform.net tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
DK 37.157.5.84:443 c1.adform.net tcp
US 8.8.8.8:53 tg.socdm.com udp
US 8.8.8.8:53 creativecdn.com udp
JP 124.146.153.152:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 54.160.160.188:443 sync.srv.stackadapt.com tcp
IE 34.250.188.101:443 pr-bh.ybp.yahoo.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 52.5.188.254:443 sync.ipredictive.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 u.ipw.metadsp.co.uk udp
US 8.8.8.8:53 rtb.gumgum.com udp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk tcp
JP 124.146.153.152:443 tg.socdm.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 sync.adotmob.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 8.8.8.8:53 ads.dxkulture.com udp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 223.106.78.54.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 116.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 194.27.173.35.in-addr.arpa udp
US 8.8.8.8:53 8.107.199.34.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 80.121.241.34.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 229.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 101.188.250.34.in-addr.arpa udp
US 8.8.8.8:53 1.15.210.52.in-addr.arpa udp
US 8.8.8.8:53 188.160.160.54.in-addr.arpa udp
US 8.8.8.8:53 254.188.5.52.in-addr.arpa udp
US 8.8.8.8:53 7.47.18.8.in-addr.arpa udp
US 8.8.8.8:53 90.132.214.35.in-addr.arpa udp
US 8.8.8.8:53 152.153.146.124.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 31.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
IE 54.155.18.159:443 p1.parsely.com tcp
US 8.8.8.8:53 comcluster.cxense.com udp
DE 167.235.124.61:443 comcluster.cxense.com tcp
US 8.8.8.8:53 61.124.235.167.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 google.co.ck tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 motherboard.vice.com udp
US 8.8.8.8:53 cdn.parsely.com udp
GB 216.58.212.214:443 i.ytimg.com udp
US 35.190.59.101:443 r.skimresources.com udp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 p1.parsely.com udp
US 8.8.8.8:53 t.skimresources.com udp
US 35.190.91.160:443 p.skimresources.com udp
US 192.0.76.3:443 pixel.wp.com tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 35.201.67.47:443 t.skimresources.com udp
IE 52.17.99.225:443 p1.parsely.com tcp
US 44.219.247.140:443 api.parsely.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 225.99.17.52.in-addr.arpa udp
US 8.8.8.8:53 140.247.219.44.in-addr.arpa udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
DE 167.235.124.25:443 api.cxense.com tcp
US 34.120.253.250:443 tag.bounceexchange.com udp
US 54.231.162.193:443 ams-pageview-public.s3.amazonaws.com tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 34.149.130.207:443 pd.cdnwidget.com tcp
US 34.111.8.32:443 events.bouncex.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
IE 54.77.143.176:443 g2.gumgum.com tcp
FR 3.165.136.69:443 aba.gumgum.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
FR 99.86.91.54:443 c.gumgum.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
FR 99.86.91.24:443 gumgum.com tcp
DE 35.157.41.160:443 api.cmp.inmobi.com tcp
FR 18.244.28.109:443 js.gumgum.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.162.231.54.in-addr.arpa udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 69.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 176.143.77.54.in-addr.arpa udp
US 8.8.8.8:53 24.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 160.41.157.35.in-addr.arpa udp
US 8.8.8.8:53 109.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 185.89.210.212:443 secure.adnxs.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
IE 52.19.187.77:443 id.crwdcntrl.net tcp
US 35.244.159.8:443 eu-u.openx.net udp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 49.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 77.187.19.52.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 rp.liadm.com udp
US 18.233.92.203:443 rp.liadm.com tcp
IE 52.17.99.225:443 p1.parsely.com tcp
DE 167.235.124.61:443 comcluster.cxense.com tcp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 35.227.252.103:443 rtb.openx.net udp
US 131.153.148.3:443 server.cpmstar.com tcp
US 131.153.148.3:443 server.cpmstar.com tcp
US 89.187.176.168:443 ssc.33across.com tcp
US 8.8.8.8:53 krk2.kargo.com udp
US 8.8.8.8:53 hb.minutemedia-prebid.com udp
US 34.120.63.153:443 prebid.media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
IE 52.16.131.72:443 hb.minutemedia-prebid.com tcp
DE 52.29.199.5:443 krk2.kargo.com tcp
NL 185.89.210.82:443 ib.adnxs-simple.com tcp
IE 54.220.176.242:443 ads.servenobid.com tcp
US 34.111.8.32:443 events.bouncex.net udp
IE 52.208.197.29:443 ads.yieldmo.com tcp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 5.199.29.52.in-addr.arpa udp
US 8.8.8.8:53 72.131.16.52.in-addr.arpa udp
US 8.8.8.8:53 242.176.220.54.in-addr.arpa udp
US 8.8.8.8:53 29.197.208.52.in-addr.arpa udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 hashtaglabs-d.openx.net udp
FR 163.5.194.31:443 prebid.a-mo.net tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 sync.adkernel.com udp
DE 162.19.138.120:443 id5-sync.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 pixel.33across.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 67.202.105.24:443 pixel.33across.com tcp
NL 89.149.193.116:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 34.203.22.14:443 cs-server-s2s.yellowblue.io tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 31.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 14.22.203.34.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 5dc3c2245f0eb7df646e29cd7fc730f3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 connectid.analytics.yahoo.com udp
GB 216.58.213.1:443 5dc3c2245f0eb7df646e29cd7fc730f3.safeframe.googlesyndication.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 52.222.169.25:443 connectid.analytics.yahoo.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
IE 54.220.176.242:443 ads.servenobid.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
US 8.8.8.8:53 ums.acuityplatform.com udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 89.207.16.204:443 equativ-match.dotomi.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
NL 185.235.87.122:443 ag.gbc.criteo.com tcp
NL 185.235.87.177:443 gem.gbc.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 match.sharethrough.com udp
NL 178.250.1.11:443 dnacdn.net tcp
IE 34.248.75.162:443 ce.lijit.com tcp
IE 52.31.163.216:443 ap.lijit.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 204.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 122.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 177.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 216.163.31.52.in-addr.arpa udp
US 8.8.8.8:53 162.75.248.34.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 54.195.13.92:443 ice.360yield.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
FR 18.164.52.4:443 s.ad.smaato.net tcp
US 8.8.8.8:53 92.13.195.54.in-addr.arpa udp
US 8.8.8.8:53 4.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 79.122.59.154.in-addr.arpa udp
US 8.8.8.8:53 tg.socdm.com udp
JP 124.146.153.163:443 tg.socdm.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.18.47.7:443 match.deepintent.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 54.204.123.228:443 sync.srv.stackadapt.com tcp
IE 34.255.48.142:443 pr-bh.ybp.yahoo.com tcp
US 52.54.151.52:443 sync.ipredictive.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 8.8.8.8:53 ads.creative-serving.com udp
JP 124.146.153.163:443 tg.socdm.com tcp
NL 35.214.241.248:443 ads.creative-serving.com tcp
NL 35.214.241.248:443 ads.creative-serving.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 142.48.255.34.in-addr.arpa udp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
US 8.8.8.8:53 228.123.204.54.in-addr.arpa udp
US 8.8.8.8:53 52.151.54.52.in-addr.arpa udp
US 8.8.8.8:53 163.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 248.241.214.35.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
NL 103.67.200.72:443 sync.adkernel.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_3224_SYGGIVJHGGIQAUBO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8aa73d4660ab43105ec7f6063c818f64
SHA1 e01875b89cb550d7c46634b8a1546304c08b0001
SHA256 585cddc67c68bff3d9891f67c37aedc84bd770d9a0a76191732e7633418322ce
SHA512 138698a0126381d8914b3fbfe4d0177d27ca629d344e2ebe88eebce356034b611818a9e5c21f70133683cebfbb900b19e4c1c07204f68d5ffb8d561789d5e7f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\30f71a09-319c-4a43-a1be-2ed50cec5f37.tmp

MD5 1b50f60229337a428616012441146911
SHA1 9778283552cdc06f7a18de40020c49283b1f550d
SHA256 1b1b3025873accac2f165c8a216f081f5631875ff3e1693531717d249dec1fc3
SHA512 03c263ccd2317ee73dafe3b99ec91914328f2313034ff29e8fe894531db839df333d1a5bbe9671994680d00349088c2cd8ae60618eaada669581eec75087ca05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d20790256586feab2458100f1ce33153
SHA1 f715ef1a9a55c14bf0a7afae093bfad5714d5d7a
SHA256 387f9c8894b463e1e52b078e2fd6b3e3192f8639ca5d1a7b036cd2e5f1bc682f
SHA512 d33b2f0827fcbfbfdf6c96a6b259d5605b5a3eb7aa64e2c9f9f360e7f2ab9a34cde1a0a293c9fbb7a2f2dc9289f1caf6badcf18657d5d54535bc628bead4fc44

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe

MD5 19dbec50735b5f2a72d4199c4e184960
SHA1 6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256 a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512 aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e6067231223b060caf5760b4a3ceb771
SHA1 310594535a62265634a0b673de351fa53cf1e3b0
SHA256 ace58cad5a0d4ca78554f7d1ec071b0437f15c8983e96bc9c1c9fe7ae1afb8e5
SHA512 668c5c38f85867058c75f7ba579e0833a6a9bfff48c57ec34ac4ef697a26c5c278e84b3b612cb9ba429d28335f03991384e6ecd68f5a4ae84c69d07906e8866c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e9485476b2f993fbf11673ab13626ec
SHA1 d7a45c3ac9ad143f8cb4d96c8e09a0f207f3d217
SHA256 db6e91e65c4ad92414f1e03ee4d026fcb6438147f174960272ab77abdb1fb923
SHA512 d7bbaa327ba7680bb1897589d97cc609042250b2c98c5f1622bbc428478f6355216fb7629375a839eb855e98a729ddf2937866efbdea0e2cc43dedd881b22308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dacf.TMP

MD5 81250c745c1f95c01ccf25015d6a2788
SHA1 9cfab360e4014faedfa8ea91b57401983a6963d1
SHA256 e5fee3efb6b4d1190fd18d721297f9a31af177166c7c5e9f3e8745c5762e743f
SHA512 5e61602aa1057ab61e5374d3e438ad428c4b24c6cf9d1464c2d5b5f0deb981a513aa53621dbfb0edfb25338f11adcdb6d6ef3997f4df904b00b8b14968f58756

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0203fbd4794837370f6dc5ada73ddc2f
SHA1 aef0634f3775254edf414b33f0191851b65cebc7
SHA256 c1c0cae536da6f040bab3a405f6ad834ef09696865205bc5a638c3913fd525c7
SHA512 f1d2ce60b9fd2566c70ebd1446c840dc0129319ec2d59e16ea0bd30e87db2e4f0225da3f0d1266d95c2b008acd1ec463379d3d29a8c0c3eaf671a88cb04a6345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ea9b4753f7396fea26442e059667a73
SHA1 013d1be078e5d1cbd94d36803122fb7220846ef7
SHA256 6a6cc14418dc7c480f98484e53dbf99ddf6542120a113629423a97147519a414
SHA512 1e7e23e10c6ea0f23fa7ef6a4d8964940db63493f53ed2ffafd87bbfae3be1364c7d90ce2b2bd086b1c847907c3e2c9da53be32d9e52149479198cf1bcd95598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 552c94911b4d9413d92d5095a0c64b11
SHA1 e9fe0f0eebf35d168d2d889b5367fa7a12f299c2
SHA256 b687ba320a6689a39d8a01f8c10dc8e5d9f25465dbea04c2851d4d38e040fa5f
SHA512 1cd929ccb9992a26cc3b5c9210138d3f30a46f5388aa6a123dbde986956a74ddfb2d529b860fc3c924b6435197c175bd004bbe309834340c3ddf90484c7d8a5b

C:\Users\Admin\Downloads\Unconfirmed 385064.crdownload

MD5 63d70dd07743db9a91723d39b5132d36
SHA1 901c389a60961e339873d512a25dcadb93b225a9
SHA256 9f0a872cb208a96cf953161ef22d310b611ae92a2db554a33de2e604906ee1b9
SHA512 b88b0b7066255d517b2c51c23a219851e3eaa0e75284f4f4062b6a8ca8bced6c85e9d37bc9f5197fa7e286837faa4ea393928d2572724ddec1962779259611ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 f942900ff0a10f251d338c612c456948
SHA1 4a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA256 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA512 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 262625b713a3e6b902d4a1cea1e37b88
SHA1 13056db58e7bd61eaf97aab0728a04e32a7ef095
SHA256 76343773db6fdef302c84af2589de6d4445c90e6b2d95be37692423f898d4dee
SHA512 d7db28c0249ad2c904b35b0af519f9db60412bb8353bca06a0a70dc92330e97fd2a8e81f260fdffe1eee881225d04b994c9dd0136ab7f4efc7af1fb91ab08418

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 109084e058c7b1dad9922a7a2917acd6
SHA1 cc306e6021e0d52319ca2ca631c060a3d6b28beb
SHA256 c247fe0662c9430d2f58827f01c2bdc5789f1024d587c6d95d25a43bd2d50215
SHA512 84839804fc6d6e22edfad2eb7fa39d3c4d81a2780bf372cbcb1ae13db73213a91671cf27573c3a5f4b67a0406beeadfd0be2f8bbbd3b8506efd21f1ecf8fa3bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d632c4cd2d4013e38e500a7f6e7bb4ef
SHA1 208fd60fdab4afec6b1716e77c302be1ab1ee569
SHA256 299358fa3eeb2c3027db3b7e5d0eace19a545d9f0352c5ac22d71f08a57a2647
SHA512 3187e900e21c1cf11e8b98544c0a69cd11bcf849bc0baa36b0ec82ca9bfa0a40a3bc786d9c0715399a479731a9f2e2842d01534389c8f62dd66f4740eff7823d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5fe855beb713e5eadac0a4a4e5608f8
SHA1 ff3be6a7ce37e358cbee4299d36a8ecb1adcafda
SHA256 d4205d4120d6092e56e56377379acc5637a2201c6d18c0d8683f5cb5c56f0a04
SHA512 56220429ddd7fcc7d038c881b5123888558f9133c175973206066304c282f6b52c0d393882946767ab5004f6d4def39e40f95b60779cf9593fe60840cc46a707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84964bee0e5f048010a7dcad107c4d24
SHA1 de5a8c9e9706c73702501c25276871424660e479
SHA256 d7fd1892a0e43d255c55f7cd69f8fe23d2c8987f8a0065114831869a22311a8b
SHA512 d716e3e1cbf03296536448f1eea6b88947c5167d4105dfaf6c5e8eae62dba579c48e01e63235a49816e069ae8a8d935fd07706b27eda3e02f8535a923b024a4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96b44c2c679d4633a7fff75fd7ec5642
SHA1 24b362cac7d39170ecf066a3efd3723d3b390cc7
SHA256 d49100edb9d1ea6905dee2f9833319b521ccbffb8ca0734248cc943c1cd315f6
SHA512 f3ed623ea22bfc7e110a0f7403bb4de43b8d23e7ef9c2cb5118276f8e16ae33a033d249babd623e864665b647d113ffd27524ac8a13a8cef81c9cf3d74dd8daa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54bf032340a8613fa6a8f16583ef0401
SHA1 2a5ce81f9434853687425bc9ab88f67d667a4eab
SHA256 ae067e3b003cd0fbc4dc94fd15b54acb21495896144d3a839ab225b9e9226e5f
SHA512 6ccf91a0c4fe54176355de8ac915aace7939e536dc0fb2e562c7b53acd58a3d7d517d8ebf32c877ac3feb27ee2ed8a5bd961db3103a0f7f5d30faa2695e4db91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 053e0ced17d18e9fb1ec6b48edd7aa96
SHA1 c902fb34a7680a256b8b213ff15a3b4fd36f7df6
SHA256 95ad29c5892d55007dd67dc973e40d596f771f63ec223e6e48b4f8cd77037053
SHA512 b0be076639035d933587a2cebfdfaf5002322005ab9ac330bd67ddedf8438fd7df8588ef6894733a92eb65d7fecd851e0bd8a1ee65c7c0c137f56ad437af8904

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6c8dd579ba266fbe42b7591d3ebe7a0
SHA1 a70675634fc6d82e9083f18deb08961f31bdd6b6
SHA256 97ac620aa40ad29576ad50351709afbb2fed4e49ce7e29922efacf41b9b25e69
SHA512 6d7bb62cfc99d5c26bbd5164dd234f7111cb8f8c84937277686c2d14c0c901729f18aa0c8050451e50751cf7e0b4ca1a5e701ccd1130dc49a4da1daf243b8df2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd99068959679f008710f68b0ed38beb
SHA1 e86058906cfec5aa9c5751c0d4f113866a30d4a8
SHA256 0f1dd2905c485c6ce8db8ab3d29f8ff479d209b9aa7d7737910dfba7017378b2
SHA512 410cfc599aba63bcf68b169e47e77302d6319ed364fdea73fa6c86564a20cb4c5beedba6fbfa3b3bf3fff991eb4dfdf68d97e30b09d77e61bad43aeec0f8be28

C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload

MD5 2949c1a5ed0da748d949ac59dbc15059
SHA1 9fa86b84cba147b2806f4e11dd76f38dc358c202
SHA256 2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a
SHA512 65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66

C:\Users\Admin\Downloads\Unconfirmed 124887.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f48f57459c47a1e28ec6989d2d83c94d
SHA1 37a58811d57b0015548392f1012e1beb06c2cc53
SHA256 ed4373b5673713cef9d0b165ef9616b94ed15092602ed825eaa1c0c1442fea06
SHA512 dbd8ae3c2dcd8227cf07b2d0d541ad2728238b503e129505d4c089e29c4e17c7ef02b83065a493c069a50a9c97ef10f95fd995b6b57a94e63bc1ade2308ab4f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a50cb3fc8e45d38b23de23d758cb2972
SHA1 2b94f793ed42de48f7847ab8215e4411229f8f62
SHA256 0783176fc5400ac4a977d54a310e488638214db948917a61f3ab7465196207f1
SHA512 f4cb7bd42f629c934298ba98a0de4e9ed6e62df85b4441576cecfe38eae0a1fba45c796f8d7ae9521aa9c4a2851dfbd047e0998bdd628fb7ce5ca4c6a8417375

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7637b7784fdb4cdb63a9b6785b57ce7
SHA1 1b44a988fc02ff118d1b75b4f3107b29f5879f22
SHA256 36ff75e601956055391c1de2707ccabcee08519fdca704054b3693e31834fbb4
SHA512 63bdc1580e263ee0b53d1d66bfa95bbe87dd27edc642f361855a2869618554472445094d228c8e81e1d8d1c2c8f565c7d8a60032ba74444b7885dcecac49216c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9030e81b2bd37bc83406e90201de78c
SHA1 8fce39caffadf71fbfd530007f5ad4002f0b6a4f
SHA256 8f9ee57a8af433d8ebfa280ff3e75f854ec29937f67c6b3f07736cbcbc1f5ff1
SHA512 2ca438b68488d43905be7cfdba1e4190ff5755c4811ff34eb2488f86a371e8bfab877cf0c5a18c38c8501a5b415243386e85cf8e5e8914838a875ca5e9e005a4

memory/6132-1103-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 293355dcac2b063be0abcb4454e519dc
SHA1 1fc7326f1f60b0f5d6575e68d4e138f02751d4e8
SHA256 452770440c4cc8c205580c38899a04b7b5c757a15ef0ee33427652d3a1315b20
SHA512 a148a7bb99653104f0e057f41be523e9991b578d0c3be27035fa274665a28633c0813cd100e33a1d2ff609665bbba434eef69cc540541924b8a3f68daf239599

memory/5308-1179-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a7ee53a3718235cdb9c7560eeb204cb
SHA1 f83d71edf8807fad874155a46f84530879a89dcb
SHA256 b70026fa35f0c7cb7aba2732e1accee7b8e5d3d96c5efb3adb915102862d292b
SHA512 e7d2c0d8ffcf71b1a0e55031f6b11910d79b83d2c3990a912970d2b7eaec9d1c171772094347e72358117cf4159632b733f7f7fdf5e76f1d62ad6a2b995f76e5

C:\Users\Admin\Downloads\Unconfirmed 807806.crdownload

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 33b9bf97b044af1a44fbf90810bb7271
SHA1 223d9d769271f8f0861f6f87fc901879e7b5e1a2
SHA256 19b18d6b5fc840557b340eb229096d1edee27238e2a188aa4fdefdc5536ce944
SHA512 ef99e627d0c17af7c35cd4de3cd27a2e2a37a6bdc382f8a9c2184c02397d91e5ce6b4d5b60f7c80f075badba8befe73c5ed71c4e0e7f25d5488787e0bea82082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c63ec9d47b7a07eda1f629d6294d6a43
SHA1 1de8a48cd9412e9d1f9e6eb598856930bd489984
SHA256 2491165425b036909472d7555fd998181268e4e3b2356bc84e2a94ed00d42006
SHA512 7a34e3bdcbe0feda5df888bb8c6b23ee46531213f31fb0a5e2029880bbc00afdc219d016048adaf8c4e70cded5948df9a493f299f60f31fcce26235386203845

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4489c05fb26b49f8f68717645d7e246a
SHA1 95473646b425413fe4c6fcf7288f71b9f50ab65a
SHA256 51adcc60dcfa41b4c946791ef55c4dd48cc9610a083d0918b2250f3d7c6ec72b
SHA512 9578d48f621aca7209faaedc3fe9a30104451d1fb1aede07ffec65a45384ce1af8e07b27ba00ae88c4fd498e24edf2d52aed046181af556a4fbaee45433eb349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 698758bb4dad4a37f4af1c7d6608623c
SHA1 d457a5fb5875aab41e98d3ace761306ffb09a7df
SHA256 3e014ed3689cbad19fda92a9b7c6f7637f4a5a56464738230530aea89835b707
SHA512 6bc652e0ff2db97c22f3c83472f87e0787b3ff22b52a11ec0208d9ab7fafe2876f5850890989f6d880e8814727d77903bd642c5090757038621b7ea17cc31eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 f9011d1c9cb587502ac597b11a92297d
SHA1 45b4f005956f2264c65530a5fd0d7fab02bc0998
SHA256 d4beec683ef1d85a61016733dae270d3f27266de01268b9ec9de07e655964f53
SHA512 62357a1b440246e89fa3c092a67cce3cb3d3a80691c177668d34e95b4e9945ddead48c03438828c5d00c714f49e6cacfe0010219defa48b67f388586616b1fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 d96d8feb07377e16605e9fd84ee2429b
SHA1 5ed0df1ea1176aaf447943d5fae1b23016224c1b
SHA256 05e4fbbce248f3a6b242d1dd3b23f10cf2d16a87da782be306f40825c85359b6
SHA512 40173e024545358d4245ec05ace4e7489e8fb777079d6ba79b85dd23e5646c6f4cb4637eae56df49c326b890da9783d80c5de9d0175ec134d58909e149ee9b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cf221f8298b1e008809bb5545b1dda55
SHA1 c6a80ddf970ef369aaa8c09b0834f8731aa46324
SHA256 56cfecac99665718d97406da872dbb3bf75efd900f1b3f20aa6e887b86ea7f49
SHA512 47f375e24f0ba7ec997a3c4c9c25f9ad3f60affb396f41d79ad7af65e5b329c2be01f86d8607416275cb863987cb4389a573e7cf0ced23c19147bed48ccbfa1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41acbdb9f199bad29557182cc932387b
SHA1 dd3e3b10bd201f127b20c0afd5c265829b3eaac5
SHA256 89523bde902861729d99a4c33c90942c5d3d5aa46f6c6a6ff8c0283ee5ec1bba
SHA512 7b9ac70c67c6f7007708cacb61caef8ae1928e72f9f567aa2894b33efe3b3d013fe940f64d07af409a33cab48fdcff3c7dd6e547d6dc9b851f1698001bfc46e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d87eba76e21547589cb267b3efc6728d
SHA1 2f96bc49b4ef6f0a035a000b52604824706a6327
SHA256 7cc783995f5cec05c360223b11d78360f690f00bd69fbd982238f04093017ef2
SHA512 70e27065c2e9b3d4b791b04fbf69135c3f74f1166b61bca43e83c527a01fc15f4248dc227c23ea7125b83e7e4894442c0456c22ce9374e6b7a92c8a30082db66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f4447381c4f0f78ff943393b9260966
SHA1 34938e450751e7eb3560094246e36681212dddf7
SHA256 13dcbaf370310383587a904eb0e9e9d9960c457934e353eb6982dfea099d8b36
SHA512 6cb505cb44201c8edbe80545702989a51238b0898b4539766b563aba0f0ba760576789cd9d238ed02ee51097e55f8e1c04f770383d8f56e6d4ac56fbada45810

memory/7416-1626-0x0000000000080000-0x00000000000AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/7416-1632-0x00007FFE6CC40000-0x00007FFE6CD8E000-memory.dmp

memory/8028-1639-0x00007FFE6CC40000-0x00007FFE6CD8E000-memory.dmp

memory/7416-1640-0x000000001C5D0000-0x000000001C792000-memory.dmp

memory/7416-1641-0x000000001CCD0000-0x000000001D1F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09cf2fcf3c0a6f0290e9c79e18db597b
SHA1 33275db31255905068e9a2ff0608bf6af919c029
SHA256 992acb6d32067073b32418a516776e58b098f170357977250d2f63672d60ac26
SHA512 942c6b95987936ec319569436a2cc84b08d0d841a3d6899e3d6309729dc282a113a3524a0b794b36e1f9f0251a940e775615c153356d3c29041857123d54f2da

memory/6132-1745-0x0000000000400000-0x000000000040E000-memory.dmp

memory/5240-1746-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f5ec1336259f974a20d5a14b10a5fe3
SHA1 e162435c6ddff74d12d721c7e34ce46297e554f7
SHA256 660b2d65e0993bcc3e7e01361209e9decafcc9c2f1b3f6cf7d7df4b257946409
SHA512 9923fd0a9702276f3f7fcddb4255054887ba77ddd7ad7657778801f751fb3d18ce9e0a4883d181459c7911894d7ab47cdf803218cf354c481b0789d00c66ac93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddd0a329fe368e0713423b97b99ba63b
SHA1 54fd8ecd2e48a40c6f42b02cf5c8f68e8df17b5c
SHA256 a44fd4449e87e1b26eee776ca93526be1e2d4e9a5bf9c45c4143523bdcc43fcf
SHA512 66d25618633bbc9f7aaf282f1cf4b5a785d5c8c1e864531e47587c931f9b86e267bb5656dae47bc5cbd4df0b79e29c2f68678e09f6bb472e513de055285395e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e1f07fe9be8ee006baab5a42f66f3fa7
SHA1 8665aec995c984a4ff7e6c94d024cc270c013e64
SHA256 da33d6d16e4339a0c9e9fb04c6e2da6ce5934e243b6e2d7b273bfbf237ef47e5
SHA512 a534f1e3ed6f836a2adf0ae7fd7a6f7d9604337bab08ce9576db6200373d7c0d8e5b691323dc5b201a058833fa0af6ed9fd32789a2a7e33045031fb70db5409f