Malware Analysis Report

2024-11-13 18:05

Sample ID 241105-fqg8qavfnh
Target http://github.com
Tags
bootkit discovery evasion exploit motw persistence phishing ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://github.com was found to be: Known bad.

Malicious Activity Summary

bootkit discovery evasion exploit motw persistence phishing ransomware trojan

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Possible privilege escalation attempt

Executes dropped EXE

Modifies file permissions

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Sets desktop wallpaper using registry

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Enumerates system info in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Modifies Control Panel

Suspicious use of SendNotifyMessage

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 05:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 05:04

Reported

2024-11-05 05:11

Platform

win11-20241023-en

Max time kernel

368s

Max time network

412s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\windows\SysWOW64\takeown.exe N/A
N/A N/A C:\windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\windows\SysWOW64\takeown.exe N/A
N/A N/A C:\windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" C:\Windows\system32\reg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav C:\Windows\system32\cmd.exe N/A
File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav C:\Windows\system32\cmd.exe N/A
File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe C:\Windows\system32\cmd.exe N/A
File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe C:\Windows\system32\cmd.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4200 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 2492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 2492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 72 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3880 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6632 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6330.tmp\6331.tmp\6332.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe

"C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6330.tmp\tools.cmd" "

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe

"C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe"

C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe

"C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\windows\SysWOW64\takeown.exe

"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe

C:\windows\SysWOW64\icacls.exe

"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65&copy "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit

C:\Windows\SysWOW64\takeown.exe

takeown /f LogonUI.exe

C:\Windows\SysWOW64\icacls.exe

icacls LogonUI.exe /granted "Admin":F

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "tobi0a0c.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
N/A 224.0.0.251:5353 udp
GB 20.26.156.210:443 api.github.com tcp
FR 2.16.165.91:443 th.bing.com tcp
FR 2.16.165.91:443 th.bing.com tcp
US 140.82.114.22:443 collector.github.com tcp
FR 2.16.165.91:443 th.bing.com tcp
FR 2.16.165.91:443 th.bing.com tcp
FR 2.16.165.91:443 th.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 th.bing.com udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
GB 92.123.128.180:443 tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 rv-assets.softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.193.91:443 rv-assets.softonic.com tcp
US 151.101.193.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
IE 3.162.140.120:443 sdk.privacy-center.org tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net tcp
US 13.107.246.65:443 www.clarity.ms tcp
IE 3.162.142.187:443 c.amazon-adsystem.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 187.142.162.3.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 151.101.193.91:443 rv-assets.softonic.com udp
US 151.101.65.91:443 rv-assets.softonic.com udp
US 151.101.65.91:443 rv-assets.softonic.com udp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
IE 3.162.142.187:443 c.amazon-adsystem.com tcp
US 151.101.129.91:443 rv-assets.softonic.com udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 76.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 btloader.com udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 104.22.75.216:443 btloader.com tcp
GB 142.250.178.27:443 storage.googleapis.com tcp
IE 13.224.68.110:443 config.aps.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 172.67.74.232:443 api.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 27.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.253:443 notix.io tcp
US 13.107.21.237:443 c.bing.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 172.67.74.232:443 cdn.btmessage.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
IE 13.224.68.4:443 api.privacy-center.org tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ap.lijit.com udp
GB 216.58.204.65:443 a91110b2a6db8e023637520d653dc430.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
IE 34.243.135.213:443 ad.360yield.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 52.213.194.96:443 ap.lijit.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 176.9.112.162:443 shb.richaudience.com tcp
DE 176.9.112.162:443 shb.richaudience.com tcp
DE 176.9.112.162:443 shb.richaudience.com tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
IE 3.162.148.221:443 aax.amazon-adsystem.com tcp
IE 34.248.111.137:443 id.crwdcntrl.net tcp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
IE 13.224.68.73:443 tags.crwdcntrl.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 172.67.74.173:443 wct.softonic.com tcp
IE 3.162.140.15:80 crt.rootg2.amazontrust.com tcp
IE 3.162.140.15:80 crt.rootg2.amazontrust.com tcp
IE 3.162.140.15:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 213.135.243.34.in-addr.arpa udp
US 8.8.8.8:53 96.194.213.52.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.112.9.176.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 221.148.162.3.in-addr.arpa udp
US 8.8.8.8:53 73.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 137.111.248.34.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 172.217.169.46:443 ampcid.google.com tcp
BE 66.102.1.157:443 stats.g.doubleclick.net tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 172.67.74.173:443 wct.softonic.com tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com udp
BE 66.102.1.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 34.120.63.153:443 prebid.media.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 sync.richaudience.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 184.26.56.245:443 ads.pubmatic.com tcp
GB 184.25.192.27:443 contextual.media.net tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 8.8.8.8:53 28.233.55.162.in-addr.arpa udp
US 3.92.159.128:443 cs-server-s2s.yellowblue.io tcp
GB 2.20.12.106:443 player.aniview.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
FR 91.134.110.133:443 ssbsync.smartadserver.com tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
NL 35.214.214.217:443 csync.loopme.me tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 44.194.6.38:443 api-2-0.spot.im tcp
US 35.175.17.148:443 sync.srv.stackadapt.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 217.214.214.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 172.240.45.96:443 sync.aniview.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
IE 52.16.65.27:443 match.prod.bidr.io tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
GB 142.250.200.2:443 cm.g.doubleclick.net udp
NL 35.214.174.141:443 a.sportradarserving.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 204.62.12.209:443 sync-service.net tcp
IE 52.18.167.44:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 192.132.33.68:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
FR 23.65.202.55:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 148.17.175.35.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 27.65.16.52.in-addr.arpa udp
US 8.8.8.8:53 141.174.214.35.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 44.167.18.52.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 121.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 241.158.82.98.in-addr.arpa udp
GB 184.25.193.73:443 eus.rubiconproject.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 216.58.201.118:443 play-lh.googleusercontent.com tcp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 216.58.201.118:443 play-lh.googleusercontent.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 104.18.31.49:443 stpd.cloud tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
GB 163.181.154.244:443 www.ldplayer.net tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 3.165.232.83:443 b-code.liadm.com tcp
GB 216.58.212.206:443 syndicatedsearch.goog udp
GB 142.250.200.6:443 8876029.fls.doubleclick.net tcp
GB 142.250.200.6:443 8876029.fls.doubleclick.net tcp
US 8.8.8.8:53 260a31d1ae646308bc7f515dc415d747.safeframe.googlesyndication.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
GB 142.250.200.6:443 8876029.fls.doubleclick.net udp
GB 142.250.200.6:443 8876029.fls.doubleclick.net udp
IE 13.224.68.12:443 js.adscale.de tcp
US 8.8.8.8:53 i.liadm.com udp
US 54.243.222.180:443 i.liadm.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 54.243.222.180:443 i.liadm.com tcp
US 8.8.8.8:53 ih.adscale.de udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 180.222.243.54.in-addr.arpa udp
DE 18.184.224.160:443 ih.adscale.de tcp
US 8.8.8.8:53 invite.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
GB 79.133.176.174:443 apien.ldplayer.net tcp
GB 79.133.176.174:443 apien.ldplayer.net tcp
US 8.8.8.8:53 api.ldshop.gg udp
GB 216.58.201.110:443 apis.google.com udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 mid.rkdms.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
GB 79.133.176.191:443 invite.ldplayer.net tcp
NL 46.228.164.13:443 d.turn.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 3.162.140.92:443 live.rezync.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 52.23.141.18:443 mid.rkdms.com tcp
IE 54.229.135.186:443 dpm.demdex.net tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 52.23.141.18:443 mid.rkdms.com tcp
IE 13.224.68.52:443 tagan.adlightning.com tcp
SG 8.222.176.52:443 api.ldshop.gg tcp
GB 79.133.176.185:443 www.easyfun.gg tcp
GB 79.133.176.185:443 www.easyfun.gg tcp
SG 8.222.176.52:443 api.ldshop.gg tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
US 8.8.8.8:53 92.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 186.135.229.54.in-addr.arpa udp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 18.141.23.52.in-addr.arpa udp
US 8.8.8.8:53 52.68.224.13.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
GB 142.250.180.1:443 cdn.ampproject.org udp
GB 163.181.154.244:443 api.easyfun.gg tcp
RU 87.250.250.58:443 static.playhop.com tcp
RU 87.250.250.58:443 static.playhop.com tcp
RU 87.250.250.58:443 static.playhop.com tcp
RU 87.250.250.58:443 static.playhop.com tcp
RU 87.250.250.58:443 static.playhop.com tcp
RU 87.250.250.58:443 static.playhop.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
DE 23.197.10.19:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 223.121.13.30:443 laz-g-cdn.alicdn.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
BE 108.177.15.84:443 accounts.google.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 30.13.121.223.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
BE 108.177.15.84:443 accounts.google.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 172.67.23.234:443 a.ad.gt tcp
US 8.8.8.8:53 prs.sftcdn.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 arms-retcode-sg.aliyuncs.com udp
GB 79.133.176.185:443 www.easyfun.gg tcp
SG 8.222.203.130:443 arms-retcode-sg.aliyuncs.com tcp
IE 18.66.171.59:443 shop.ldrescdn.com tcp
IE 18.66.171.59:443 shop.ldrescdn.com tcp
SG 8.222.203.130:443 arms-retcode-sg.aliyuncs.com tcp
SG 8.222.203.130:443 arms-retcode-sg.aliyuncs.com tcp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
SG 8.222.203.130:443 arms-retcode-sg.aliyuncs.com tcp
DE 23.88.8.125:443 push-sdk.com tcp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.56:443 uidsync.net tcp
DE 178.63.248.56:443 uidsync.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.214.217:443 csync.loopme.me tcp
US 35.175.17.148:443 sync.srv.stackadapt.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 35.244.174.68:443 id.rlcdn.com udp
GB 163.181.154.242:443 ws.easyfun.gg tcp
GB 163.181.154.242:443 ws.easyfun.gg udp
GB 163.181.154.237:443 ws.easyfun.gg tcp
US 8.8.8.8:53 242.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 237.154.181.163.in-addr.arpa udp
GB 79.133.176.192:443 wss-singapore.easyfun.gg tcp
NL 185.89.211.116:443 secure.adnxs.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
DE 8.209.118.114:45003 rtc-singapore-01.easyfun.gg udp
DE 8.209.118.114:45003 rtc-singapore-01.easyfun.gg tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 89.149.193.121:443 rtb-csync.smartadserver.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 35.227.252.103:443 rtb.openx.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
DK 37.157.3.20:443 adx.adform.net tcp
FR 163.5.194.33:443 prebid.a-mo.net tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 104.26.9.169:443 script.4dex.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 104.26.9.169:443 script.4dex.io tcp
DE 18.156.199.224:443 btlr.sharethrough.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.26.9.169:443 script.4dex.io tcp
DE 3.125.202.21:443 1x1.a-mo.net tcp
US 8.8.8.8:53 224.199.156.18.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 21.202.125.3.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.244.159.8:443 u.openx.net udp
US 35.244.159.8:443 u.openx.net udp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 18.156.199.224:443 btlr.sharethrough.com tcp
IE 52.19.76.108:443 ad.360yield.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
DE 18.156.199.224:443 btlr.sharethrough.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 92.123.128.180:443 tcp
GB 2.18.27.76:443 www.bing.com tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
US 13.107.246.65:443 fp-afd.azurefd.net tcp
US 13.107.138.254:443 spo-ring.msedge.net tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 176.9.112.162:443 shb.richaudience.com tcp
US 13.107.246.65:443 fp-afd.azurefd.net tcp
US 13.107.246.65:443 fp-afd.azurefd.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7bed1eca5620a49f52232fd55246d09a
SHA1 e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA256 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512 afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

\??\pipe\LOCAL\crashpad_4200_QNQGQFXACWQURNPY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5431d6602455a6db6e087223dd47f600
SHA1 27255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA256 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb6abfd5371765add17b6fcd7091564c
SHA1 ba80a69f52f455a2f16cf11b21c3960d31f9437b
SHA256 65268dc2bbabb624159e7f3d2e4cbe7f5cdc3ed6afdf0c6afaa90126bc14e768
SHA512 5294a9a29a7fcd766ab2e21a88febf2efc50d8a99c7f72fff77f3fda26a51ddde191878ab3533e764f71368f8ec2528137e53b25ed47d9856a2f55ffb2cc1724

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 38f99e05d485b737087be3a5b3f45db4
SHA1 01c8a145c3198ea85d73a39f9506502b9adcb4df
SHA256 805bd612f46b77ac2fd4b05a521a1e783a0720564e6a13b8ef42d352b28e2e3b
SHA512 ad1bd863c43dde288c6a6d66f9f10208ab8d4e24bdbd9db042b0c5deb799525508befa49309f5bfcf89f6f4fccd2bb1d81bdb4229133f9e0c43dd3ae7b2253ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e59bb8856f51555572d628ca33755e1
SHA1 9f4559d7f972a9d7154e74c768d02e3818072be9
SHA256 f5656a1d6952539ce379657f559fa18c175692d60e1805389727564fb8fa36e0
SHA512 4353edd66e534ddfc8d3271e7eb9691a779c36044ee9be40fb23444940ed297b48b7442cbe5aac4d7d9b3e6f52bfd8c0b4eacbeb088cf28498169dbd1febb22d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf528ade61e60c998dcd21fce91c1da1
SHA1 f77ca1c4ee1a619c5900f86be2cc24f512afd3e4
SHA256 76db13c19baea09b1429cc1a8aff35a88bfbf8098392cae2afdea14c312b4a77
SHA512 7700f4b54b690e5a57ceb4342463ae9f61db26f684f8670f114b4178822dbc14a93eea6664e2c20c1ab186c4fbf1c5bad836c1220c9e7ccd32377f59b588caa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816fe.TMP

MD5 e6c0efe4acafcabe42433acc243b6a2e
SHA1 6026436cb3ddb865c6dcaa2c814647496fa10952
SHA256 9bbbd31748a5f08ae8f70f3b02bf0839079f8b4a7b3d7d05a7c5d9ad3fe482e9
SHA512 8e633b4d9bbe9c117bf1a266f01ff89b006721031e0f810b4b914b6cc9c6a9d6c9bc17e6ae30d213a9c56e0b011a234a7e1865f61f74430108e3a349827ec3e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 247ebcea2703530f837fa8e98c7440d4
SHA1 26b70a4ec261f5b24214babec791cdebd5567a63
SHA256 262b44272c608d92f632ba7adb52b2372d976f5bb4dcb6b811f758b1c8ed0ad1
SHA512 037d7f52eb4fe90bcc44307e20acd5e022273637ca20974c479274853ef1a3e182161386657bff50c37b07eb2a5a1613ab5b8f799b22267968aa6b4a56f983ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 178008197d603238d4e7d7823393af79
SHA1 27e4b69b07dddd4b6bf4e4f98f636346332a1b5d
SHA256 079ce11550313a8882a5ef18b72e902b764b0b8060263ba76c40a66af2de60a0
SHA512 2c2f62545a255aa4c5d983df50d7ca47bce0b291f8fa11b0b298af2cd58067970fb7e6391eaaba86f4f9aa82d7c8aeb69ba1a14b52fd7637f0bcc5f44c09ef0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d4233164e9f8a933c92721bba63edfa
SHA1 67a8c3f90c429a51a0041df04aa083fcaf6643e6
SHA256 73f4127763a064c6ce1b9dda640f98b504701f2c88e5a5fff55e7cef37a76d52
SHA512 fddbc16854d7d4256a66f50394e7e6e20940c9eec29455a6bec789835ebd50a2c093d8b51e5c288046a8d2043b354c053bb703d752b99040664a9ff85502adad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03f2c91745d4ceb666d9ea82d9a4abe9
SHA1 6bbc311aedf789a93ed6b6ddc2acf9a1490fe0d6
SHA256 693e195da82dc583d9d73fffa4c6766de1a7030e672d5d8921031abc18816069
SHA512 951e51a690b8ed28d58de7e1504f05072f42da078718f54d5f8d152ec30ab1e3e06f963fba2ad516df9ac0ad7d5ffb46d8d39ef258f602605e952d2ab7b70e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc655ab0-bf91-49ec-a488-e156630b9209.tmp

MD5 dcedf6b1b6d1e434164e23577d7720e7
SHA1 3e72b6ceb20609b703d44dedf77793e4e90a5a37
SHA256 fd7f44e50d02ef1e59148cf1c07bc694d4df87b56529b4c743b4ead376c8d5c8
SHA512 4d80f075a0135b4e7aa9439de7ae772779ae5386116e4df28dd59af858ce32ef22ca177972540250ab4d1803d8f412590e66a56818b9e7e5c1303b8ec6fbe229

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8669f15f633bdad04ce5d3e7d5bdabe
SHA1 9d864e4c4bd3f0e51470708fc39340772f808056
SHA256 1ca79d7196446d00cadbfccfd628aa860a37114befe13a0434ae3f8c4437cd36
SHA512 d7343eb569856ce7b842a40002ee390d5ef6a62f9748cdbe42d35ea3a04f14149197b3bc25e70fc7c0790a99798b8adee8003da7d2b153830766d427a6e897e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0805d68b0851b24876b6ea23d5beb667
SHA1 efd365b7abc3a6b9afaca7826b90afa02c0b3ffd
SHA256 a140241a40f9161c61d3b093d3fa4e2062c14a415a42d3dfe543c55fb89b78cd
SHA512 b1287ba21ffe3b19b15571512b968de00baffb7ca881d22e24b8a392259abeca881d2a3c7c84836e67eb98de8b7399face7bf8a7f5d01a292c409aef71717eb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93d6205283bb34e584a335b99a1a8e93
SHA1 775da0cab47c9566ddc355892084410ab0177df6
SHA256 f70e8dfdd957e7d209860453bc7587923fbf183a7c2b35babdf65734423b4a52
SHA512 cd1b37bf3091a44f4d0aea7ffe502f64a6528f135998e1c3dba41fc091d73ee27c6525f1484f955b16e22945ffb6fb2495c647cae4d818bd952951ae340815ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0ef464159cf14fb74efbe9decbc4583
SHA1 2604ed208a7d1be83dc0a021982820238ccbb4ed
SHA256 380fe8d236d478fc008f26cbf199ee779dbe2d7a5df2921c61d257f79a9360cd
SHA512 c78d45e05251f4a7e28136a751252cba32ba977cdaba3444be10d0b07e5d42477c068085829dc6f2300471f831f20dfc0da6b9bfb57e3080170c209d9316ebe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 0ef81c037915f392e47c9edb5a07f6d9
SHA1 afa30374a5cadedb3ac20040afbe9aecfe7b47c5
SHA256 499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e
SHA512 e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 407490850a11d4ddbfa8cfc8ca4b4134
SHA1 4a4ef50edd7d20ee11ee064a2ffc4f6ec7929d8e
SHA256 76585e2caa825e3e419d14abf626b43897ebc5ebad8eadebe23fa51bec943555
SHA512 49db102c324cc21339db0e9a0119cfd8281d881fda7a8e7098bf967151eee8b51d5fc4b9ebe4f2aec63c6c0960230d784e9c4cbba51260ca289618cc61e10ef7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0aa7eb62f6e0036b35dc26d11f039b35
SHA1 bd6fb93957b47fbd874bf4ba5704dd003fc09e65
SHA256 25894b7875f3b0d9f854cfcb0e86ca04effbd4a8f050a90cac64d89bc271a51d
SHA512 2df2e1b9df5d9773c0b199deb142b7e443d68d5e3cc3014a85df69a6273e0d4eaa94ca4bcaa3f5c2c1a45358b891c2513374d63f03e42474fe4ca2d2b6bbc6b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c05458b-3b30-4166-9e03-b5da4459b93e.tmp

MD5 72a8ab06a9c0e8a5c57ce7a22929a27a
SHA1 18328e03dcc990672a9f9ff2277631e729b60414
SHA256 ce0f12b7d353e8269a6727f9c533df80621f0b545533d210664042a3c10cb6a2
SHA512 68904d09dfb77a1dbd2efe07c983a3b8479cdfc130e7faaa1780af9f12d976a0fbc254d5fdcb3ef157091405a8284713e76d87f53cc5e3b83b560fa7c1446889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 07c1b97de5c54707533eab8d854e8f6d
SHA1 c7c17005580c6ffa276c9fee6015406364169f0c
SHA256 c290fd85b8d55d003ce348e1ad178d37d1744293f42981d093ffc44c2e0cb517
SHA512 3b470051fa2d6745b7b7df855e2acb169e85ae6dbad91a002530d8194b27ffd06f5916b00ae20c7863ba88588eb70ebb2c31e2a34b86bd0206177df301feded2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 ceeb814bab0da3562b33344de8e5a372
SHA1 b5eed9180832cf5765cd58857118ea553932bf29
SHA256 14d39e6c38691ddb59951108df87b186e5933010426c72c1ee82166cdad0169a
SHA512 fd3f90e2fd92eca692559a41868290aa9bbc5504222d20722cc505ad3e4c2a154dc5bf8cc637eee2d25f8be2c967bbb9012a93cd4fd7e6a00433fcc934f0ee1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c67ee59476ed03e32d0aeb3abd3b1d95
SHA1 8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b
SHA256 2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3
SHA512 421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 ce98c3b639ff53e62db72824806a2f32
SHA1 4ebdf1ac5041a2bbfc736eee17784a24a7b2fdef
SHA256 84a942b9db6aba18b48f01a3e866b3ebb2b064655dc61969fa0f4d5e70194844
SHA512 078c00acf0ec32dcd849d9f65405d3be8b7cffd8b42acffbf7fe6c6ffaf7c75be299cb10bece3768606db21765d2296cfcce334ad94a12b9a46bd65720e7c696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 76d82c7d8c864c474936304e74ce3f4c
SHA1 8447bf273d15b973b48937326a90c60baa2903bf
SHA256 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512 a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 0b1cb53525eea7989fc36cbacf716980
SHA1 233f374a68a3b2837780a131f2d3373ee0697c17
SHA256 825e558ea0411a6f745aef7a50996961bfcd7f08e07eb7b2da6a56758dda1332
SHA512 7da444f8ea3825c173583c3db3313b0ddab86eca470b4129924a786a706357fdf67ca766979b998b33ce9b30ef802ae5219aef1c45296b532e14ee0f1d97032e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 bd946ba0bf15acbe12f52f126ad40dc6
SHA1 dc1bc60049a379d475857867455e91276e18d835
SHA256 279f3edf35641367a0a2c89fb3fb58d2bbb0f51b18116197c4f3b91196b5a8ba
SHA512 de491d6e54da1070f2e50390a672cd85c8fafd2f93d76880bebaf64832face6c6baeb28fd215057854cd736e97581373a9913e64227c4d79403c4c69a475b932

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 f4a9a0abf7ed940419adeaabba6b37c0
SHA1 01cc6457224deec29303633b3dd8cacbac184aa5
SHA256 8b4dae3ac3068eb8c85e6f93c6eb3660ff9f5e867abf171fe44a8407d2fd5871
SHA512 f2d3689d9eb7d9cefd0db065fac8413e261d3d480a7ce9dc4ba53325ffcb1128ab966cc80a3daa27ad2e997d1dbd9785da7ad81857854022948da883ab19c708

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 573171f37ef3b1e2e9f027a0efeec296
SHA1 10afc06abac9c1a5ae3dd14b8f6f71c701e72005
SHA256 0a3f3852831f4c54210ef4fa161472e962595208c4394a54c26f704a29feafc5
SHA512 93ffd9f39f42d6f743527d1dcbaa6936704a5273d73755498a7a9363042a05e19da7b14ceb8442fd2353c786aaa9dca3bce44a3eaae7aa0716f382dff20915ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 c54bd82b99adab5b5ae3ac15c344cd41
SHA1 2e8c6336d1986478c64cd08bae05783b96ac62fd
SHA256 b5f9b7a8f4b33a53920b67e9b27c25b28b0da9d7f2c6cd2885f68893a8fcf231
SHA512 6ec6d936db29b9cc4e88a47c56a6e6986f448837a0f26c174d955c4ec1dd29493966698dc6b0bcf1e7ed62dc64cf52ccf5a00f89bfb5903d2d3d78e0c15963e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cec87ed3f875259496a285d33c95ccac
SHA1 40e993f02ef7131d174ab62deb5c59e4d19c2143
SHA256 3443a8d8c56881de68595255ffa56a705ea4f20cd231bd20d64541b1d5010c93
SHA512 a1c1949ca3e94fee157a79cba9ec2ed0ab5faf13473dcc6fe469612ccd65b50e55fafe7fd02e2f79572191282692848ecaf700641e5285cf096d510a0789fae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53a1bec115a9d2f208ec7a2a72c11cbb
SHA1 4fb5ad136d0c2993947153585dc7310237c27f08
SHA256 767ab2f89affac082612f729d4230084032678407290620f851958edf2e60441
SHA512 e5708f099660851afa32de8262e0343800dae45c09910b68ef4182948da91e35f62dd7b14b51686635dfc68742a5f43a6e2deeaf6566fe0654a008b7fbae94cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 888ff4b486490027a042fc38999778b6
SHA1 d45d68a511a6743145abf12d5573c729ad1fb5c1
SHA256 fe0b6a9221a4c1313451da3c20f7834e759a9f07ee486a7d58515b2085cac3f8
SHA512 2967b5889be5153f53f6f92e31f5ff6ea9432e67191a0949064e1be857300934767e9bedd44c5d598c3ddb394814bc950f3691eeccf07416a4d2729619977363

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 134a54ceb33e832f4094a70a5a02cfd9
SHA1 4af4001d7cea069db14da9da856801aeb87dd036
SHA256 01e39ecbb282f9165fb0ac60d5ee2b270e8316bc89643e9a043ec781dd3a5706
SHA512 959af83a536f7509ab92848f55354b90cb844e6414b66c5d82b17693830d83b7b5dad854ac7937b98d2fd664337e3476f7f5929e6e1d7a3a08a58a02b1a86f29

C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip

MD5 914fadaee197d1f71082a7bd95e042e6
SHA1 3356ffc83b5edb82940a04ce067d9e7ae7fd248c
SHA256 07bb2b15e3e6a2711ab2290c1f4a10f89ce193657e64f4e92190b7139ffec6ac
SHA512 b9aa1390283b3003b264531ed50edeeae1922f25dca5fce0bcbfd5b72815ef7040fa8c024276e234286b76f46a4c69292b45b8250679f686f329ed9edb042026

C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 754fb659a83398e401843b5aa591d05b
SHA1 eafaf53d6869dcba57a7b0a8aeafc6b2b223850e
SHA256 0bbfbfb22361b8e07d4e3e353b83662bcc199a042e5c60bb1975af1f9d52911f
SHA512 7c2166689665a117cbb4a329b4e17ba58cef7eb83fc7483a0e739ff8fbb2c52ed0f11a478f9f4ea5e00d973ac9a9f88fae50b935ae97417d80822d3da11f9331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e79b224e0a147b09822810355ede658
SHA1 e4895faae4e56f2cb595b2b3c232ff7860ef48b8
SHA256 72b37001a1cf867a785a7595a1512dc9b866a37271286ea642d3a769d7afe1ca
SHA512 54eb403dc86a98e7b973932cc9c36f3577f720710f9b090001b2744333b9d55b6c3abe6f934cc64f43b12a5f5759552b0ca1891b8c155c1e7d1cf12a1ec2c9cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5cb0b7441ddc7b4ed981a1516c6b1c3
SHA1 277842cae4ae6354ffe24f08f81fbae7f7c23576
SHA256 669d0ff58b4493ef0f60dc802d6a533174c4b05195d5eb024957805cea9ed37f
SHA512 0bd918c8a28ea5faa684c33c8e6c78581bea8f5281a98756495c664623b707b1c37b4253227e5df4d2a6da2ceadbc6c84d1fff057d164c26dc9c9b336996e957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4294e90b7ba5d5b9d268b4b4ab6700e
SHA1 93907a9e618d2d5b34d3ff90e4a85c9b7408b985
SHA256 cf5a9d33baefa248d354782338ec97ab0bb95b17d688dfbda745502b0e6aaa4d
SHA512 b670b6b596693021fd5ea00efd74e0a8d940abee47c84b01be55987e7347d8b6f756a16706d49f0b4dca4ce5cc10ef0a7112dfa4ec031bd963d352b53dd93909

C:\Users\Admin\AppData\Local\Temp\6330.tmp\6331.tmp\6332.vbs

MD5 b893c34dd666c3c4acef2e2974834a10
SHA1 2664e328e76c324fd53fb9f9cb64c24308472e82
SHA256 984a07d5e914ed0b2487b5f6035d6e8d97a40c23fa847d5fbf87209fee4c4bbc
SHA512 98a3413117e27c02c35322e17c83f529955b83e72f2af7caaaff53099b583cd241cec95e70c3c0d6d440cb22cf0109d4e46dfda09ef2480427e9a9ab7a4c866b

C:\Users\Admin\Desktop\SPONGEBOB_IS_WATCHING_YOU 5.txt

MD5 bb6d68d7181108015cd381c28360dfc4
SHA1 192c34b9cba6f9c4b742f2b70d9731b8ba2ac764
SHA256 aea8fb9235900760ac374c6a4a10fba62c2a0ef5bea2dd7ef4db70fe55e0b317
SHA512 e3d6bf8f6ae16daa235e2bc7ce64da5a76ff0155fa89942a4e9d3f10ce70229e081c5029a6b67702a6b14000f62e6c9188ba394ee7183d0667ddac9e0224f3f3

C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe

MD5 33bd7d68378c2e3aa4e06a6a85879f63
SHA1 00914180e1add12a7f6d03de29c69ad6da67f081
SHA256 6e79302d7ae9cc69e4fd1ba77bd4315d5e09f7a173b55ba823d6069a587a2e05
SHA512 b100e43fb45a2c8b6d31dd92a8ae9d8efea88977a62118547b4609cc7fe0e42efc25dc043bac4b20f662fab044c0ba007b322c77e66f0c791cc906eafc72fb95

C:\Users\Admin\AppData\Local\Temp\6330.tmp\tools.cmd

MD5 397c1a185b596e4d6a4a36c4bdcbd3b2
SHA1 054819dae87cee9b1783b09940a52433b63f01ae
SHA256 56c7054c00a849648d3681d08536dc56c0fb637f1f1ec3f9e102eace0a796a9f
SHA512 c2a77479ca0aa945826dccea75d5a7224c85b7b415fda802301be8a2305197276a33c48f82717faddb2a0ac58300f5b849a8c0dffb5a4443663c3dfd951d4e5c

memory/4792-1400-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6330.tmp\bg.bmp

MD5 ce45a70d3cc2941a147c09264fc1cda5
SHA1 44cdf6c6a9ab62766b47caed1a6f832a86ecb6f9
SHA256 eceedadfde8506a73650cfa9a936e6a8fff7ffb664c9602bb14432aa2f8109ac
SHA512 d1bf6cdade55e9a7ce4243e41a696ae051835711f3d1e0f273ad3643f0b878266a8213cc13ca887a8181981ba4937350986e01e819b4bb109330718ef6251149

C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe

MD5 e254e9598ee638c01e5ccc40e604938b
SHA1 541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d
SHA256 4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63
SHA512 92f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb

C:\Users\Admin\AppData\Local\Temp\6330.tmp\mainbgtheme.wav

MD5 1b185a156cfc1ddeff939bf62672516b
SHA1 fd8b803400036f42c8d20ae491e2f1f040a1aed5
SHA256 e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36
SHA512 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7

C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe

MD5 7c92316762d584133b9cabf31ab6709b
SHA1 7ad040508cef1c0fa5edf45812b7b9cd16259474
SHA256 01995c3715c30c0c292752448516b94485db51035c3a4f86eb18c147f10b6298
SHA512 f9fc7600c30cb11079185841fb15ee3ba5c33fff13979d5e69b2bae5723a0404177195d2e0bd28142356ff9b293850880b28322b2ce1ff9fe35e8961bb3f7be1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1eba1e1c29e953d210247db03f6682ae
SHA1 594ec42d45d24877ff8d5e06f931a42a05ec34d3
SHA256 da4db13005c528cd6bfbbda6af13a9d6ccbd117fe91bd77d52c18874bf8c49b8
SHA512 2a18902b0a43180607dcc51831c7c2eaca1a6ea505d0c80160e4f91aaccd02448dba057a4a6246e02bab595b3df3c307e6e9f5cae013fdc634874cd543ae9a56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b0d1865a38961b7e8a7109b0a628a31
SHA1 61deaae385a97db030061401d247a11dd3f91867
SHA256 6cbbd165436166b246f112f585a0cd7b0a0cd6d320dc56b775e4e4b59d39e528
SHA512 ac120ea36b6cf2a98b331945ef904d2d2d79b6b7f48d82f2f120246ece83687f9db67d50bd96e51e84cb5248e9896758d2f21a17a05127bf96791bfa86d024f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 290b7a704b4885d12ba96d18798ada4b
SHA1 a3e32cefd22424074b6facb841914efe9b9baf39
SHA256 7637e084cd04a63193a06051cab9b5c2ca71056a65094e0440c1ff2b4d227780
SHA512 a9d99cb346320914b8b4925c69f90203ef8f1c62d0f08fe8c83c1e5cd2b9710fe73f055e359ebb6d7131214487c6a299a1f87ca60ff44033d7801fbb32f8b9a9

memory/4992-1444-0x0000000000750000-0x0000000000772000-memory.dmp

memory/4992-1448-0x0000000005720000-0x0000000005CC6000-memory.dmp

memory/4992-1449-0x0000000005210000-0x00000000052A2000-memory.dmp

memory/4992-1450-0x00000000053D0000-0x00000000053DA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_D231F1DAD7D84B67AADEACE18FBC4AA5.dat

MD5 e0ecfbecd87c2bb6c927231fbeb65e67
SHA1 930ba90982287d0d6934afea4508dbb49355036d
SHA256 7a7cf2273e04569145c2b49bde1457db70fe527265cb4812c7f88a51facf739c
SHA512 e44a7b55183aab95043a515c5c335a2e00274166e03723ddb16fcb548158f5673608d303c348038bac41efac5564115aaf73d4cf10a0de9414d2a175bbfe2fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2d3a85a3d380ef707b402d93f812839
SHA1 a911a1a981414ae1180140a3109d19dae13e9720
SHA256 92235701a743f669b32ba2fb8666f8b0281eb1c47cafec2ada1ceab9541312ca
SHA512 80200f037b9534fe3874569bc4fd87146d67fc0bfdb52241aa93ead58b525cc6a3e0f2933083c787b1dfdadeead4488f5416a705ebfcd3af758003b3615c343c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a741d3fad768562a8592ef81d41064c
SHA1 67dd64f58d4d5a83818eb2a2aec0381fa35f1ba2
SHA256 ce8203c8ef129ca7c5d9b7a893c4d238e559adfb3649e2982fb1bfd25fb823c2
SHA512 fabb11f2704bec5677c6017aa62c2bcfeea877fd3576928cc388e0c5b41e8085a5fd60cd04420f25822cc1289016ea907209d806c47437cc15973c7d6c037b6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 59d330c657843f1fc7dd12b54c155c06
SHA1 edd716ff7ac95da596c27832b2281a92dd4a5c36
SHA256 a991edcd292711d71b1dfe1f5f3fa1fff329f568662d9e0b61b1b182b7927635
SHA512 0ccf114fada310e364ff18f32a42ad5485d67994185ab59f78e2e677677e5e956ca5f9d21eecf8ebe750b0c12784f0e919c9c5f190b88b4f7da38b3a7dbe7388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2d3cc4dfca7b94cc23ef1e0f9cd49e3
SHA1 948305ab38c5b26b32cc9bae33da22e7947fada4
SHA256 1931f306141692f5c6ac0c611fcd8ed11dc249770d4cd677eab6e0980fdd6d37
SHA512 7c7401d350d9ace89f90258dd6f3fab03df313b0c24954639356c840b98c439cc5b0f613109760f0d5053c3aea77bd5f1dc317084d41eb2fb0ac239730247c15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 f47b6a12139e868b5744680a7c0bcf1c
SHA1 eb4041dabe302221f056ae1ea58c7e5da112d96d
SHA256 a4bd19b7c0f8a43c4321c85bc23c956e2871040f252cfff76b1b497bc728ba94
SHA512 0415a966c921e3dd89892686559ab5d06278ae29182f2d27c6320957e63007ac5964c0cea0cecd5f33e80ee433e3ae0b882760e15bb196b9d85d117d3c5fd1c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

MD5 9756aa7e947179e9eb681904eb0a33be
SHA1 212f64d38b5074ab32440be97d36a2580f36d20a
SHA256 8e93da82e7c5fd3e577e84482f8a9f759452ad802b41fa8b03688ff3fcb64097
SHA512 9c0de8f7708e4418397e2738addcedccfd02de1cabb8102be0122e370ea55a350a70cda1d0099d7af8c7d3e994851c0877941ca269b06bcb6c7f77f9da234609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc9246278e54b0bf2bce4ecb1c64953e
SHA1 7fff124c7b511ddadfbbedd8b9d9f4d62d440f5d
SHA256 01fcad41c1251946c8a7ee69234bc6d6c405167d1aba8e4526ac928538a7e726
SHA512 f06bc13a461607389d9a6d389a3d9da58935621d9ef61c206cc78ae98f023acf6bf03b15abdb612c61f1594f21e27f92f26a2d8f80993ca349607fd168e61fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

MD5 dee46781c0389eada0ac9faa177539b6
SHA1 d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA256 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1ec42fdabd50674c9da149ef603c872
SHA1 c4fd62d4279741801628a33462b439f86b2ed878
SHA256 8333281c286094062d61f1feee2db846815d71427dbf1ff1d8b256323eab403f
SHA512 e504167c4b80ca528c93cfbb274fe6cc350dd5762a4877a6a007f8178aeb3b099272db02c8a3c54ea6fcb2756fed53ab3b1912d5fcee37f300baa676d4801fac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bc

MD5 5b9c8980823dac139da68f41e2947303
SHA1 2d950568a2e5bca5dd7fed1a5944394dae8e99f1
SHA256 bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257
SHA512 f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db

MD5 68b3d2c4ad0a08989723996b48cafee3
SHA1 fa776c002791fc47e19e9b4f26fb6aa60c0ba822
SHA256 5e61ad6e0fd70bebb944c7545df0664d4191d91b136cbf402c1f407ce49fd714
SHA512 c4004f3e02794633cef68b175220a0dc4e116f2ca4fe3cf6e11cf7ce1e6a674b58b504a983decc3a60e30e2ba7bde6a03adb2053bec02752fddcc12b325c70ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

MD5 777a63c7bb73394365962e8e0fd2dc01
SHA1 2ca4ef52bd745378018eb30180ffa208a76b5c04
SHA256 10a7f1cc102eed344c455765969891f8c4ef071626036419fba5f17fa42810df
SHA512 986adc9a20bad40f8cace5dd9af3c3ac58e2fddfb30363ef61ef51d2493e603e28241da0144833eb62cae3c2d3fd2a38ba0a4822f01eb890cf58c7d7febdb8fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000de

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d31acbb8a519fc58b08cec4010c641a8
SHA1 0f0b76425da692df1e5dac5ab2e49825ff38b804
SHA256 d1c1809b775c55986f6a1578cd22205213540062dc2c5ebc5c1402f7b2945072
SHA512 cccc562fc8be8c029320d1eceacf99fdeea1b4c7ee48ec3d6d331db390b2c048804b31b306a13c71ed575e33955248d934284b3ca051260b16014f1444bcecf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6bdc323cf217c9060100b975bbcf2b2
SHA1 047a615fd71e02ff6519baaa9227782f944d3fac
SHA256 acb4527310fe0955da66f3a31220f3b401620caf5fc4eb52c6dc84a637d3394d
SHA512 0014e0e8d454fab1d2887c8860a6b6566fa94ecfb7e9a7dead290a8d2555e476f27c8ae0d911071dca1e4a1b810a5e70fd58aac3249925de97a1adfbb7fca6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07654efe44aaadeed859396775f1c2ac
SHA1 577de8d1704d6b0d23123fb5fc81be1a55a141ad
SHA256 eb8c078301450fbeb928ee7b8e7aeb5d523ecb179a8e0d8310316cddf5b8bba7
SHA512 8e6a98ae64c33c60bd3a3d44e9679564b97a9ca07b6bc3e46cb15d158951d9af57f0136d9f1f9a11583059223c0c9c945076ad1d2d918d56bef862e12662c47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ea217951c6095a25b772a7aa65539c7
SHA1 319c1bffa06b74c6691d081e70c20c9252fe9ac0
SHA256 9c83b306fbb940b294aea3f94c702b8c1da860a88ea9fe49c0c7ae5c10e6fda5
SHA512 60245d6aa320b65e0a39bf7baf09ca4798d363d4c32d3bc2214cb8f59ae553cc04342683614bf8575b6ffa73c25336cba4f068a303bc2c9bdb9f6550cd411a16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 676a2a934af43d976eee0ddec7848445
SHA1 a28a10be7f9c4ad5edc1c8953191a2b21341d2f4
SHA256 00691f53c12f0ae041788d2947a4d435efffb8e567bc531e476dae629eb8c50d
SHA512 3668ed6de34384bb913e59a19f7c388e89711d51920bd67769433aa7fbd91d2e719ab64cd8acb04a2c0d300c4fa9b14d1159b45c0c9805a6a31c73606a9ad3dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c3698.TMP

MD5 705fde1c2125bfc2c0f3a2ae4e9ae614
SHA1 18aee79aa578c5819c2ba270a82b59a96e3d0d03
SHA256 5a5c298bd82007bbb4354667f2ef4116704f447d3ec4af5f9da822102c220bb2
SHA512 348c0dc9c6c0418cffd3c9c8468b4c72dc6211c332217e3f475db09b0658d772f541f774a43686f6bee0ec6fa3a7c7e308df9d1f70d9b2ef2f564fdc6f589ec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e66072b1848bf8600e0f0f4c21f5b89
SHA1 f3872e1e9b2f5ea2ad2e4f6da01fbb2eb636f3ab
SHA256 56722ab18665cfdf4e799d6e157f201e7bb6ab38b8b2eebe0248bcef146a45ab
SHA512 fb7e2fa7a729c8cbef6ac980ef37dc048d1997e35d2dc97f28ede62a7c9ab3e5acb918f94c6b78fe1fb89cd6d7111894843d92c179c0433dd913760e4d0a9195

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e888a69bf3b1a92c343f97414f521dc7
SHA1 14ba1ead9816082d5354ec2a95b59e67b6c838ab
SHA256 964665ebc926887cc5e5728d122ab7b68bd18c73c1aa57b754079a0c8b6e4ae5
SHA512 e89e89fc589a617d7d390346fd98355f9824e4ee6ffba814e94fbf82f5db94441a5420afddc39d3eea3e28622bdca957416024676166bb5f3a05946354da3584

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e4

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 833dd400e75aa0d5d737619868e262c4
SHA1 6fbe5c4118fb6ca360584a95128ed4f4b93e59e2
SHA256 0501ac98101b95df2b3ff4d053fc52993ef9138b541a0021d648e7747986ebd8
SHA512 52e5fbbdb01941096c2f9079dd392b7a6cd8fefdd296fd0560a6d334b3aeb3f72884131ebda871abbdd8d5f3238cf7731838353d253c1a939ae76f3b6eeb3e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0109dc56b6a6820eb2f4e92a434f04cd
SHA1 d4a1df5676fb74016926c244b8662b0ea0e4ac6f
SHA256 3148bfb5b618dd0496daaa4c676eb46b2e7de82b2b69bff87dd04fd3b7e2f36f
SHA512 893bab433f856e1cfc1366919c79ab06b6fd47b552e3565ac421bbb9d7375c745c013a59c8d5794db2898df3004561593b159c06afd5ccd53fb59c48864199fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e9f7061ab26753916dbf513de198c3e
SHA1 806202b61657d118679cfb1c8c2cd68f088340c9
SHA256 b1b5524d7070167a3c86bb72dc0974f84c0fb21f6e9fd8594648345d36720ecc
SHA512 20c8302d522713bcaf524b54199db151527c421b7c187537e2e8230bd3a895a06dde87de5f11b205048d72911752281fb695fe1b72220bb23a400c7651648220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f03768b51159dfb2692fe49e29aaf3d5
SHA1 d9ba6245ecebcb711fd6368e92781767f1bae275
SHA256 f97a5f8f1ce8f006d16592c6c3b65f56e3c86ed0a685bad804bb03d92e4b14a6
SHA512 c52c36bcebec094e2b7caa085d55dbb78fb30c0d381c6274c4de062373cd657c0e376d20e99af1c08a1f705f0ce834765508a9adf647c5b63f07ba469099236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b99398a329956a25fe1d86341ae3727
SHA1 417aa75804f3381c11f4605d2c27a858b9e0146a
SHA256 593ce4b85c353edf947c03dcc7cc36ea5809cad59c3de0e4735f4b8607dc5115
SHA512 a52c8eb6b56907370cfa53b169a705a86bf20b99f6c66119c55a0cc804c01cbc694f5c4c017e471670e0384f00dfd5da6c2c024ff5aa31d47464d792a4b3720d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\37bf5475-8973-42db-b7c5-e90c0f9a89fe.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55a0e9b5a6dff622b257d4b9505f3e87
SHA1 3020f032ccf808d9edfc7ae667b05e65bdfb2c21
SHA256 5af841ecdd96f1d36fd36e8baaa7743386899924859b9d8167154d5376fd9db8
SHA512 388d8ee51cb974276dcc6d7880b03c6e64505f947d3af3205e35814641ccc7f3d95b46afac397a397ed357fe63af3d878b251c2292738edb5598c30b8ace1ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ae0a25773d46fee3762cf3d774c2460
SHA1 0ed030ccf61a81f5aa36676d18d53f17cac8f25e
SHA256 c165ff86c3c66985de08b78f0858a23957af42aebc267bbc491e4da825d78fa9
SHA512 1a894c2c88fe63fad9f95367515c1f7388c705a112d7ea272e8a1d68bfc0bdb7dd0368fb48636913b2da419ae15dbc44a98f11f6df8781674cd002905a10e494