Malware Analysis Report

2024-12-07 02:50

Sample ID 241110-27k7lazqcj
Target 04e16c855515880799c8.exe
SHA256 b10c01a7256143b3abb1d6fe2115ecd651fe639bccadaf3dd88d1d68e1bf50c4
Tags
wannacry defense_evasion discovery execution impact motw persistence phishing ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b10c01a7256143b3abb1d6fe2115ecd651fe639bccadaf3dd88d1d68e1bf50c4

Threat Level: Known bad

The file 04e16c855515880799c8.exe was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact motw persistence phishing ransomware worm

Wannacry

Wannacry family

Deletes shadow copies

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Modifies file permissions

Executes dropped EXE

Drops startup file

Checks computer location settings

Loads dropped DLL

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Checks system information in the registry

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Views/modifies file attributes

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry key

Uses Task Scheduler COM API

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 23:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 23:13

Reported

2024-11-10 23:27

Platform

win10ltsc2021-20241023-en

Max time kernel

804s

Max time network

805s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD9ACA.tmp C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD9AE1.tmp C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pdyantnatxy168 = "\"C:\\Users\\Admin\\Downloads\\Ransomware.WannaCry\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Checks installed software on the system

discovery

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_72ab89a5cc3218be\machine.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_f6ccd5b2c8226c4a\mshdc.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-ML3ON.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-HQJ2N.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BL1GI.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-VJVU5.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-NIJF7.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-1BMBE.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-JLO0I.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-8EIJO.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-6MNV6.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-KJVN7.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-5DMU1.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-R5RGM.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MATBC.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-SB0GC.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-N4KHG.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-BILJT.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-SQ2IL.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-2Q53O.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MA649.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-78609.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-J04SN.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-6JUGP.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-V3P36.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-FCHBE.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-L06EB.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-QTURA.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BRQQL.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-GR5R3.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-HIAB0.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-QPVBU.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-M92E9.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-VBO9I.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-74GF2.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-OR2S7.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-RC6DT.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6b8484da-22c6-429d-8149-c1d3d7c86ca1.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110231455.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-11AFR.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-UFKNB.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-V48L3.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-TQH4R.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-GHOD5.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-6T576.tmp C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_volume.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Driver_Updater_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumberDescFormat C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceCharacteristics C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ParentIdPrefix C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133757540314643467" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \Registry\User\.DEFAULT\Software\MemeSense C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe,0" C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\ = "PC HelpSoft Driver Updater Protected File" C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes\.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\ = "URL: Driver Updater Protocol" C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\URL Protocol C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.HDM_encrypted\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\Extra\\DriverPro.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe\" \"%1\"" C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open\command C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 34330.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 868439.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 345684.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Token: SeImpersonatePrivilege N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3408 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 6104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3408 wrote to memory of 5164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe

"C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdd701cc40,0x7ffdd701cc4c,0x7ffdd701cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1372,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4688 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5600,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95fb281a-306d-4ecb-b7fd-a8372fff67c9} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5122532c-773f-49ec-912f-4eff135e7cf0} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49b84a38-2da0-4d57-a872-6b87e2caf06a} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893f0cb9-d884-45a7-bf1a-5edcde9425ff} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf06d53-99e3-47e1-8134-413222996f26} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5224 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5132 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d9dbaf-dbfe-4b91-83a0-5c5f3165858d} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cecc9a-0a8c-4c16-81dd-794095eee9af} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d142aeba-a805-4ef0-85f8-a20a77bc5ad9} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 6 -isForBrowser -prefsHandle 6136 -prefMapHandle 6132 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d27c1d-c058-4e00-88c2-d46abab6f359} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ResizeGet.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2a0,0x2d0,0x7ff7b26c5460,0x7ff7b26c5470,0x7ff7b26c5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9708 /prefetch:8

C:\Users\Admin\Downloads\Driver_Updater_setup.exe

"C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\Downloads\Driver_Updater_setup.exe

"C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\Downloads\Driver_Updater_setup.exe

"C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp" /SL5="$1401C8,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp" /SL5="$501DC,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp" /SL5="$3022A,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED

C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8976 /prefetch:2

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe

"C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=n4l4AdUDqyE%3D&uid=1020464&cmp=ADWORDS&mkey1=PH_DU_ESC_WORLD_PP_GO_CO&key1=_&key2=__Device_Bluetooth&gclid=EAIaIQobChMI8M6O1_LSiQMVwkgdCR1NEyMVEAEYASAAEgIiufD_BwE&msclkid=&src=&wID=&affcookiename=&mkey5=offers.pchelpsoft.com/driver_updater/&HostBrowser=ED&software=offers-driverupdater&mkey4=ecdf697f-d5c5-ba12-78b4-1f1dfa421561&visitorid=ecdf697f-d5c5-ba12-78b4-1f1dfa421561&mkey3=win_cta1&mkey6=0&mkey7=NO_TRIAL&mkey8=4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x12c,0x154,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ResizeGet.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23681 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be1fb95a-b8b5-4aa7-8063-29d4affe834b} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23717 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f493d37-00e9-4266-95b5-b7fc3348c352} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3160 -prefsLen 23858 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d001909e-d840-43cb-b340-4d5f38aada07} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -childID 2 -isForBrowser -prefsHandle 4212 -prefMapHandle 2664 -prefsLen 29091 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e4f0e5-67b8-416b-962c-37d749ad1572} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4640 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 29198 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a226775-ec1d-4c44-9d82-aa3e2d3fa8a7} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5108 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5164 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb85a128-4b62-4e57-8f6f-2511ade2f1e9} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f85381f-0a44-4d99-96a4-5529f09fc3eb} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77d0d59f-85b3-4587-a5cf-6d11521d6be2} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3bcca88-6e90-4168-b4ff-186017a7b7e6} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 4656 -prefsLen 27838 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {918ba5f5-4b91-4d7b-aec5-179f4ce45c1b} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 264731731281055.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pdyantnatxy168" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pdyantnatxy168" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1492 -childID 8 -isForBrowser -prefsHandle 4608 -prefMapHandle 3088 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6cca616-b67b-4cb3-996e-0a74667da3a3} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 9 -isForBrowser -prefsHandle 5624 -prefMapHandle 5636 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ecd0fff-7df6-4a12-ab9a-e281c5b6c93f} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 10 -isForBrowser -prefsHandle 6836 -prefMapHandle 6832 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce9bb3c-5707-4de5-843d-4f1bdee16451} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 11 -isForBrowser -prefsHandle 5020 -prefMapHandle 4536 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49f65c3-4fb9-4ea8-a939-b383688d5696} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
N/A 127.0.0.1:50041 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 115.230.163.35.in-addr.arpa udp
N/A 127.0.0.1:50048 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 92.123.128.173:443 www.bing.com tcp
GB 92.123.128.173:443 www.bing.com tcp
US 8.8.8.8:53 173.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.171:443 r.bing.com tcp
GB 92.123.128.171:443 r.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 171.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 92.123.128.171:443 r.bing.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.129.91:443 en.softonic.com tcp
US 151.101.129.91:443 en.softonic.com tcp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 images.sftcdn.net udp
GB 18.165.160.104:443 sdk.privacy-center.org tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 13.224.81.72:443 api.privacy-center.org tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 push-sdk.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
DE 157.90.33.121:443 push-sdk.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 172.217.169.46:443 ampcid.google.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 72.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 8.8.8.8:53 capcut.en.softonic.com udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 rv-assets.softonic.com udp
US 151.101.193.91:443 rv-assets.softonic.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.129.91:443 rv-assets.softonic.com tcp
US 151.101.129.91:443 rv-assets.softonic.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 bat.bing.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 150.171.28.10:443 bat.bing.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 151.101.193.91:443 rv-assets.softonic.com udp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 151.101.193.91:443 rv-assets.softonic.com udp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 wct.softonic.com udp
US 104.26.3.63:443 wct.softonic.com tcp
GB 216.58.212.206:443 syndicatedsearch.goog udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 63.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 0a3fe897c4d73af1d235e53a34e23c90.safeframe.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 216.58.213.1:443 0a3fe897c4d73af1d235e53a34e23c90.safeframe.googlesyndication.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 18.239.18.12:443 tags.crwdcntrl.net tcp
GB 172.217.16.226:443 partner.googleadservices.com tcp
IE 54.170.33.189:443 id.crwdcntrl.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.27:80 crt.rootg2.amazontrust.com tcp
NL 18.239.83.27:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 www.facebook.com udp
US 34.120.63.153:443 prebid.media.net tcp
DE 138.201.56.12:443 shb.richaudience.com tcp
DE 138.201.56.12:443 shb.richaudience.com tcp
DE 138.201.56.12:443 shb.richaudience.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 79.125.109.182:443 ad.360yield.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
IE 108.128.203.225:443 ap.lijit.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 142.250.187.219:443 storage.googleapis.com tcp
NL 18.238.243.114:443 config.aps.amazon-adsystem.com tcp
NL 18.239.68.199:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 12.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 189.33.170.54.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 27.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 12.56.201.138.in-addr.arpa udp
US 8.8.8.8:53 225.203.128.108.in-addr.arpa udp
US 8.8.8.8:53 182.109.125.79.in-addr.arpa udp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 199.68.239.18.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.26.3.63:443 wct.softonic.com tcp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 api.btloader.com udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btmessage.com udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 232.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 104.26.3.70:443 ad-delivery.net tcp
US 151.101.129.91:443 di-images.sftcdn.net udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
DE 148.251.20.70:443 sync.richaudience.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 csync.loopme.me udp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
GB 2.19.117.84:443 player.aniview.com tcp
US 3.214.207.9:443 cs-server-s2s.yellowblue.io tcp
NL 35.214.251.135:443 csync.loopme.me tcp
GB 2.19.117.84:443 player.aniview.com tcp
US 3.214.207.9:443 cs-server-s2s.yellowblue.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 15.197.193.217:443 match.adsrvr.org tcp
NL 35.214.251.135:443 csync.loopme.me tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 54.147.138.47:443 api-2-0.spot.im tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 70.20.251.148.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync-service.net udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 3.217.190.136:443 sync.srv.stackadapt.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.67:443 bttrack.com tcp
IE 54.155.94.181:443 jadserve.postrelease.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 www.opera.com udp
DE 3.122.90.30:443 www.opera.com tcp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 85.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 135.251.214.35.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 9.207.214.3.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 47.138.147.54.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 136.190.217.3.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 181.94.155.54.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 30.90.122.3.in-addr.arpa udp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 15.234.82.104.in-addr.arpa udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
DE 51.38.120.206:443 onetag-sys.com udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 18.239.94.101:443 s.ad.smaato.net tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 54.155.111.174:443 match.prod.bidr.io tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 101.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 216.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 174.111.155.54.in-addr.arpa udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 54.76.90.176:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.157.137:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 176.90.76.54.in-addr.arpa udp
US 8.8.8.8:53 137.157.82.98.in-addr.arpa udp
US 8.8.8.8:53 pc.evony.com udp
US 34.110.194.123:443 pc.evony.com tcp
US 34.110.194.123:443 pc.evony.com tcp
US 34.110.194.123:443 pc.evony.com udp
US 8.8.8.8:53 123.194.110.34.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 emcl.evony.com udp
CA 76.9.213.43:443 emcl.evony.com tcp
CA 76.9.213.43:443 emcl.evony.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 146.75.72.157:443 static.ads-twitter.com tcp
CA 38.45.227.13:443 em.evony.com tcp
US 8.8.8.8:53 43.213.9.76.in-addr.arpa udp
US 8.8.8.8:53 13.227.45.38.in-addr.arpa udp
CA 38.45.227.13:443 em.evony.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 3776044487a5459b443e0bd24ed13b44.safeframe.googlesyndication.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 157.90.33.121:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 139.45.197.253:443 notix.io tcp
GB 2.19.117.143:443 aefd.nelreports.net tcp
US 8.8.8.8:53 143.117.19.2.in-addr.arpa udp
DE 148.251.20.70:443 sync.richaudience.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
DE 37.252.171.149:443 ib.adnxs.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.251.135:443 csync.loopme.me tcp
US 3.217.190.136:443 sync.srv.stackadapt.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 a.sportradarserving.com udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
NL 35.214.174.141:443 a.sportradarserving.com tcp
NL 89.207.16.201:443 equativ-match.dotomi.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
US 8.8.8.8:53 141.174.214.35.in-addr.arpa udp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 mashalearning.com udp
US 104.21.37.192:443 mashalearning.com tcp
US 8.8.8.8:53 192.37.21.104.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.37.192:443 mashalearning.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 image.mashalearning.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 offers.pchelpsoft.com udp
US 104.22.18.110:443 offers.pchelpsoft.com tcp
US 104.22.18.110:443 offers.pchelpsoft.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 110.18.22.104.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 store.pchelpsoft.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
US 142.250.75.99:443 csi.gstatic.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 partner-tracking.lavasoft.com udp
US 104.16.148.130:443 partner-tracking.lavasoft.com tcp
US 8.8.8.8:53 t.co udp
US 172.66.0.227:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 130.148.16.104.in-addr.arpa udp
US 8.8.8.8:53 pc1.evony.com udp
CA 76.9.213.153:443 pc1.evony.com tcp
CA 76.9.213.153:443 pc1.evony.com tcp
US 8.8.8.8:53 227.0.66.172.in-addr.arpa udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.pchelpsoft.com udp
NL 18.65.39.34:443 cdn.pchelpsoft.com tcp
NL 18.65.39.34:443 cdn.pchelpsoft.com tcp
US 8.8.8.8:53 153.213.9.76.in-addr.arpa udp
US 8.8.8.8:53 34.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 135.194.219.23.in-addr.arpa udp
US 8.8.8.8:53 drivers.avqtools.com udp
US 8.8.8.8:53 api.playanext.com udp
US 8.8.8.8:53 offers.playanext.com udp
NL 18.239.36.31:80 api.playanext.com tcp
NL 18.239.94.120:443 offers.playanext.com tcp
US 8.8.8.8:53 partner-tracking.lavasoft.com udp
US 8.8.8.8:53 collect.avqtools.com udp
DE 116.203.251.147:443 collect.avqtools.com tcp
US 104.16.148.130:443 partner-tracking.lavasoft.com tcp
DE 116.203.251.147:443 collect.avqtools.com tcp
DE 116.203.251.147:443 collect.avqtools.com tcp
US 8.8.8.8:53 drivers.avqtools.com udp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 8.8.8.8:53 31.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 120.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 147.251.203.116.in-addr.arpa udp
US 8.8.8.8:53 14.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
NL 18.238.246.206:80 ocsp.r2m03.amazontrust.com tcp
US 104.22.18.110:443 cloud.pchelpsoft.com tcp
NL 18.239.36.31:80 api.playanext.com tcp
NL 18.239.36.31:80 api.playanext.com tcp
NL 18.239.36.31:80 api.playanext.com tcp
US 8.8.8.8:53 files.playanext.com udp
NL 18.239.36.31:80 api.playanext.com tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
NL 18.65.39.64:443 files.playanext.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 8.8.8.8:53 64.39.65.18.in-addr.arpa udp
GB 2.19.117.143:443 aefd.nelreports.net udp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
IE 54.76.15.180:443 ad.360yield.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 116.203.251.147:443 drivers.avqtools.com tcp
US 8.8.8.8:53 180.15.76.54.in-addr.arpa udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.richaudience.com udp
DE 157.90.0.38:443 s.richaudience.com tcp
DE 157.90.0.38:443 s.richaudience.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:57367 tcp
N/A 127.0.0.1:57369 tcp
N/A 127.0.0.1:57366 tcp
N/A 127.0.0.1:57372 tcp
N/A 127.0.0.1:57392 tcp
N/A 127.0.0.1:57394 tcp
N/A 127.0.0.1:57396 tcp
N/A 127.0.0.1:57397 tcp
N/A 127.0.0.1:57400 tcp
N/A 127.0.0.1:57402 tcp
N/A 127.0.0.1:57407 tcp
N/A 127.0.0.1:57409 tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.190:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 190.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 download.driversupport.com udp
US 13.107.246.65:443 download.driversupport.com tcp
US 13.107.246.65:443 download.driversupport.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 cdn.optimizely.com udp
US 8.8.8.8:53 d3ti88jhu7fk5j.cloudfront.net udp
US 104.18.65.57:443 cdn.optimizely.com tcp
NL 13.227.211.33:443 d3ti88jhu7fk5j.cloudfront.net tcp
NL 13.227.211.33:443 d3ti88jhu7fk5j.cloudfront.net tcp
NL 13.227.211.33:443 d3ti88jhu7fk5j.cloudfront.net tcp
NL 13.227.211.33:443 d3ti88jhu7fk5j.cloudfront.net tcp
US 8.8.8.8:53 solveiqdriverstorage.blob.core.windows.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 a17476411934.cdn.optimizely.com udp
US 20.150.70.228:443 solveiqdriverstorage.blob.core.windows.net tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 consent.cookiefirst.com udp
GB 79.127.237.132:443 consent.cookiefirst.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 57.65.18.104.in-addr.arpa udp
US 8.8.8.8:53 33.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.70.150.20.in-addr.arpa udp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
GB 79.127.237.132:443 consent.cookiefirst.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 edge.cookiefirst.com udp
US 8.8.8.8:53 logx.optimizely.com udp
US 150.171.28.10:443 bat.bing.com tcp
US 34.49.241.189:443 logx.optimizely.com tcp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 189.241.49.34.in-addr.arpa udp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
US 8.8.8.8:53 downloads.upclick.com udp
CA 64.18.87.12:443 downloads.upclick.com tcp
CA 64.18.87.12:443 downloads.upclick.com tcp
CA 64.18.87.12:443 downloads.upclick.com tcp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.193.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 12.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 trc-events.taboola.com udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
N/A 127.0.0.1:61732 tcp
N/A 127.0.0.1:61734 tcp
US 8.8.8.8:53 api.playanext.com udp
DE 116.203.251.147:443 drivers.avqtools.com tcp
NL 18.239.36.26:80 api.playanext.com tcp
NL 18.239.36.26:80 api.playanext.com tcp
N/A 127.0.0.1:61738 tcp
N/A 127.0.0.1:61740 tcp
US 8.8.8.8:53 26.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 92.123.128.175:443 www.bing.com tcp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
GB 92.123.128.175:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.174:443 th.bing.com tcp
GB 92.123.128.174:443 th.bing.com tcp
GB 92.123.128.134:443 th.bing.com tcp
GB 92.123.128.134:443 th.bing.com tcp
GB 92.123.128.174:443 th.bing.com udp
US 8.8.8.8:53 174.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 134.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
GB 92.123.128.134:443 th.bing.com udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
GB 92.123.128.174:443 th.bing.com udp
US 8.8.8.8:53 about.gitlab.com udp
US 104.18.43.134:443 about.gitlab.com tcp
US 104.18.43.134:443 about.gitlab.com tcp
US 8.8.8.8:53 134.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 client-registry.mutinycdn.com udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 151.101.129.91:443 client-registry.mutinycdn.com tcp
US 151.101.129.91:443 client-registry.mutinycdn.com tcp
US 172.64.155.119:443 privacyportal-eu.onetrust.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.bizible.com udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 extend.vimeocdn.com udp
US 8.8.8.8:53 images.ctfassets.net udp
FR 152.195.15.58:443 cdn.bizible.com tcp
US 151.101.66.109:443 extend.vimeocdn.com tcp
GB 23.204.224.203:443 munchkin.marketo.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
NL 18.239.36.79:443 images.ctfassets.net tcp
US 172.64.155.119:443 privacyportal-eu.onetrust.com tcp
US 8.8.8.8:53 109.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 203.224.204.23.in-addr.arpa udp
US 8.8.8.8:53 58.15.195.152.in-addr.arpa udp
US 8.8.8.8:53 79.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 i.vimeocdn.com udp
US 151.101.192.217:443 i.vimeocdn.com tcp
US 8.8.8.8:53 cdn.bizibly.com udp
US 8.8.8.8:53 vimeo.com udp
US 8.8.8.8:53 s.swiftypecdn.com udp
US 162.159.138.60:443 vimeo.com tcp
US 151.101.1.167:443 s.swiftypecdn.com tcp
US 8.8.8.8:53 194-vvc-221.mktoresp.com udp
US 192.28.144.124:443 194-vvc-221.mktoresp.com tcp
US 151.101.1.167:443 s.swiftypecdn.com tcp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 217.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 124.144.28.192.in-addr.arpa udp
US 8.8.8.8:53 cc.swiftype.com udp
US 169.48.219.66:443 cc.swiftype.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 gitlab.com udp
US 8.8.8.8:53 gitlab-requests.my.onetrust.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 js.adsrvr.org udp
GB 216.58.204.67:443 www.google.co.uk udp
US 150.171.28.10:443 bat.bing.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 104.18.32.137:443 gitlab-requests.my.onetrust.com tcp
NL 18.239.67.100:443 js.adsrvr.org tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 insight.adsrvr.org udp
US 3.33.220.150:443 insight.adsrvr.org tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 player.vimeo.com udp
US 8.8.8.8:53 f.vimeocdn.com udp
US 8.8.8.8:53 www.facebook.com udp
US 151.101.130.109:443 f.vimeocdn.com tcp
US 162.159.138.60:443 player.vimeo.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
US 8.8.8.8:53 100.67.239.18.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 109.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 92.123.128.152:443 www.bing.com udp
US 8.8.8.8:53 152.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:53781 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:53788 tcp
US 8.8.8.8:53 www.mozilla.org udp
US 151.101.129.91:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com tcp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.5.194.173.in-addr.arpa udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
N/A 127.0.0.1:9050 tcp
DE 5.9.151.241:4223 tcp
US 154.35.175.225:443 tcp
N/A 127.0.0.1:55774 tcp
CA 198.96.155.3:5001 tcp
US 8.8.8.8:53 3.155.96.198.in-addr.arpa udp
CZ 87.236.195.203:443 tcp
US 8.8.8.8:53 203.195.236.87.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:80 chain.so tcp
US 172.67.40.90:80 chain.so tcp
US 8.8.8.8:53 chain.so udp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:443 chain.so tcp
US 172.67.40.90:443 chain.so udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 90.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 ws.chain.so udp
US 8.8.8.8:53 ws.chain.so udp
US 172.67.40.90:443 ws.chain.so tcp
US 8.8.8.8:53 ws.chain.so udp
US 172.67.40.90:443 ws.chain.so tcp
US 172.67.40.90:443 ws.chain.so udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 104.18.95.41:443 challenges.cloudflare.com udp
US 172.67.40.90:443 ws.chain.so tcp
N/A 127.0.0.1:9050 tcp
US 172.67.40.90:443 ws.chain.so tcp
US 172.67.40.90:443 ws.chain.so tcp

Files

memory/5304-0-0x00000001401A1000-0x000000014068C000-memory.dmp

memory/5304-2-0x00007FFDF5E80000-0x00007FFDF5E82000-memory.dmp

memory/5304-1-0x00007FFDF5E70000-0x00007FFDF5E72000-memory.dmp

memory/5304-7-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/5304-8-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/5304-9-0x00000001401A1000-0x000000014068C000-memory.dmp

memory/5304-10-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/5304-13-0x0000000140000000-0x0000000140EBF000-memory.dmp

\??\pipe\crashpad_3408_RQOJPXRDMXXFEAEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 95bf5c77919eff7deb233a5f6dd58b53
SHA1 ed6fcfaf6a185ae9d8847221e9f042334af7b308
SHA256 6c579eeb667a875e71de1ee453b6a8fbc6b81768ef114139f62b8442fe6e0d99
SHA512 4e4634dbc9c53093dfc2818e5d15131980aba18b06415dc89afc7d4af5968d361c529cb45e3099f6a567e5c2f5c5c991987700590b2826be6f46e75711b3f8e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 767ef814f206032968f79c0cb8a633e1
SHA1 abd90bfd8869c4e1966b0d7e0c3abee0cf50fdce
SHA256 0cd426e80770a465960a4fc87e2d1849ea624a9ab89262ed5065fea4278023d0
SHA512 c4413a1a8d97565ee09a1ec74a95dd23dbb411116e7ab055ec77592985302cd91f7e213fa38562d469ef586bf2c90462c32b6e2feb223e23b655d9f40f7f8ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df3fe9c341936b973dc262ca8e55d52b
SHA1 df4cb4d3af92475e73268e971b95257ec2e89ac1
SHA256 1ba5628adc29cfee442de9b966c89907ac133e4d249b7fe9ad1839cc8b0b2358
SHA512 18249e7bcfcd58c0a999a557f3652d2cadf98f12bef148a230511879aa77fcd70b7da5a800c1629ad22a2af0eff96620c58373dbf5ef37cb6e3b4cd64b0ff29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2b96c433d753ab4ba64f5cb6e9690ca4
SHA1 f26a32c3e03d53987f65554145ec41d66727e86f
SHA256 2435ceec511409fa26821c792f6c2504b067365c034a5c5f0256266a4470d197
SHA512 4bcbae8e61cf1b1ff53ef308f7e8f28ade18aeedbde2739e7383a1e4683d4c54250fffc3349360ed8a638abfb69252e062ee52852c43e74eadc121ce77994de4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 424ed21228f7f7d764518104ea46365d
SHA1 0549022cc7b317d19c421c685700802692cebd75
SHA256 65e2a7a89e88d216842c2663fc9eecb090ac3c100afbacae115c875ba55439c8
SHA512 f5ed02fcc1fca0e638144dbf3472ac640bdd4d0890faa7e35ec4dddac0052db42d8d524d727c1ad99dc3ab3eb8b0643d05521068f03b4025d5a4d574b2b8afe7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2116a9f8dba1583c9ff092e3e8e71926
SHA1 c6fd6a0466dfc79fa005cf6c42d13333844bc0a5
SHA256 7d254ef81c2a81904555ea02c72699c53fb5ff76431081d3a80e14d4bb99f954
SHA512 1843b1da886dc802458e6ddadc2caa12fa665282c78d790cf1ec4efafdae1d63f4b116db8dacd58609c8203352049f9346288a42162ec4bfea3fb3f54bbb2b35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4b3be7a83c3962fa9d2da2c3654b87e
SHA1 351d22970531e91293b73ca494e4a836591e8fd6
SHA256 891d9e710b2794a3dc98c395f29eb9102463356d463415df4ce696a5844e444d
SHA512 7733c126665aa8519e50e3d27efe0dd8fdf13ddf1e136a13aa7beb257ef55ba9e3eae68f6bdeda92f0a9d7cdec94b8faae983e6653d66319106ee17e321511e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f1cac420d58f8f15d2a40accccccde96
SHA1 cc1a7788513c0826396cd00f629ccb40fc550ab3
SHA256 a590ca8c0afece7a479cc543d5ee429ce87c1e6a4d0ff8ca583e141ead5cd675
SHA512 6517a898bad7ff6a35fa7ee46eb20add8b9163579f2ab4fd7656862fd7dc2d4606414185c4cd1f03b2a4dbb5e5b1153d22d4e66a33b99062470ceff8260d833f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 910f60081a6b5dac63084c3222dceabf
SHA1 b5713f40cfebe98fabd806071a31b0001cf1f2db
SHA256 cc5ff1c8277fe07148e56aa1bc559ea8a4522d3d9aab04ef21d4f2631fed340f
SHA512 92d585443bce6f4cc09ee17a417016d4d293da854cc9af412b2d9e89b945f878a2a3c501ca1626cdb431e24f34945cb44ffe9ba15e6b796251fd87dd832f624c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json

MD5 1b43debc0a52a95bf8b5fa82060f12ef
SHA1 6b742f4b008c0b6c67e35660fd844e871431e08e
SHA256 a7c1b23fb531502a8d2cade5a594e885c58fe1b338634193da1a02745782f62b
SHA512 f38e319f8ca6335b16a2306315dd03a8ccee023ba9cfe56b06f585f78dadb4f15a163f028957935c6551ba5f11824f920a7a9aa1d760df3300211a0c361ed6c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\bf65138f-25f3-4ece-ad92-b71885b485dd

MD5 18f56e462bbcd7d9f58435fac9e724b5
SHA1 862540935b32cb47f17136f9cb6ae8c601590ead
SHA256 54c85f2ba3077d37a4e07113ee453084fa7e3ebc2e526892d057633a045e886b
SHA512 ffcb3ef04269556d55e99b7ca2959ca08adb935fb55b2a081b1f9b2ccbc9dc20662aceb554a30c7236dbe6cc060a636f8f28917e8af9d9e09716c4c867be4e9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\5fc3bd2e-68ef-41f2-94a2-a944321ea940

MD5 39f21393b3901a40e130ffc5d53d1066
SHA1 f33a1a9a693f91ea184093c6319b01df408fc870
SHA256 9a470393d177cbd022eef56b7f88229c8ad43d9e0b00f83590f9ae62ab972b33
SHA512 84c9d98de382f54de6eae03eb4e74db3725b7d0201276209c02d58336cd50de247312a999b7931c15dcb882c1e9a02154c513664bc340aa0ee7baae2d3f565e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\78e06320-be24-4cf5-9fec-5fbf79e42dcc

MD5 abc06f9a07e6d0dc6b8d2c96d5b1647f
SHA1 41fb934c972d6fbdd1c6be0f7fbf379d9d7da07f
SHA256 74a53289b27bf159db8b5c2ec501cc859d8ca4931ed9d7a777617717e2e1403b
SHA512 57b7f58d8209a983de4cd4a273fd62de5fa5a4a050fccf109dba7c0754c03625f3b50a4819cf3b0d329274f82d700519170850dbaf42aba68cc88506ed4c56d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 84bc0cc9f27b15606e04c6b77175f528
SHA1 7b4599c8b0eae79a2c606b1e58a617913454e917
SHA256 cbe3cc93aa97f7f9e342d01558b0952f889061e5090528480dda1b12c4c41e15
SHA512 571f5ed586c2fc6c346de3f6abbb7103b91f4e11e9e37d8ec7160058dde50abfc08604ba4ab7b7bda60b16556a49903b009eae718d6f15f20fa66b70e6634106

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

MD5 e39694f9207dfaca3de1046509a591f2
SHA1 ec6d08bd4ba68b62210e6478a1d5f8ab9b799652
SHA256 a03a834bf4886cf6d556d0413f7c714699d05b4b0c302179ae7a31769144b07b
SHA512 71c2d62f62443d72ac9b3c9d6fbaa4f9403932b9308447e6e4724bd551fc6bcda2789f6a40d23470e04c0c1c24533396170063f50184e30e1d5776bbac937a93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 e35865ce92cc84bb931526af18f7e11c
SHA1 ab02c2eed8ee530615f43490c556c48fc0f5c6ab
SHA256 1fef7064feaa96451e5ba2acdf64dd4f0f4bda74a053f02254138b3d43f2a9ae
SHA512 6093c2641ad776d7930d5f4cc067d7a8cfc4cff187076ab1caebe304f71767b7e0c3abbb2a0227d521e472c55b4abf23322efe5a431e23e94fb5f8cb3eb0da90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

MD5 10e0b5e0175400d87aceab7222033552
SHA1 12ae4821391bff2cd5de534a7dfec5c4c0285528
SHA256 5653fe7480c598778febf5821ead742d128af1806b50c475703b2f95bc4d162a
SHA512 8f0d012e5cf983cf22d08e4836d4e6dfbc5d39d72e211c83b3ad9e8fbc6b4552661332f2e9761b2cb06fed3153132b2919816b8e039c9640db4211d7899a767b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\AE6C91A7A94F8219B78F6FB4AEBCFA5DD3A78D91

MD5 754b1330d103922e5af88bc68b6a0f9a
SHA1 12497c22166b72f96d0321f218abb807f900de58
SHA256 e1c850b2a182863ffa6af47772a400278a05fd89aba26999356189450286ad20
SHA512 14b388c208bf06370aa32d837f449e7042f4fe69e3d4172689e4920e1cbcf2745c42760b5114a596c981967f5da9e20cd7c42e327f50dbb6b188ebbe6916c01d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 4cd27658f440f416f50809e99281b985
SHA1 c3a6dc768c6531d2c70f58351f9df119428918f9
SHA256 a938485347b53f4d8a5a72a22b7f1b39e3f7861e2452cb0ab561b5041b095043
SHA512 92a6fe708346b33ae3b070e0c7d758230bfeeff311e66ffac85d0ba6132d7b6b151782d59201c835544c28eae27f167408452faf31ac793a710f1eb44b07f9a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 968617df4efddb4e2137a55463d17ebe
SHA1 98d47ff02213d1fd8d2bf582502cb25fce3bd668
SHA256 831917f0c556c96d40c0491c5af01d66de754df0d8754498af0ab1f811a8baec
SHA512 08552f705b9b52009eb041604c32d4ed184c7c0686ad05b4d38b77cbfbf636d81d95c12d9e32cf24204e92126f1088b36b271de0dddd42ae9622baa22fbb3e1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\4cdb76a0-f108-4c75-953f-43f81cbda4fa

MD5 e9dc710ce3ac3ec499e0753924144fa0
SHA1 9d13088fd03338fa96d6bd768ad25d8d4a621eab
SHA256 4cff526f646c2d6bf146d722e2e21232fe7b1ba0cc4ba2e645d5e42942d9af10
SHA512 91db48fb8d560383ed25619d90111c0ddaae563b3278a36c0d6a3b764b31d99bb64daf6477847c372b90ceab3dd8ec4f61f14f8d24c79c09fd675aa8b4a8b6ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6126b3cef466f7479c4f176528a9348
SHA1 87855913d0bfe2c4559dd3acb243d05c6d7e4908
SHA256 588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4
SHA512 ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dda6e078b56bc17505e368f3e845302
SHA1 45fbd981fbbd4f961bf72f0ac76308fc18306cba
SHA256 591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15
SHA512 9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 027387e4e42f6bc0faeab15941009a53
SHA1 090603fa68a1ac561b46ca0871e4d1e09807eed3
SHA256 b48089786141ac8f29cf4aacffde0a29a3b1b1950c6da914c37a087cdb2a711f
SHA512 715a0adc9b917402e854f6278168cd3d160a883c3e39d75a614d37c69511a12b4ae2ee30b7950a9a77eed2cbce013995805e5a7a7d52258ee7f6f8b62dd99975

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 90cc75707c7f427e9bbc8e0553500b46
SHA1 9034bdd7e7259406811ec8b5b7ce77317b6a2b7e
SHA256 f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb
SHA512 7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fc326b7183ff1cb08fea6b710ec90b69
SHA1 1579ce6a95b3fc66870a4ed88d3e2a3769e82435
SHA256 447ede4e0f7de46319b51f1167d76a59c227bb4cca3cfc379eab969c512696b0
SHA512 a181ddfaedf82135f277e9e68805f50ccf9f23e2cc9a3c80dac4063063b4769f1620f4cfce0ea907ae1dab09f6f4137b1f0528e13098e6a0cb10fa3a10c32e67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be5b9d250a24ffa04acafbbe5c810307
SHA1 8ba1ed6fb019be5772377093aec8107cf650c931
SHA256 4814abbe163df4b189715b0b6d2920682322ecf1e7b306144b9cdf2b2505def0
SHA512 aeca2f2454e1903759d75cef31d40c5e10d520926c9bdd0725cc814b4935a207e175935dada24623fcb54a03ce137090aaf6976c67185e218d11a9959a552e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0d8c8c98295f59eade1d8c5b0527a5c2
SHA1 038269c6a2c432c6ecb5b236d08804502e29cde0
SHA256 9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721
SHA512 885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8244d03b6e6d8f8636b970ce9e49fa2a
SHA1 186e613179d5b1f9795b846e48250fd8ef00b8f7
SHA256 192a53f247d82300062af78eeb8bac74c81767f1d3d01e77d38e3ecefe2b95c6
SHA512 545f332059bf3da3035be29659b4c341476184cc6d870b4d4318463fb96e6ff7af111663db7148d78bd1fa48f2acd67fe8b1f623959340a1ef949003777f7104

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9cb8360805a43c8464e1fd67e4b00370
SHA1 bab3e77c0f77a382d235eec1f946a1283affb285
SHA256 5a510aa99689eebc7ac9d5b10d6826f01c1714bafb87025ca714a536fb93afa1
SHA512 6770c908e887c31936c6edf8dc18d3e73397de2d16f76f945152a21bb1372e8dae25a4968fcf817f5e516775233849b8f9c34a857f4318d07a94d134105a7ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abcf9830a5c361aefc8890bd4ec21169
SHA1 602ffd61aea70f0c7a3595b47828d2c47a6280b9
SHA256 428a838d504f97d77b5cacd8cf00173002c493b93e967d83ca39c48f36006a2d
SHA512 957111d8e50e8052768c819602886e9baac28ff11798023624c86a47f426b752e78e9b41fe1230427f84b4b51534c1751cb7b551b84150dfb470a8666ecb659c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 55a93dd8c17e1019c87980a74c65cb1b
SHA1 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d
SHA256 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009
SHA512 f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 cd74fa4f0944963c0908611fed565d9b
SHA1 c18033d8679d742e2aab1d6c88c28bd8f8a9e10d
SHA256 e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804
SHA512 b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d665bcf5fa1476cafd7b9ad58689b48c
SHA1 442a040dc4b34964b325e6fb6b1d5e06fde71d5e
SHA256 eca717826a017064cbc4fb1e43e56c3699b41fb0c775eb3951683cb59591614c
SHA512 ed140fcdedac1acca0f035f465e5d9c6213e10c08bfdde410a398d877fddde8e104c332fa6b3e4758f74bc03cf97fc7dd57d98e22160a7366c541ccccbf7385b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59624a.TMP

MD5 abd055a30d9be33eeb8830ae900bc77b
SHA1 cd6ccd258fcf6addec32f9425a13b54fdbd66fa1
SHA256 26b4084650de64c44ab507932a838b6a5d47c6b77aeceae3bde0354d2837ca03
SHA512 6b7c0b4ac57799545fa453622f733c25899a86324d3eee54e23ebcec7cb1f2d427e1acf25eac919fec7714ecf2e8f6795a7562cc48a8c344854127b2937b6cb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42ec4656a0264aebf92aa6c13d2945e7
SHA1 74e712f0bae818bdbb563034aadf5b81db9f6939
SHA256 9134882264a50aa1f111e317c01af5e2e9b323675034e0b81e98981a3a891a63
SHA512 31b115b805640b9fcf1497b1853fa7ae4cbc39c5821564b0959bc17fc4ed69299bdae8f9f943afef7a4618dd76092de75529982b6b68cd4b0132895d753c2262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a179cdd14370c55490dedda45ec3c7c
SHA1 431a6022e1b99dbace2802de5de1574bec73719f
SHA256 59110c726d5d8c767e629a1e6395572bb5265863075fa8065a472d4d6bdd042b
SHA512 1ed32450ce42312cc7e75c2c731f426bf37a95c6174b832c16646b4a57b094cd1305b57ed784671fee61ce4aca3043390e6491cd392b78a2070d0c4faceb850c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c294f7cdd5b2e8258fc14e49f7a33259
SHA1 dd5397d00c3d2442e711409a469f86b70b05c741
SHA256 7224c18bb6bc76482c36b28074ab8a1c17b812ee77a6768ec180954857736b49
SHA512 a76c3d66756e5caa257dc9cad430bfaaad17ab12fceb98e77377de5fb90d4553eae77e061dcc8ecc9c8e354224dd668bfa4edc4afd2802bdb59c33c2376b4de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ae77e232de2c2dada499f9c55d3266b
SHA1 bad8b4abd6c70ba377d51b591c42d85000a9d271
SHA256 a1b67c544911654eb42bf79528d3dcc2a701cadd894a6b9417c4c1d729442b70
SHA512 d11bfa2f9999deb09b8f3fdf94bd081325cfd16f5d0b2c922ecf90f7de06c708f6bbb5b9cc94560f86345e27498d1aebdd851838efc575aa647d82475812cc23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

MD5 bdbca6cd39a21b94af5e37a7d95cd7b1
SHA1 3bbd7a9c40294b9f26a7fda297a07cf68f4274a8
SHA256 fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50
SHA512 930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad484bec792e50953bddf6750133fcef
SHA1 67ff6331148ae58e1b58ebc3792f740d7903527b
SHA256 56237e3e81429914d3b81fb512449705f5b28241fa9898f9b5855bb77ef94862
SHA512 a1c9d2a92410bb7091f1506b3b2322b96fc57f4c54d6c5e6b5af7e6b1d900c69e23d833fec0ac22465e892d1086959d864d025364fb7d899812a294a98962029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 125b478320064eb0901a4e2742d3abbf
SHA1 7805d771617cb444bc063d470828ad50b74e7e49
SHA256 6c830e115a3e8e60d44b06b18414b036368a93fc7d649997f8bb39799caa7090
SHA512 44528e48891ebb617899c7ea52f542d20cfb58fedb9fb63b533f573773076aac53d754dbd63e319f24dfe0f5c15e6fd5c98511aa40d89b20514ea1b21850e4dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 bf5fa4de24f671447a2bc00077936f7c
SHA1 1842a19b95d3ece9c99daafc4fc0e51870bec266
SHA256 08b7c27265020e0da11a7463473d48166e4e753da1fa77f3cd0fd6800a290283
SHA512 0d2a16be4a3f01bff51c7cd47230043dac7c17e8b0750009edb51b8224edef1d32a737646a944757b38a3a787787d34da6c82a9af1678dda02534ac421fdb18f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 4fdb7fe5b56044702f174f5853a2c13e
SHA1 9ef43a08ecbb7545913fd3cd14a63327c65a0f6c
SHA256 fcdb88c20936d82f3448c7e2d3bd94e42be5e82275fa545db276cfe8d1cf49a5
SHA512 c81a1d26f0e249e379a40b216ed7f67913f2df96c573d431354af2db90bb25304512c6a22d715649ec38aae73dec06d4a2b653f31b4e6ca08e34f077e14c2fe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 526c25b254a7582632c2bed848b6ea9c
SHA1 0e6dcca312d1a411b4876948fd1b4073381b0503
SHA256 54b423604867beec2bc74ddaa3d572ff3e742a019a08e81996f094e458dae45a
SHA512 67218197bdc72aafe93c3819f80f5036699f439ae94696ce9bd614a39bf2902daabe7c9898d404fb25aaf71595ed139220a9da4f70199793fc6a028d1c68f777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 dee46781c0389eada0ac9faa177539b6
SHA1 d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA256 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c88a888c8c3fb26ba6c82c56280d5f51
SHA1 a3c19bcc7b77201ead43f88517f158ed0cf92641
SHA256 f17025abee2acdd4ffc164903208883b9bfbec93e50e03c2f2412f6b5528c2cc
SHA512 f992cbb22fbf34296c22c3a07ab8806044e1b32eb39b60233b4d1ba8cad3f4ff241422d1085ac3e09b14959a021f8f35e56bd482e7fc38ef14c4745fa9f96f81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed2ddab2f4ebf4c0e8aaccf9b8cd6183
SHA1 63d385ee4f8fc29bc502527cb93c7e23ad522429
SHA256 c8ec6538df8dfd1b165029ddc3be7a6cc5d24453b432b336604351ff77a2ea8e
SHA512 57901cc83d31ea62b05d82cf61fe711f8ba3d965168fff44c5f6496a35e23f1c2a083cc69957c4a4af37d0e663ff22414f8743a5256e3cda9929924f7a3114a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59e5e2.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 337fe7dd611f32e1a30a4c59886aca08
SHA1 4e4a9490c85f2ef2ebf6598ba3e9c53e14d3d969
SHA256 2522e270713457687f618a610abdd0b1fc7b9b97d2a4be2bcaa65fb39b0a5ef2
SHA512 580019701eebcfa0d79e178bd9f7d11524633bd5badd338d632aeb60264cb180c4f6df6b5450ddf5a243e9d016800a11dd997c49e5a9bb2ebf293e46868ac860

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

MD5 6327624317701c6c4924c87cfe7cd97a
SHA1 27389d815244682780bffef61856db93589b3ca6
SHA256 d3d2f1a5cb6c279d8b34d82680d68ce110054353249e9a2636bbb452cb7ecdcd
SHA512 b5cf6c5fd48dcafe57eeae6693d184e90a79fa3232b48b2518badcae3138c8b15b19d4ee95847dfd437cc852a9e6dacd7f22f49612e70bf3bea7f10aea4df533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d072a0fa96f48c31c364e0decf26a35
SHA1 b5a717d66d26ccaae6ffb7f72355204956a544cb
SHA256 3fc47075ea5364c7e97ca2735854f80afdb11b2affbba7ec11132ff9c7c1780e
SHA512 a974144647f7d5b97b5f5c183763d1f8b3583223ef47f9d0fab893d35273c4fc7dc953f0aa1ed67c2f9c2d798352b092d425d6d9755582de9ed5cc472c1c282b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 655a768a0876d6df81dcc9a1671dfbc3
SHA1 46cd55703db4ea1631fef0a91f0b39cdc8dee0b9
SHA256 b6c118dbb84fd7bc2b798aeb31f25b865e57bedee137602f70eda0c6a1923a80
SHA512 32285a0ee8f58b55bf7e2274ddbd52ab9a11664c98e3b0c031d043a4938fa1995cfa4980fc7f53cdc5da9a46b4e866a088eb30adfaf5a221238ea4b8a5537ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 167fcaeafccc88fab8e150fa5ed40267
SHA1 2d1c317a5f5571ed15c68a0fd2bd78fdf5b70af5
SHA256 8c15699fa7590a6df83be587560f58044ba7ab55e744971b6040b22007d1d259
SHA512 c24644d3a1de7e8d8d8ed223737cf40c98cb0a857ae692b2631cece5f8cbea246055bf09445b5cb4c8f6d74d2030842efefbb5ff518b7db0ea8195e4cd811efa

C:\Users\Admin\Downloads\Unconfirmed 345684.crdownload

MD5 60eadf6552fb282c9dd437890c0b5e24
SHA1 11d401803530793093a7e01e54ad627d72b3065c
SHA256 0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b
SHA512 b4cc19f0ac5f333c73b1cb592276243f64ba44ba8b81e61bbf3d475c822b2faa18dad48a9795e6589c97ae12d4ff6c2de3a4d207ac3aae7ad4684d66d72916ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65fe0abcb03f1d97ffbc8fd01db11f1a
SHA1 f9a8a70a36c5935d3a83b7d0ad9f7db5846c4f0e
SHA256 22c1d64bb8d2805a26950ea6b84d1041c7a4481bb3deaec40e347bb8c3918c0c
SHA512 0df17632521ff032cf899bcb56a317811853fe317d5c2660843af7dae0f4ce5b1486a855e205a77b2489fe7fa1d4758fefd8d11aa71802716e45eccf2df43f30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\db854608-0eb6-4d57-a6a6-8652e8a4ecbc\index-dir\the-real-index

MD5 b55a51e546f57b6027857fc5a1ef61a9
SHA1 ef37482189083567778ba179f15477f0d1a9db1c
SHA256 a76844f5bfe27b466ebe874d13540c97b6878ccc1fc417febfc0539c423d8221
SHA512 a35008767971c3c4e0803705b6ea6bf3d7ee925f08753d59b9c1a032f286b88160bf37a7532dbd757f0f4b8297d2b3f567fede341084fcac616380ec4f3e48ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\db854608-0eb6-4d57-a6a6-8652e8a4ecbc\index-dir\the-real-index~RFe5a496e.TMP

MD5 89cf045325da1d45d861cd12454f9f62
SHA1 e244d29d65abeff2bdacf7412c7cb57601f7e24d
SHA256 c395526ee2deb81fcb696692536bbb51633bd17560c90644bdae87c742f09e23
SHA512 73965aacdddd60248153161a62db754f6000724422f63357922b57a12517c0e2fd307ea42ad79fc474a3cbf515cd5697035130ca435c45a8f7aceb16aa386fa0

C:\Users\Admin\Downloads\Unconfirmed 34330.crdownload

MD5 dba533edfe91246318f3baa8e2efa47a
SHA1 63e0789a8169ee6f1f58e0562feb41aad9d24591
SHA256 5a31e3fe32f6c77525512f701a4b321432050b99d2772b6556efb361fa28c71e
SHA512 26639c83fbc575c0438857117c97f21bb58b0066789878b405cf2ab1eb1da410ab9e595cc84cc41a4d95fd0cafb2874e7696cdb69f7c8ee565e982715babe7df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\index.txt

MD5 694b3d3e3618a4540668727712bf3e36
SHA1 77e2b61768a158fc1b823b3b7e27f5b484c0ea17
SHA256 e2818754ca21179cb872e21a8cad22477ad5dc8d85fb8f7b2f3315d902cce565
SHA512 7e3d257bf7e642ec3b5c826e967061245c9ffc305a03f2b92952cb7aee996ceb8dc2878bf4c18b76b053e484d1b35a833115ecd7358af64cf033fac1bedc5069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\index.txt

MD5 fdf046c97681113bc18e270a29047866
SHA1 da146d855bc7821a3f614b4da1675834f10fdb4b
SHA256 191a8da4c4ee250ef897e202fd4eaa4ee4bb017ceca9c3d4361fecf35cfc090d
SHA512 ed40c5dadaf850addb1854fe8853f76e90c18d6ef359a2f8b3e3e8ec50b0da1edfd242adfb0ac1d6f0c31ef564831ea21956a216429f296998bb4eaf0cdf7e28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9605700e518947fb1896fd8f043eacc
SHA1 1991ab19b48a0cfdda79fc03e1597b0e94372658
SHA256 de7a9db13da776c4ed6ba4c0f562e32f149138e6ba487a8978b2ad84872b4543
SHA512 e863bbb1cdd5b654e7361147972b5ad8ef6720f59daddd3aeba9fe895ccedebed4edbdd63ad90803de1ae61bc575ce30fbe34204bc87b94726567015fc71c274

memory/5956-2286-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/4156-2288-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/1896-2292-0x0000000000400000-0x00000000004D3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp

MD5 dfd93de42e9578134afa014f60acbe36
SHA1 9a0e08fd5122a5f7688b05868aa51e4e2c69a647
SHA256 9d2d3263a5b32dbb2dd9532aa571c1e07da9a2df228e5389872df126126bdabc
SHA512 4b6858c06a93e107e9854d4e5892da171d28c069fe7cea465c66e9e5dbb98285d165bf50281d8d00390263b99323222bc7c87017bb24c90c6529a3406faa0100

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7bc9.TMP

MD5 64ca5dd0830eb9353a72e4b256520e3c
SHA1 87e7ca63c3e196fdf8eb9f5d8bd36b7af876761b
SHA256 32517775f4b864b3e01bb6ead77dcb3c41c8dded58e090f0b8eaa10a4194fdc8
SHA512 d949797058cc1332ee89e49217e2e01cfc5eafedad522633ea4853d16d6abb6ed862a113c18dfc8f4a2f280cb63dd23d9336bbf76c3eb23acfd6d50c063ef40b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c3c50d5e26463c50ffcc1c3334b88d1d
SHA1 7da057226e29a80c89a88591c982e5cd3a03dc12
SHA256 cdccb911f3704eab90ecdb27038dddef5d40826edcb50a5522211303eae60978
SHA512 3e288b27d85ddcccadebf6e9a4022e4000e7e10a8c9bf5dd2222eec7f804b53dc9b676fa2fae59be88c625d80cb6e70e74895f206568ae89b8b147bb56b96be2

C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

MD5 842e8edbfbeffb9ef234a2da6d5980fe
SHA1 f76e944e5ac3c489d987a11a313b41dee3e813f3
SHA256 ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3
SHA512 1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

MD5 21a4dadd5686773fe0ef880c22f07d38
SHA1 6236e9ec7eee10d95b3055a5e473fd2656898469
SHA256 76ec2ea23b6d6cfd69699822a95e9032b9ef8100df19be91357c4e71a1f33b37
SHA512 e8dc6bec5347f6d83cdab1df7683abc0d563603ea08dcd5acccbdb6ac3a6efdbaa88dbdff5c257251eaa1c5311947a581d4a2bd506cbf3fbddba1e46471683c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c130e4a09b717aac4a878f04d8095e9
SHA1 b460167ef8b0d3ce78d18dd1f070eef20fec52fe
SHA256 b62db3d8d4b7a11fbfe00a17923d48e7e61ced9a0e1ec3e49c8fed75ab1ade96
SHA512 0106bbf5c25f106d8d66607353594c22f59606cc5f5a49fbadfa12f43dac5a8099a11587f8734baa4d3cf33b7389f4af2ace9c491060498f6d65148ac1246a4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9abb07cb1932217ec05300f78cfc93f2
SHA1 2d4371c4a14c6d638d94895ffd461ce1505ebb12
SHA256 e9dec0ef3bb048cd597e9b2150afcce98aea1b6a321813ab76d7dc433ba2940f
SHA512 d231625486fd91dd8769f1abf4b977e12cb244aeac642f35a7f300853881ebb17ab8c545ef6c8fb9489ce8af4f5e1e21b449fa669db5a005e62ce08857adbd84

memory/1036-2444-0x0000000000F40000-0x000000000177F000-memory.dmp

memory/1036-2445-0x0000000060900000-0x0000000060993000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5688fa60bfd59d66a42702f220ec5c0a
SHA1 f5a4db5223052f45a1852c9506b702c7cb85d967
SHA256 18bd46ad20212350ad43ff4d1c8ce945b08c0f3c2620088caad4c10568a2b4ec
SHA512 e8c32fddd6b21f7cc070b3d935c2cc312b0e856b53e733b76da0c9380ae6d573dae2a77ce638cd895d3bda6e1db5e36fba0463e9c506af438007ac33c8541cb4

memory/6988-2476-0x0000000000400000-0x000000000093A000-memory.dmp

memory/6988-2477-0x0000000060900000-0x0000000060993000-memory.dmp

memory/4436-2479-0x0000000000400000-0x000000000070F000-memory.dmp

memory/1896-2480-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/6720-2489-0x0000000008E70000-0x0000000008F72000-memory.dmp

memory/5956-2497-0x0000000000400000-0x00000000004D3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b63cdcfed2682068d85490191ac5b0a2
SHA1 4258fb79f9cf077fcb66885a6151d5e716fe8e77
SHA256 5fd4090a874e11078c87cb85b4191246cb953aec7fbeb94ba0024299ca3334d9
SHA512 393e2e20fc3d12c2b9c1592548f988f96664beadc83d37588fd6dd5f268e6727721e68946a148cab26165e08f354bf2f6e700b3ccf9d826f721758e1a72690af

memory/1036-2562-0x0000000060900000-0x0000000060993000-memory.dmp

memory/1036-2561-0x0000000000120000-0x000000000095F000-memory.dmp

memory/4156-2565-0x0000000000400000-0x00000000004D3000-memory.dmp

memory/3972-2588-0x0000000000400000-0x000000000070F000-memory.dmp

memory/4448-2596-0x0000000000400000-0x000000000070F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 de8635a9b7750167fc04b2017979e949
SHA1 be934a7959ca6b6e4aa3d8c601647b95fabb47af
SHA256 dba4e498bf82667d4b7a4f438121a679c2f1946778741b001bb2c48beaafc9bc
SHA512 118ddd99b840a9230a32e5b44554fd9b8c0e2ed165f46d6a9da66e6b112307f05473e10517ef7ef2bec6de171fdfc265095a21d1c8dd89819c135348cef025d3

memory/6720-2620-0x0000000060900000-0x0000000060993000-memory.dmp

memory/6720-2619-0x0000000000F40000-0x000000000177F000-memory.dmp

memory/6720-2621-0x0000000000F40000-0x000000000177F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 937df9623459b3ca1b25a81ef5c46a5b
SHA1 aa1612c051d4c01b254711830b4ff7134aa3ffb4
SHA256 c189f23136d4db9c9c1a6a8ef6ebf574b32c1a5a64e2b298cec9c4651f09ec57
SHA512 122faa6cea75853015e410328e4182a80a0392230c40ffcc6e2493ed7bf1ecbe0513c2292908298746d8931965dd1a0bf0b3fb40527581e440531dd64b3e5f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 397114a8ef8d1fde03829d7e6f166d52
SHA1 d7395ddef90cc59b6ce50688c9b46eeffbe8adfd
SHA256 dfa9e9037dbf8b36e635c36b5a82e24b1ba3933aa056ffd97b84ad8543dc9d21
SHA512 05f9f13c05e46e620980201033506c7724dd06c63fcefa9bf2064cf4d3b628ebbbe068528e3a29002c97d0e3740974ca8248afff747818fb41d911d2021d44ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f2cbf70837ff7b59784369ecc01b1af
SHA1 6b491dd20b820b5218db558646468e573ad07385
SHA256 36064b7626bd455dfc1ab7b4949e3fe644462584ed718451b286be46ac75a5ab
SHA512 35e1e9fb688fbb7d7be7db64c36d8907c6451635e63277e040074eae37d55d118a1d384c557eeeaa8e6b5bc2f29a9c76d04bf7d1e19e254ce13519d28e5f2210

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d20fd29fdb28f8f19d18ae6b053531bb
SHA1 92510698f444ed9ce21fa35486daf2f2ef1e5f89
SHA256 759e5bec3dab039ba460650cb010e9d950a2e13b9dd4e46d77b020f42dc2c5ad
SHA512 39795d8bbecc28c9237b4740ef0807bf91653e7e36d0c3c327fb795ff84aef73680fe9a4c3a6d630f9fd45a92190d2a0e12465cd7ca10ac199ae6327aeffdb21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35a45aa4-7c05-4705-9e42-faaab793b607.tmp

MD5 d571737a8269dd5dc6f87eee5f8ab660
SHA1 0e5e5ee42c9127ceef623e2593c65af5127de231
SHA256 e935cababdc1ca034223503c22ab271c28cc0d654d3914b87f7f689e072e6807
SHA512 51743a79403feb573d26071aec291fb13d81fbe5c2146e994dd6e352c065567672234082d6b82e3e93444c6223b419a2c6c07570db92e46c6cd3817afb5a1f7f

C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\26E484A9F1BFB5EC9DF0894433ED102B521E889E.7z.status

MD5 cf25c42f45a3fc92adb23a4fe24daecf
SHA1 2d52571ca1837e970538cabcc3c8fe78ae32ca88
SHA256 d25a2b6fd3c55e9a3932ac6290dd1729f02c90bdffd7cad20661ba20505a06a0
SHA512 a2ba4d33b442053030e8233af7bd64dc230343c8720f62228bb687bbaae5fea805b479e0b7eea7d8bc0ab0c84122b0733859f024ea77d4b4df59dfd0796ac00d

memory/3316-2730-0x0000000060900000-0x0000000060993000-memory.dmp

memory/3316-2729-0x0000000000F40000-0x000000000177F000-memory.dmp

memory/6720-2841-0x0000000000F40000-0x000000000177F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 612bc56816062572b0bf80767c256f0d
SHA1 9e5c9d580cf2787e9671a8ddc7ea358f0890609c
SHA256 759d876b6a7deed2e6f5e0286e3b864270fe5e437d5fc0e0e1a3815deba7f434
SHA512 cfecd15f8b5632cc96f48564e77443c63b64e88e6a1b97243ee799e936def578e8ef94dc7c8517b04314b55271b4c8d72c8ae2320750cb590af2411044057071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bdbf0f28d444e07a1caad151ba4fb737
SHA1 8725478032393881b3c208d8604243c8eebf361d
SHA256 769a8cf49500e6395bf36dd38b500ca3bf8647eb72440c34956ad9c902aae56a
SHA512 8271a49547f8f94545e984a564bb423124d60961dba497b9fa9e35a703d869ae7d4ee9b6d106553936c0095360a837a37bb07b3d0d1c90d99d35f8f901e53be6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 778620dd2740ce5867ef9588068a4212
SHA1 c595f05e5b22e99b0d9e1b7d5c500a59d5cdb848
SHA256 cb8f7110a487c4000ef6e9899468ee7af17fc6bbb4bd12a24d4d3d604b965f9e
SHA512 e729c5436c1ded73208caae9b0af5670cd18400de2c3982fc78c8acfc95c98344a7c05c1f5f7203077425236152796778b7179218c701e51341126cb9cacc56b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a0d3f463811ffa34f9f012cbfc38f94
SHA1 f5f4c6a6a7d880dcca60cedbb76fb2a7fdb551f2
SHA256 331cd5e9f1624643bd0154e3781d446bfadd6ce2538c6d47dc29fcc6a267028e
SHA512 997598f2cdb565b9f641ee3fb903f0cece570d4db791efae289cb1fb84fb842533265d472554091a58e977b55913da5970c9b402e4db1fa48cfe993aecffa024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a3ff59a6c3c333d78685cb76e7a8e84e
SHA1 fb9dee388f5177df2dfd492c8cdf8ce8ea2f1316
SHA256 243fd1298448c365cae3583ea89c6fee4f7dcf071e1374b56a45cebd663d64a4
SHA512 7ed7848241eb02a2cf93b63a27fe5d74a32fd8e43d9fe50d7316bfbe70b80b4ca9b8646901fc77bfad402e83f1f94851f2bfd9f6fdca1599d1eadebe81af93f3

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d25f68d57df5f9682f29f58af39f503b
SHA1 045881e89f26813092175086579a19607993ddc3
SHA256 d458d4d2bc7e7e540c527bfd9ce73424cfb6d0ebeb07ecbc17ec65ffd5a7b0da
SHA512 5e1aa004f8e0e01b3422bfcaf3bbabe401e7e482bb3a547bdde39fdb2965e825114b7c4849396749dec030582445e5073cfd4494db839c388d961d15f3fc87b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 20a0cd267695a326bb4c85dfac0568b5
SHA1 0ff5d03e4f52625ce6204dcd74b398c14f4652a9
SHA256 15defdc807b3f79f68aec26f416e7a39157c054fa432637ccd4664163255e749
SHA512 16d8e35c83813e2c9b90df595cbc97801082daf40d8b186d17a4c04aec69248c2894169f7ce4accb7d2d9d5dbbe612c53f340e4f1075a8a46d94ed11d73380ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 886d7f8ad6f342bb585024a7804964db
SHA1 20fe0ff3b79d847af72946a79cb9c73c08f4abb9
SHA256 d9445e7ab93ae2ea14b3fb289bbf7aa72744fd46ce48bcfcc1f29fe7d6cd0a0d
SHA512 f42b510a1846f8bbc039ce5c02979ae0bf7a631c9e2cb2660df767a3b7ef0ff549cdb47e0182d1d00bfbd369b7daa8e6b69c5d48460c6d03ad2fe5d2133e0a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e774010d4804e6ffa60c4b2d3216981
SHA1 e9201b64654ccbce02b7becdfade219039224e3c
SHA256 3c0e9cae41d3dec537cb1a3a2c64684c4f8b43d6dfef92e2bd2c1e99154399b2
SHA512 27ffee21769f03f58c817a4ae3fa6d13d12c67a090bcceb6bf02b7d50ed52138e8ea86d6a0cff2212dba4378a14980131b51e2159e0a2cd45753eeba798596c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f71cd865035add8f733724dc63868452
SHA1 b6e97ac614ffe466a8fcf19241a901b6ba6af612
SHA256 6dd909ecad37dc056b37cfd8fe415b5c731d9d378a2cf6f55cf37ed53551019f
SHA512 f063817fc83dd9d4b7b82d7f2211cd7de747f75c4db37b31c17a8fb13a44081fb66b5d53b553b3b6a35be26c13e7b15e384135f70500e5521ca0951e90fdfe3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 81e284d33acb31f0cd5f8fa69c2602d4
SHA1 0b3d27bc2ec639d1c6d967b6ba59017c945557a4
SHA256 b02f643998a14eda9b456a3cbbaf854f3e4173281b6851f3995c8c77e7fd1fec
SHA512 142f071bed9bed66833822ae68d2d3eaf96a086f83d1c36771bdc534dd1304b7274ebc78c5e5d0394999394fc3ac88cdd0df1692d2549b7f08e48d3909e32020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0977752987ee7a9b006e22f7901b01c
SHA1 bed50bd79e24eccb2c05242167084ab71b2edfc3
SHA256 84322d07ad546e016ee96b94c1689b4497713576c5664cd669fb273b18acc1d1
SHA512 c1589727db11800e8665e2e832b9c578db0a4fee5bde8944a2a30f9c0564b3554edbf8ba8417678ee3bf670d2aa807caad2715b5d152595ef2dadea5ebc095f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program.log

MD5 91eb424016fa10bdd7d4d4c78650e8eb
SHA1 fb3bcd547fc60d2002179abaa1502b6662978f07
SHA256 b08a9a35a71745554c5f1b3a6635aaf2a6207c7ef0fa2f87db0136917e200f0f
SHA512 558415bd67f5c92faf01bf42f451323d0c414db09a9b996f40936fb24e47b6b4a7aa88627cf8d2a0d1bb557df1663d4e299068eafbd6914b50bcb5b3c43f9dd1

memory/5304-3297-0x00000001401A1000-0x000000014068C000-memory.dmp

memory/5304-3298-0x0000000140000000-0x0000000140EBF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d51ff809c13a3a8786200df9bee461c6
SHA1 0fb181991213106daa55e4f886afe0fcf4241d74
SHA256 946e00c2ed8232c56ba48d691321f2df1788ccc45a0f908e7c57dc82d626f0d1
SHA512 65765026429130a5854a347b1d31ea9a5e6cd12cd14be3e83b5c620ad96c6fc73d34735fc80b8308bf5d19036525e4dbf989d395e4c45edfa179e66459b8ec4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\84a0db7b-cb3e-4bc6-a165-4c4f30f295f6.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 956f4506231bfa76aba88e515f18b7eb
SHA1 e0766b0c82086b60c880583af662b19373f91e36
SHA256 2a5b9af12283fd873c4e4ab4fd93d13cbf94bb0701454151a96258a0d832e203
SHA512 37fe0587a692c8638f6433a23c414ad8d84c626564deea136d942d38e611a73ab93f09dc8d95503da635ccf6dac64ff8e9b64eca409211e487ea033becc160b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a1470b97374e5aec245c1d50cb0b8f7
SHA1 41ad27a7932d4f7c9ef60227025f352821c4aa02
SHA256 a038e9849fa6080e1839872529f9ffa9907489022f0399f82ee76cecffdc74cf
SHA512 5cd8cbc0c2db38c65847b78a01a5acc2d2d3d8cc85ded4692e38bce9726ea5b503caad1c665dfed41362b1d7a7e5f9aa4f092e0f179dd172255c1bd9445c2c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1db41a2c4a11587342ac81084f0f31b2
SHA1 1d2af20c024a015b33f40a343bfb5400854ed3d1
SHA256 13a16f271c162cee7252758be4827bb0bf22edfbf95ec02c0aebf2f9807ea5f2
SHA512 e1e7e834292d7da2765e5e55d81b6a7d66750baceae331abd5e99569f50dde472da5dd6d4ef8c7478b9b89c285a080c1a6cfe3ab7ea506af74262e68cbe26b40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

MD5 6eda9c4c61b12b37c9d4aa16cce03dbd
SHA1 61bf85d92987df7a639d9acacd94cb6a36a7c515
SHA256 65aa52bcac42500ccd2048b39588f0190a18d5df77b36370fd7fbdbb1ea3e8e1
SHA512 58cf49b44fa819f502b93eac1ff1bc2d6465653a82d0a413e9f08e609b48cc762e70cc987366fec52bf8afa0e6afb6287d0cf5f4a5b82efc5d482e6d3ecd9a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7e346dffaab9f19f814f288de051aeb
SHA1 2ec37cad748026fd1c77d2efa5dd9d45d6fd8c48
SHA256 36ea4653ccd0bbff38b1a4f4d740fb2f9d989e02221932cb6019878a8dd60c65
SHA512 35f389a01e2bc83039dfcf5bdc363b121d664cbfdf09e5a71f1bb7eefcb8d3bb2832454130416a0148857c2c40ef27a0016b2b754f8dded32f86c8012b38f6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

MD5 f70baa579d763f4bc2df9911cd97f38d
SHA1 cb6ff1124c247215383843cb88bf36473aac769f
SHA256 69c6971720ae95f2ce455328db7afc3b142f1c2861abe1048a48c6efe72c1816
SHA512 2b320b07715c8326f870a649853aff109d1bc3fbd4b7e79363dcccb79a42d3ad6302e56ef95d769a3a37db7a5c606164cc2098f6d3e4354d04ba2b197dbdf775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d33f2214b0cef22f10f724683ebd5523
SHA1 b405259fa90cd9fbb008333078246923edf03788
SHA256 16dc4a23a48c0a46ecf1f724e3caba513deca8a77455326c4192286dc589cd8c
SHA512 6f7fbd98688452e9d5975144a36c1d1660d55635df980a253a58c97e2500ba33f1bbfa3222d11a6f134cd930e705d47d29c89cdd6c63437adc5cd7899681005f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8d39be184434badafe117469013aae4
SHA1 1f4b1d8dd72783dd4ac0a6c5a345f8f2fa745fc4
SHA256 3c5dc96ed793db170640a9b063012c35b431a09a23a7b1b617c15413ccddde6b
SHA512 417b39631fb677671650c14e6fb8ef6829727a2fe0ba548bfedfc36d49899c70fac907381d53c8e5f8ec8de8ae4136813fe78e8030f4366d37747e501379e910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2456c8fa5e44e0c7e329b1fed01202fe
SHA1 fa4cdc444aece03edb826367d553d67394433979
SHA256 bfb62f251614d95c13b442438bc20746e74452316033c825d74a640aa7ca28a3
SHA512 814b4cd9eb0abf00d4b6db9fe268e8b69e2ed7254838485513538b1dc025cb0dd7b4af5192d54c03a0936645b6cc7fa7f20e76b9470c05237be2d8e0bdeea25d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6f8d9eec772f1dc30dfc620abc8b0516
SHA1 57fadcd2079ef491dfa2121b86b8bf32935f5ff2
SHA256 848f304351d30c2d57c25dde9e88ff332e2f1f1ba1bb16af7033ed0bdfa949d1
SHA512 9d9bb235d7f7d791a84cca68c2cc41963ccef3862b4f99f31d1856fce92971c58776056a710faee0d499d589491bedccb6e1b8558e3c2e73edf1a8e2fb7dab08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e35e8a46b454342524186129417bc293
SHA1 6143629d5c8c398fc88f7acbdb5247d06454ff21
SHA256 1f0c4b73c2dd06141df2aae0beee7c14d7d22586b184141c7e0fa389db6b5acf
SHA512 4e75af7a4a9e4ea5e985e920f4e0a75ce9819aa520ecf8ca796d4bc723d47b6da27b37f3974f614be55e91a04585a3f3fee86e6ce5afca783c51971600a006d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e493d151869d3cac126faec1db30d94d
SHA1 40a957e96a4631cb562dedfd037fce5924c70257
SHA256 70d990922ef94c7c7a5203b728b90cbefad307c82758a87afb2c2988c749810f
SHA512 fb8006bc725b4c246c3df754e40bba7ccbae8346affda067c443447b52dbf21476da0df8e9e91ce9c6c61dbacda91124dedc4b4daef497106b2a2adaac6ecf98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b140dacc68c5fd6e8a48a7ecd0cea561
SHA1 891431e63d84e673b0deee67b061b713b004870b
SHA256 5fcaa74e36b6122b5f3d6bba867eb34914aabc5c771481ed648572475075f6b2
SHA512 146fe23ea1363ff8766b048ae7cd5b2cd23af245bc9b3f81baadda778874d37b2b7465e5f83f1424ec9f049ab4352402f75fb3c07d85d8d6b9ada3395f23d43c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f455754433e0c5b254720316f080336
SHA1 23623b57a6f411629fb79d3744b4c332678189e7
SHA256 6bb8b706b02cb8fb204e022f603fb348dd608bee8206f9d37dbb36418b0c4565
SHA512 c2569a6a17c0b0e01ce044af050c30e00b15cac5dee755d9c04dfc94eded1d0d8ea1477ebc7ea4f9e08bc9160c7ff3764301198d305bd7cf3129a6047d29dc13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b76c1a98ad976b211bac6b40aa97fbe
SHA1 098a6d04b02d267cf21112366f37bd0a978fd114
SHA256 d13c726aebd77af06ee8fb17fa5898665fdc8d6e5910664d66e363627ba90967
SHA512 fe281eba8080da34460123abf0137af45185a822700584f08daf7278d5d08f72c34c2231ec6c0f3663074cbec55189ae04aad9c85c47b30585944a1c93962fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ec5035e2148e6aec79a9b59dff4ad010
SHA1 7713681e60cb0805233764676baf6a73890ff11e
SHA256 f0b878e150827689a8c9d7153ccb3e1d4e93f69bafaaca180831552b046d749c
SHA512 66255d65f9a4dfb12789da337a1404cfeebee5653ecaf99a26106da1a512c13f5e1d91cedad02348f98096df39e2950a8e87809ac49130fa14e57d735e500536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 187f8f3c41c43c281ca5709c14849df6
SHA1 ae645341da531927da4af68e98e5fd8569be6185
SHA256 c4472480218cfda75f5a1a7094748376077be57125c6ae2b40afa7dd7472c828
SHA512 f1c0f3d892d589f2f1cf43f344e378e68942cd4bf1eef6fbcad3c79638e4b5814db0e82177e3c2ae8dd14f6e1dca370387dae985df961e343b82f11867abb6ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

MD5 4e786ef6de6d058a7ee21d714b5878f8
SHA1 a25cf3a4ef2c4208064a295fc00bf84be1557e8d
SHA256 fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57
SHA512 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6

MD5 908677684413f5278249c1b08127d6a0
SHA1 df54a142c7eb47537509a54a8519f1c6c82d0965
SHA256 49910739da15aef97cf1b1fab8a1c6817991542d296c3fe6619248258626330b
SHA512 d6458614c8cf209da33129d5672f4eee9923bb56e91692c87a0f82a0e00c0ed0c03bad913e3ebfae7dab32f76465e58289e15e579bc5f8af37845ab250301773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

MD5 084a7c45c750134bc52120929e4adfa2
SHA1 7caa207a66cb97095da77cb26bc03c05e3e3e3ef
SHA256 d897e13540624694573d596496a442f317069973a8bd8f9464b2ee91406fb990
SHA512 6aac3796f0435096a86e81ef9bdcd0186ecf74d35a38dbcd9d5c08662fe707c50d015453bf7eef1cbdbade8fca2779aded56bf3a2407a5ae97fb2a6eb1092f2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

MD5 46c65c348f90aa174bfc5f9dbacbc3a1
SHA1 f3f1cb408e89e48b14532730632dba27858d2676
SHA256 0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008
SHA512 e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\322bdaf5-e4c4-4fc6-8c02-49b49fc12f8b.tmp

MD5 305f0018ee15a11e8c64659d991ed0b6
SHA1 c89f0b6dcb7d64023a8f66e6be36f86a72b363cf
SHA256 5a39b9a89d75f378e1c897326534e77b5022a36177a7fb8d1d9f074ab4c78ef6
SHA512 5d89ad9fea80f182e5a66f896b59fb3df079f7e42831573abcbec7cd45b9acc19e6e8b5f6cce0a2ee4bfc73860602fc3bb977999f7832048e0ec009df63d0931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d8af7523448268f42b2b2d8683666ce
SHA1 dce71e8d5ef1a0f0cee9a7ffc7e93223a379a1fa
SHA256 939da3eec3edc5b408ee07467e07b09caef2e43946831b63cc0dea9beae417ce
SHA512 edef7b65efeacbe54796a4c833cb4e675cdf7598a791b45444b244c11f210b097876b33f4c2ac22debf428c48415fe759b30e12e88bc2cacb344a766f444f51d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106

MD5 17a3b62be9665b1d0e411a8d87565ecc
SHA1 be09b90a1a121126dab9689f156c51f77bee1ac9
SHA256 038deabc8e304a2d574cfd4ed4aa515f8f174f7b3f8b80b416a4354d60b4f311
SHA512 6de650c1d46b2d19c14f1b8d21c8589ee276caa2a30654436176295dccea7f619c450ff1cbd01fe94d174cb032eebffed18036fbae4e10dcb17fa228d23850fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 518eb461c24d9681391e004124c79fc0
SHA1 d9392c31b8108bc00f7445e8b39d80de7d41ffb2
SHA256 113ff90c32b6d9d8760339417047a73a4a093a3e86e5eda4fff4ec223b567c3f
SHA512 69190ffee06fddbac89f30d4837e6f7ebe3c1c3bf341dd2186cec3ad135afe5764ba9606ddfb2f61d470023c9be522ca1741cf5be2e3c18be8a824968a03d10e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cae7217fb1b34649cea075cfc84ccef2
SHA1 3e1b79c6902032cd48d0412a3153e64d3c24857f
SHA256 08ec151a77703b78537422e423e79cb0f5376d8de62d41994f6c5d184a90ead5
SHA512 345bcdf18e80da6811ddf4a1dbca96bf72c3523e21f58f4cf6a063ac9f944eafcabb6cd9b0a05db88f8b68f6977b496f927bf4e6f8bf947f81de982af559dfa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31f67a59e91dffa8_0

MD5 d23934298db2e1a65d32a3d224e7dee4
SHA1 123ff58da90e494a71db552d8b0a54bc07d69545
SHA256 6e8fca65b202c900f34f0f257a8849b10a61b7a17b688317af4246af9e7dcec5
SHA512 cb2fa8c2c71229181cda21887211bdcf1e295695ebab102d0ebec463d574e1976f9df5c80a4c38ab684daf84ae5c298886871f75662d480c2d77ffa52dff935d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c2ca087b0d95fc8_0

MD5 666e371949a8cda5f142cd6caa31a050
SHA1 3531be58c1f170848dfc044e21efe0514a07160e
SHA256 5dd82946ffdd38667792a78fde5c03c8836c335c81f0bc5b78294262e878d3f8
SHA512 30934ba86922399c819543a26483b62dcf92cae61915993ab4debd1fa307ef2be57de384222cd55bc338635cc9a5cece3d0c7baaf1a8748d5d0b85076607c7a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0

MD5 9cd75613eb071e1d89385adb9360763c
SHA1 ebea92e75229792884b275ea1699a334a72ab2b0
SHA256 c73bf8f2e36b6807ce25945d58e72a2b5f55e16349dc74b14e22d9b3ddea10cf
SHA512 712cc8d43054870a6c17151bd6be697f8fb6edd2c031af50955dae4e3eba57b656ac3a18511ce0babc010c58bfa8f4c2ee473c7fb8f53a37bc21cd8b061fbecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

MD5 021eb728d8d6b534ed7c45bef4966241
SHA1 bd0241ccc13793693bffc96f598a6c7580e94bf2
SHA256 4709369cfc6362a006388aa96587b3977bcffd60822030f95815459cf36f687d
SHA512 5dea3b70ada03275289bd4488a86c8da06ff90129fe0caa103b9025c2876faca92a4c34343a7c27fb7f4a4bb2044000348787bfdd04f1d32d28f83efc943c923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1337b0e5117116c5_0

MD5 993bfcfc387f98df3494a3dcadfcde60
SHA1 ba076f49ba449aea1e8c332b2d99d716e16198ba
SHA256 5e8cba00b349fc1d33155e3ec9338f7ce6e2fc2796af7b14b32a7a74bd502eb5
SHA512 8fce679770076c41aa72b55216b3733e8a32a3255c84782a8ab510b6e30a4ad6e15736e6f137fa7584c4991817fa42b2f5d1ab0db25128cf40997add1dd66bd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

MD5 d0d197a3b16f874d9c34c1615a6f23c7
SHA1 08f32a74e7db02dd4200e499aa1690ea05dbc73b
SHA256 377084ff250f53f055c913a202e12373e0939f15b0f7b453542e3909c7510856
SHA512 7fa0fc92509d56facc8979409bf32ba9b21d449b7b61e1ac3a1df07f7ce9f77f9971fd98618a80953f7fae099b8ad857f97e8601866a18945a14730adc90edcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90902f35e6384078_0

MD5 fcede5298bbc9d085d14240941ae5d6e
SHA1 5703012e1c8f7fab3866bcba5180b53e4457e634
SHA256 0b51d5ddd398ce205c59cdb400da1e5dfc7686cf91cb81df89470ea1bf6983fb
SHA512 ddae8bdd84773459131b210c91367c2eb33f57056d72b68a10334c5a562131668a43909a13a46d59f10be32708d3bd75fbe0afddc9ff418e41ada1bb17b42973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb77cdbeca77f865_0

MD5 cf452336f950cdc8f99c2b9b6eda60c3
SHA1 68d8a48e3797bdd85eaea02c5f18fa07897d0b97
SHA256 b8e987a2962734d0af9af6b362db5bbeef6bb6874bf64b7d3ddf149ccacaa125
SHA512 0a5edd8aa9c347f6ee4c3747b7d8a125f13e036199fb24e2591cb5a4ea65224a83eb00f751442ab6d0cdaf9a587cf7ba45d4fe708f381deb68a57829a5d2ea1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a04bcbdfbadf584b_0

MD5 d96f0e33ad42a27e55f3e48b2898783e
SHA1 8230c2985823214f3b22c4151276fed9f8681967
SHA256 e3ff532c189d6ad8c9590797e0cac50f144a1782d97d528ed0a193c7dc478f20
SHA512 02afa0d6295a658fb8d5379dd202d1ab468aea93df520f23eca77990dc11de5d27f4b4388b61d9e77e2f84f4a99ed1e27ffa410f718eddd37a6029465543615d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9681fa398f65a8d_0

MD5 d2e6c7977df71867169385d22d9fa71e
SHA1 f940559e4c9cb6f75186a2962603fc0ebc181125
SHA256 aaf30f089b0c76d5dcf70ed4b5ac9fb6dce2e3692626dced8a276b08e3d58e1c
SHA512 181a4bfdc2b2021b5046f090e4b5722fd665a84d87e0b4efb06659ba0318d4fc6aa7d0ef98b5cef868eafc82fdee8ca19d157e6ef8b9b159b47fda0576fb0bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

MD5 bb2239a63309cf1f7053c07be55afae8
SHA1 e2f217ffcbbf5d13250713b937e624a667e4cfe4
SHA256 7d7451947c0a4593fb186af81be2595bb10582a75afe7cc4afd09e0458494893
SHA512 755bea12dd1b2cc54d90e746b22cbb06254b4ed35af584455f45f081b5236ce1ec6ad515eaad89c45c10f86312427d0c6dce6b91cbd9ebf37194e4e0980b2241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76e45cea1cadc5672e92ea23120c64fc
SHA1 7d42b8bb11b4f945aa18fe1b0ef41597175e7779
SHA256 7d43f627da0155e829f90630580dfeff1d99b7374ec1777882ccc5704141aa68
SHA512 4a42f6997b407176a659297e9f3d8a0b3c08005ef7ddce4072d5e601cffd89084f1573342fef700738915d5cbb6c92b53d6895a08efd25b1cfe1470ef6464c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dc4aca95c3d8fa8c36e7398b27a73e7
SHA1 4ba0c5233b138bd65c22b19c4aa47adbfb5e674e
SHA256 007ac0f5146399407d51bf008dde409bbe1d70125be8887b829a55099c732441
SHA512 c5ee2213b9e7a884bd9fe547afebbf2441ca2fc31b53bc341e51f7f1aa4e1fa67ff845c9c28f0414cb601f4efefa4b810ae2bbc449718c909f3afaebdc761e21

C:\Users\Admin\Downloads\Unconfirmed 850165.crdownload

MD5 9d4f25df063699755115619556df8810
SHA1 4fe074c82e91c46198753cbe20fd5dc346317598
SHA256 183e3bfdbb93af267727de7ebfb1619f42ac19468d8df222c6168ef982a563d2
SHA512 616f8dab48ca84daea8290ec77600dbe867b5ac85be770abd79ec8ab4aac0ff5421debaae1c1344f847bbde4bf9cd6382eec5c9b065701eeb41c3a95d15627b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a7161bf2f96cd429c0bce97b7f6c964
SHA1 238f73b3905c87cc1495c4dc1d22f9150c921a23
SHA256 1dcbc0a4f4f569d88d7b80e64abaafa5aa9a0061f8ce8f59617b28192ae5f235
SHA512 31a408c452f0cdafeb9e23f3b21796d6eae0fb62b790ef967eedea50e39d9bc5bb1b09cb68ee625362d1654b9ec4aafe71fcacdb0a6ec03e1c255dd86a142c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8951fc4be133e4524cbfce0d8a53da28
SHA1 4ad12c74ba3bb2943d6c13ca37849fd9b8b325c8
SHA256 b4fdb7b799455f744de2f2817886151a56ca502c1392757e14ac216daf20bade
SHA512 20047544c1484104106c3e04e014b5a82bd64e33f3ee6dff9f7dc5fe8dc6c5ab262caef0baaef13a7e988d1513ba1076d205a60ee4c36c16560ed9c48fabf5b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0295033559bc46957602e3c75eb96a1b
SHA1 d07e17883801389223e4c0e9d8b6f6d8b353d1bb
SHA256 808a69c399d0d49c34a216a0fa402c48a0c06e96260bc89e69b1d80fcbe6d2e3
SHA512 256640df856a93ad6f84a20a35dc9fe19095a482fe0c7eb6005ee681b7943a204ceaa35718bb491220e6db7302382dd265b04f08f2e45eea206e46feaa2ffd74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73ea0d74bfe70a7ccea0d002631b6b72
SHA1 95f30ada8edd01de66acb30702e97ee0dd358d72
SHA256 63f3fbf6f8dc0b078d96e1c86e773b4a5c7838de6e3b18164f1103df366e62c5
SHA512 2d78d237c2ce9f0b31e99656c853b0c67eb45601d19dc3ef6d92ab5192d97407c70e51fa210445f9508593a103feece45cd0f2bb111d513c67d3f34e08114969

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7dc75e27602adf3c9eb94a67646ceea9
SHA1 933616baca6bfcf3f3a679e893f6ab1000dbaac8
SHA256 3c9728e7ea1a9a62629933d3ff7b96a5cce92865896852abb2d6d8e29f7dfed3
SHA512 de9cf1b304480e9ced935dd3f210a8dc0b8b679bd293fc1c5607f7704b8fa5029b226dbe518ef4e72287d78f5c0398cde69d11b567bec6ca80b2cd8956349cec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 21f81baa9265c1364ca222b1f0493547
SHA1 9baf7834748e1b7a7355275300dae8061d4deaee
SHA256 ef07ae4138311ad18bf6f24b47f64217112ce4d8ca9cfd1cb410f61b74dd78c4
SHA512 a0e25244318a69659efb10a6874230fd044278991ed256cfd9c3fa714adf652ff798131f5325a12b09bd5b30ce9eb30f6f1c671bab1e300efb73d6b75bca5e96

C:\Users\Admin\Downloads\Unconfirmed 868439.crdownload

MD5 7b8d0daf85599904f72bf8658c98c044
SHA1 2b933035ea27de0b6b61baa03b9c7f40b20a698d
SHA256 332a7ecbd3225d3ce00799528f3e72142899142b3806d7eef89551ad0593d547
SHA512 f444a7f27a67803635080226615e86913c1fbcb5e247fb7ef191ea4a47c50ffc09e60f6d2b61176481894e02694a83713b97dc4ed3a7a4f6f3ed0f72dd4a31b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7816acb53617d03af3b4dda33bf11247
SHA1 14b1bf834de7ed63544dcf82662daeebcd6acff7
SHA256 2514f3ed4cc02d1fe82ac2154193bbb38f78dd5e38b3e9f1f3e2ab0af3429362
SHA512 b24457d11d19144ebf0c869bd9f88daab137c973cc69f8ec5affd5a4c28f93d550b00ac22579ca37ab940a75aee86214eddf2aa1d795606cd9c0263cdcf67775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a388254ff2e2bf46626cd825ae1e6706
SHA1 ad5257b69b46e038c2f8d4a9c98f22fb1600b319
SHA256 61fc13bc0b19218228e578d263ab08db2a63e7aca256453eb01fb64fd2fc120f
SHA512 ee41445b896331730e1bfd88a137e5f061d1df77b81436ab1ef6cfc41a6eceada00c2a4f8ca3681e5beb3e4d1bbc54ad526e3e04cd85f1c2e9967945469cd1cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ff45375f1ee99f7a11216164495197c
SHA1 8af8a10cc76b47c5bdf6a2155cd86eeac24669ca
SHA256 c6fdd45250c2ef81a53f78dcdc4b4d697359d5a9683f63dd45defaa93b373e49
SHA512 5e5400b035c843bb800512fa537117c4a1c6bd76b80d379750049eb411bd2603a0492883c30d722d79f7a4c923a94b92441275aeef73e279ea6d19643268b5d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0704c42920dfbd4965ccd1fe84f0a81
SHA1 acabf1d2575fc46ebd3cac856568b8fb29c547a5
SHA256 267793e2aac54cf7835e8bec4a6660e230404f939b5375c4306ab7e124195735
SHA512 cd4ddc1d41306744d24eef42680eab15558946dbec0ce13a358d3e1516a6efee2582149f2f0fc058c5af05fa7ed6f31ee2fd046b67bbfc3bd46c133225442bb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\7e6f0c4d-c3d7-49c3-b980-e9cd8dd68b17

MD5 f00a1f6c30b5450efc03296343ac513d
SHA1 ff52d301abac4aa78c673164d456e2e989fbd8dc
SHA256 1a03b17e8b4237da2ac0c2a8d5a5a6f6111b7e83ba1e35b686f5264195514e59
SHA512 929dcd7c2567c765564bb7c4c413813bca67ac2bb86f6c6d5c9785057bb85a721461ddeb316d51c6ef64c6bd4f8ba4279c4b0449af6936e2c5de0b91413276cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\1d0ae133-41fe-4abb-9435-02932020a844

MD5 a541a8bb2a0cedfc051f6cfc0c798367
SHA1 837f31b3fe9eb127f04fe8987401a4b82c3c4584
SHA256 7f0ec0c3c4f5dc58d2520d10e4d03462ffb5ae678ff84834a0f4542f4eeca4c7
SHA512 0182c403e6fff0cb6edf6ec339bb4f15accb9cb777d89e37e16884f61e3b655c827babfa3250285fb35b047ff807c72aa7aa66ec96629c10e1de53d877446556

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\176a7011-3491-4c99-90af-9d941f0ac2d4

MD5 52d8b754036b3d64d19bfc87c97f416f
SHA1 bddbb941501ecd4c3d208cbac9fc1d4036b2c448
SHA256 6a408301a64a118f1f808671b74e1b9bb0c67822ea90d67ce692fdebfd4578b5
SHA512 1edba56c88638fd37bd327b2cd05bcf69fd928b68faa54aad36713d1a3356f2928e64a8bb034dc5f2aec1c528f60cf20650ffeec6b4efb86b02cf4458e7ff899

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 9f92399a3380b9a5de0ce1106d2210d3
SHA1 ab0c67eea3f79bc7a4c9fedc49c0582e3b0786fd
SHA256 fd2238ae26fa65577e4b052aab3c79f43f95b15b187cd3fcf4824a2d6ec2b045
SHA512 db83eeff4f369a63b25d4aa1ea2249a8807f2c1217620dc5e9d64aefebad4831ad29b794dd00e091b3e3cc70c13b3ed8cc0b11c62b77fd083ed536468b8586a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 00b9bcd7e87cd583abc261999b9ca0e4
SHA1 9c3d28651b58f8e174cd8eee3538d7a6de283c90
SHA256 ce5577784d56f765015eb2089e77565e6914a9443b56b00f8fbf9e2cff081ab7
SHA512 e8ae4a9dc55473416c315c87e00d9ffa039901d012b6616ed5f951d63a139d23d7e205e33f5d2870aa885b8654b220acfeb90f8605707a28365e313f747fbda3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 527bd581f612711ca2348647216a1f7f
SHA1 b97c0a65a3e885dca22dd4bf1ae25f938a1f1d37
SHA256 e6703ca19d2dc8c37056e47219222e95fac15837cfe42a7e7e56f2db8a29fe0b
SHA512 5c518aaca0ae1bc54e87ba68b55513bec428f2bfac8901d0671035188674c695b06e2710a9995b78328b2dcb987105c42c4e11f636b2f222bf6ff401c345c791

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 ec813549ecf4551bab5b54718d3d4b5a
SHA1 2672e7dddff6a894d9c785a596ab77515caa28b9
SHA256 c3c45ec6656dda4c98371187d45dc77516f3fa0f4c9e7e0f7deb071c618d2f3f
SHA512 e0fc1755dcd9701c2b4e9939018b31f03ce72e915f0bb81ee543eb6855ed1e43267bb1db689b41bd4329d9ca4da5a3a43124e39567b8fc770fb6608075f69782

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\startupCache\webext.sc.lz4

MD5 7c9c5092fa93a0e4c1fa464d574a67a8
SHA1 b46159aab9851d191ec37b2bb4972795f069c08c
SHA256 711c217c051602bd97ce10209e122d0e0eb3e2da18ecd7132be13d7aba31231c
SHA512 c7227673a8590a4765a396ecc43ddfbd24ee65b78fe300c7daac9ad37d62be4288be2e6aabd29d1e63d017ff7c26727aadba5c82f8d11cded1269dd397d2e055

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

MD5 043f9f83d4bbff2ffe8b1af28e4298b7
SHA1 a503d2f67469362def6a3ec06699a86529767eac
SHA256 ee7f4fcd2a987ef96664285b1cc56957e2298d3f2383a143f9a8a71b967bc2a3
SHA512 e7806840d91c99ce6c2fdf41764d4ee06d25daba93681f004e998a46bf2d811b38680f07183789f998286f1c6ffd8dde6b090b06e6880a9e0e5c184bfc74cd94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 2bdb4e4b46ca1afe30e6cd5063a34a3b
SHA1 a9a6e02f0e966aa8ad31108538a1813cfe2ef8cd
SHA256 82bfa95e4c42fdc307ae73f65a192802ac97b8ba1a4b628b1a4700840bbf1ff8
SHA512 36bf090e98f5002d05689408c93d2ee40dbb2417f5305a0231f33c3a0f8e93b85b3ab899f3cf16c52c7c2ac084ce6af5694241e826f88591a0f0d45798db4dc0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

MD5 21ac5ffd863356295ebb8591bf2d558a
SHA1 6753fff299b9d668a066dee3519e3b2c3df02d8f
SHA256 0c9adad24f6e8c3364734f02777f7458f42c6ee5115a1e18c7600251d8f43925
SHA512 e77cfdff21b2eecf1e84e43c5dd07f5a6ae2ef21485b6ebc815608aa445a6136520d16c64e1a732174e09229f5d074f2194f60924069bb7f78c45f028419e320

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 4383532b000060637cebf21b34ec579c
SHA1 6807da31c89110eea4a875e78bb54e86b2db224d
SHA256 15ae592fdcc35fc36d050c2657e1cabf34ed3d9d9b3d2ad7e96711893051dff7
SHA512 1786940fe13d9a4f5b49448bf459680faf94241e85296c839d1aec721d463c17961285def12ab17d87616bb254203cdd9088fd5de10c55c6c7b6f7ae64042269

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 ca5eb7c5b048949937c56f990c48bc49
SHA1 966cab5f0176fff7c9a50854e75f032149c4b856
SHA256 03798b5439b7f32f23bbae9d3a554ba6115ab1d9a8194b905ca5ef9596f87f76
SHA512 cf0bd3ff730280a5b30164b1383d6096d60acea985e9fa6c2adffb8512a95686fdf19cbcf2f558a03e1eb71eef716aec3ef16258d0ad5813aa4cb69a1b43bc88

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\53E2264D03946D0F71472AED48B98967D82607D5

MD5 3dd7e8f6a07a9b4d51d4c7fcf703573e
SHA1 8f53c85e659575b8b2e7fe6667ac5aaaf52d18c5
SHA256 ed15f37d46b9d4ba27a9e8af375e126dfcc9c3dc42528385b4fa87b50a25210f
SHA512 f85a549ec1171a5fb53f0371853399bdddfbfc5f73d1e679e5effa03d77db7764c3a43f981f466beb979e52a018f65aac04e7a72c54a4e3c9dd5ea3ac7a0dc86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\CAD49892E5AB10B39B24859F853F0527D4EDC8F3

MD5 411d965c2e790cf7f3f639d07128a468
SHA1 ed50f7cff76161752e7571756cd5a737ade8d126
SHA256 0bc1fe1fea409edc369dbb8de9e48b42010b8e41a60e18145db71a89ee486ab5
SHA512 fed3feeba963e973a4cc216fe68c86e7ea50a4cc8d7e8fccec73afbeb93b8aaeda816708eb77ddf21d230dbbde25d8a54970a2765926f460bd4537be7497849d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 e3dae46b6cfe81c15f64500539217479
SHA1 c2c44fcf75d2b942e42ff9f8a4a40aa6344f5f0b
SHA256 195a09f7ffd5f327628fafcf255efc263aaf0eb2b79f71b1b7e7b3f07606d205
SHA512 914899ce200a67a38bc10b337237172776ed772b7a8022cb9dfe6d014b7d00f50eab335783dab1db4bc3ad453cff21f3078555c0be064f299bb4aaadf7268de2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\3ED7BDB8AF45BEE9CC5969FBAA43A9E0BF86A632

MD5 029c3cb771bdf77c050a2943aaff0704
SHA1 a799de5463a295e87abcd79ac6d43930b91e14d2
SHA256 9c8903e02924e92adb304df29e0efc6a786f2ed40662a4ca36ca9c43a18cf332
SHA512 d4903d3253b75c086f804b5f671b55b688c3701e02327b48172f0c136240b0c6611163c409a4283f4e2b1417f905fdae163158acc38f694695afd45d76d2447e

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 efe76bf09daba2c594d2bc173d9b5cf0
SHA1 ba5de52939cb809eae10fdbb7fac47095a9599a7
SHA256 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
SHA512 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 76a5a658c37ab2efb12d6b43772e724c
SHA1 402aa2f41e6b5a2a461ac1e31797b6d6281f867a
SHA256 816abb9703885013376791444ab56a2d248f475df31491daddf790c4f379c33f
SHA512 7bbe77da0b1a557775aaefeb770b96e5cf1170f0d2d798fcd08eddf7a2a5f9aed6bf9c2e58e021c93c988b90bfd277d40f7e0a6d77eef836d5184df201fa75e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 7e180df0fcb97e3561ca09a460dc2367
SHA1 203f447f256cfe1f73e8d7e35830a8d0fa0c0086
SHA256 ea6bdcf381dd811b42979b58427c1fa21b7eb56fbec3d92e44307e8ec7d134d8
SHA512 7b416c206ac60d60c7f780ec9bfc2e69e11b72fc607f8c285d773858392876a72f4dcfa78bf5cd39ca0cb2fbc60a7cefe227bb3b36e706ab8a463ddf53a795d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 333dc2595f57303301e2784fa290f80b
SHA1 f0b5b1c518e92944a5659378cddbc513feb32d4a
SHA256 d57a54013e2d636fc50c26b2a46d2586eb92473420d4dc182139cea5a2010fe1
SHA512 b0fe84b504dadc4c308e54f798a7cf0db35830c5e505c8cbca9d2e21265c6ad19fd876ff7825772fac12c4517694d51121ca586915a824bd385d230cbc3d641e

C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7e427b959f239f99dadd465880a82503
SHA1 ff7588d1828cbbb4f5e681012cac5f23159e787f
SHA256 5cf65c19ca523d2d718c93b87397c995e35fcdd252c52af752b5841819368ffa
SHA512 3536d38f74a44a5fef55f34cfad0da529f0f59b4d0bd214284806d35e62f4363515b86ffe06eb5aeb7592f1f732a6d5e4ac3cba05cf13d49a9e1f0dde368a1d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 375588f2120c8af6945db2a1bdc13692
SHA1 b0004b10f37a1ae1ef5d8ea25b92aaccb15cd803
SHA256 15db3b16d3a57ae6ddc4bef67ef772537d4fd80062d313057b5845cb3121bce5
SHA512 37ea8a63c4093e7e912c544093629b857c42130d10e6d5a4c2c33ef7e55624ab90f3f357378ee0d8c804d62eff27e16e462c74ba85294a0d6ff0b391a43eef86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 dddcbe5a267c5d22b59d1ec1b14613b3
SHA1 cba74b2229312419bf0121fdd9092ff481d97bc1
SHA256 1bd35f3658e6f41fa07684b870f43392ef0a41eccda95e5a7451e8843c6d0c2c
SHA512 8d0fe316cad051723c4e506bf9e1f4af250828a4c3ff4449cff99fb33a9a20441c111d98532707033e32948e3f683793379794039495b1b005c24a8e28f5328b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 1b4eb5f3f902b524259cb63a0e3bfaaa
SHA1 cf78b6513a301a874d623dcf5261687415f53e8c
SHA256 d9be7a01a04ed580d2d4480d8f3e3a7c0167d76962241b3a3043e3861f421f61
SHA512 de89a7b8641b6c5733e101e24337774c47e8fb61913a8891bcc7c11878f7bb5b34b1a07da9c682f801d508430194f2f78ed17a07df219d99753dc794f2afedba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 1fb332da12cfa12197887b295868b396
SHA1 c3d00ddd142ab9c72903eda14dec771222a88b90
SHA256 54be54883506761444fae3af6964f36a17a83a1bf56c93d38c7c75458c454959
SHA512 b66204e02457acd0f8e308790d0bca2382da2420c4d8bf220457b89854a99c8cce80c00e81b063e6b19141d3bc80dc2c80ae62be7dc277c7abb727d98526e059

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\A57A2523001CFC65DC31F8400E477A34579FA293

MD5 7dc91a95d7a7a773598959c50eaedd8d
SHA1 3ae2e3e9211114901fb9d051470fbe9836df5bf6
SHA256 3b05747b7e10eba93b5f4432a90f5aba9f8ac8048cf5c6a58ebfbf46eb16ac44
SHA512 935b159e1345a501ab768ffb3d195fc52efe11ecbd35b0a02335a7d7aee19f22e219491e0a627e24db8fbdc46ef756583ea2edcc0c8e3eb1198d1b704a267705

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\E8B6B128BE40E5885AB86E84B21EBB9A7319AD2B

MD5 d2a5b19d1cda0d03989456d7e988369c
SHA1 8b33c80f327649b9a0222f96274a73333f79c4ce
SHA256 3229439f613c3f01ae0d4a78dbed7cf9fff94d1f8e50eb7c3c3fc59163311638
SHA512 97407c620e913be1ab470bbe2401450f093b304f521eeb872c1c0c65cf02679fe39b686fcf692efa4ad1ff67ae868d350b9c7411f30723ea3129175cc5aa2d2f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ed5eee1027655941ba77abdef16f0d55
SHA1 05b4a5319ca5091656e9f23a072d4d483f20942b
SHA256 eb895657c42a856f3a2d9d19fa5530ccdfd9993f4fa0f0dfbe9107caf3f8970b
SHA512 8a019dc4d9f70066d04611e0d092ae53d1b1fed10d9164bb598380383bcb08fbcd3e8260ba1840ad15de269bc5ff4171cc8232d67e579d97367cd04a0a92eb97

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 258b3e010e85a69ea03d05a0a9beabb2
SHA1 279b3d2efeb050d128d9213f8b269fe4ff16a3b2
SHA256 baf61fce251aca8cf38d62c3afd3053357cb982a24e60105caf7ad887c45d9c7
SHA512 9bf9b4be6e4d2cdc1fd751f01299c09542d0dfa58a66e4a67491a65c3ededb8e2e85762b91af2271c9f96a6127135dd82732d8b85ce5862f9d6768d64c1be918

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\jumpListCache\IryYYrY3sH1sEmY5iLdm78UraepYQe+yNoKmi19XWoY=.ico

MD5 8e2c37264c426be2221faeda4f074500
SHA1 f5ceb16f7095cca2063ec9da043ebb0338fe93a8
SHA256 098e48ce42ac840d67fc1b20be2c8a3562fa6d24b94707cba9f94ca96ce1671d
SHA512 0fc0c582033882dd94326558f08c72767b53c9b09a1ca8c75299952ff1dfbdbf475208e0fb97ea83d2a73eeddb3865e0cf6ef5c0d4d7459df35761245cdcad25

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 3ed86ac44562d8fa67b7e422108df928
SHA1 5bdb8d5e3e283757749bc39e9421cca109619dbb
SHA256 e7d8360fa82d408c670a84c74938232b717b0d868c9e6e1d58f399794d7fc8fb
SHA512 e06834b4db87de92607a92d005204b25a1b9e681b7bcf2a0a52f396fa3bc987e6dd21cb401cb3fc032e134edd7c439ce19fb67904ac6477a64930f119d30746e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\ab7b578f-ae78-4afe-83be-320076655d35

MD5 b521a57134b991d921cc8e139f851529
SHA1 4debdf6ac8f11d5a3b971c15c0952a5604d756ff
SHA256 98575714cfd174d8468d161d9bc53b3ebdbadc66d8d462d402315345d23088d6
SHA512 a58ce481e57086e7a2d28c44f03ec3693ee8a6594c4cf732b945f9007ee07e9e819158ddafc0c571746b90aeb3c28b45ae9667d4faf30e67665d79ecae8e9cb8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 581ada62e9665abf28e0f96fc62aebdd
SHA1 1a4bb0a96daa22c964115a40dd2b8689b85a6acf
SHA256 f78e15fc0aabafc88f1fcfcfe0dde7eef568ef4789a2206a9217e335b2ebd122
SHA512 c6b65378789c87f688ba3ce922e62203a0bc2bb2b2c27bac7659aaf4669aecdb2ac386b4795d2e9fecab9e2d943a50f80b8098a25e880e248af8e728e3f6c63a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\places.sqlite

MD5 52a79dd5dce60b3dad2e822680dd5bbd
SHA1 b88ffe083aa50d5db19ef1c601361a92d6fdba18
SHA256 7cd31015a331de1e4f5058fd56ab13afddb66f856bb22f23b5070f1b8ee6aab7
SHA512 2307dee7a136c7d71fbeb455900c89de4fa3a413e1187d49b96e6e5dc4c72ad37fe5116783f3414c1dee68eed8acfce2eefdcc103b9d5889ff9d2e833e732e4d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 23:13

Reported

2024-11-10 23:16

Platform

win11-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \Registry\User\.DEFAULT\Software\MemeSense C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe

"C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"

Network

Files

memory/3996-0-0x00000001401A1000-0x000000014068C000-memory.dmp

memory/3996-1-0x00007FFEAFBF0000-0x00007FFEAFBF2000-memory.dmp

memory/3996-3-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/3996-7-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/3996-2-0x00007FFEAFC00000-0x00007FFEAFC02000-memory.dmp

memory/3996-8-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/3996-9-0x00000001401A1000-0x000000014068C000-memory.dmp

memory/3996-10-0x0000000140000000-0x0000000140EBF000-memory.dmp

memory/3996-11-0x0000000140000000-0x0000000140EBF000-memory.dmp